From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id C1566C3DA59 for ; Tue, 16 Jul 2024 02:30:16 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 160DA6B008A; Mon, 15 Jul 2024 22:30:16 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 111F76B0092; Mon, 15 Jul 2024 22:30:16 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id F42276B0093; Mon, 15 Jul 2024 22:30:15 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id D4AFA6B008A for ; Mon, 15 Jul 2024 22:30:15 -0400 (EDT) Received: from smtpin25.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 4B4D11202FD for ; Tue, 16 Jul 2024 02:30:15 +0000 (UTC) X-FDA: 82344036390.25.12885D6 Received: from casper.infradead.org (casper.infradead.org [90.155.50.34]) by imf09.hostedemail.com (Postfix) with ESMTP id 964E514002B for ; Tue, 16 Jul 2024 02:30:11 +0000 (UTC) Authentication-Results: imf09.hostedemail.com; dkim=pass header.d=infradead.org header.s=casper.20170209 header.b=sFYzLipJ; dmarc=none; spf=none (imf09.hostedemail.com: domain of willy@infradead.org has no SPF policy when checking 90.155.50.34) smtp.mailfrom=willy@infradead.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1721096985; a=rsa-sha256; cv=none; b=unbOhQimHjuOC/ClQCSSYEzn7Aa0XT7ggaWHHPlcWBzvgeWoqVNuS3JkhXmJrr7kXmcKjh ErWzTbUxmjQo65qEWbDh0eORC9b3325FkJ7f/xCCQpGX42uADnktLY/OQs2mMGp449zhIC hS9RXvbHtR0kFNttQzShduZCm4uaog8= ARC-Authentication-Results: i=1; imf09.hostedemail.com; dkim=pass header.d=infradead.org header.s=casper.20170209 header.b=sFYzLipJ; dmarc=none; spf=none (imf09.hostedemail.com: domain of willy@infradead.org has no SPF policy when checking 90.155.50.34) smtp.mailfrom=willy@infradead.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1721096985; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Aw654SugnjJczSIIfOrslrpuf0osXoeKMVCrP53YdIY=; b=Omog2w/6r600QjmucZgcd0YZvP/wi5SVYICyU6oXLjS7w9s3i2NwL3L54DR0k3uoNsinW8 Nq3JM+oW0VoIdSx0V/2LOP7SF9PdxyjxwVPvYqT4syHi2/9cXdSmYoyC5vCtCsywJyi6yt YITUfmMtt6bJZhNEkE35UqAX+HP4G3g= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=Aw654SugnjJczSIIfOrslrpuf0osXoeKMVCrP53YdIY=; b=sFYzLipJsVRqF0elx7Ztu/ihFk wdhigaVoIO79xWApfxdOM948hevDWpVVYTVzB4Yg1x0cOtdiAQx7vuOH7xGFUYKB/8SLlXROBO3t4 bO3aMCaKaxrkEjQ5C1X4kfyggUaealmhU1eave2sSCpcNUIuoU5ZGxIAcM/s5+OVadvRTX9g9Cimo lm3qURXoN6Jegof3aLZFVb5p807AxxbmuGBUFwihTi0VRhdK97BxjmHuihUUOfjmNnCB4zH9+VQJ1 qM5/9LdCyW10EV1V4pFHmD9YCPX/yf6cVuIhBZQU96XWhqsP/xQS/B1MXBmQjiahpGUO5zay/qIFE zDNPlS5Q==; Received: from willy by casper.infradead.org with local (Exim 4.97.1 #2 (Red Hat Linux)) id 1sTXx8-0000000Gcnb-2KEP; Tue, 16 Jul 2024 02:30:06 +0000 Date: Tue, 16 Jul 2024 03:30:06 +0100 From: Matthew Wilcox To: Ma Ke Cc: akpm@linux-foundation.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] filemap: fix error pointer dereference in filemap_fault() Message-ID: References: <20240716022518.430237-1-make24@iscas.ac.cn> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20240716022518.430237-1-make24@iscas.ac.cn> X-Rspamd-Queue-Id: 964E514002B X-Rspam-User: X-Rspamd-Server: rspam05 X-Stat-Signature: ckz9ytbz4hx1by9esptaidczn5shgzdh X-HE-Tag: 1721097011-143722 X-HE-Meta: U2FsdGVkX1/soKbSb65pdU6pl/09gAZiluqAMVuY/z/mFLO2mfUC+nn5nk34Q5wqt5R/IqI4etVl7JxCwku9fjKsUxP+Uqhw/57p316cRao1O3scbkGm4LiXBH+Q4tl0o95HzR1hW52EYT6I5l5c6K6wtkjsaf0XLOaI/pRzcFSerkzYAx9MHQn/Y5HNP8zYUXVVe002+43+FbyzGr/QlBvBV3EwCCTV+0VeObOrRoXl1WXoqU9gyCiJE9kvmDsMYo1uY+A57rkxS9G4qK3hbDl8SWQWY6zu2J20X5RBOkLfjlGpse0oGNguwXnHypSNBPI53Zst7reFH0RWl+9GcEm5wsktvDOQESICHSoD9ZeJYrUzOfjDZUcSmf0cb+wdnI+rZ3Qmx67Ze0XtZqY0MCYKfrHfriczCCPW4BCGg23xZnOir0AfqjUwVkv2tb0kCy+Vj2giMs7tTvfgIyHoj4PY6jmZmEfULxmEXqlqIfA8Y0nzsPnEf99SoqBl3kDOLRocEvXYIfUyw23L46PR38K36efXie88h1MTWxQd7kVfDsWBo+WXXnDXMr0v94mF6X+Cp02mPnyBHo9AUrJ9Jpu2zGs0R9TcRhYWz0s0FDeQIlstBDDS38EXW8+3WUEVCdMIrqdR5aC52hWCDY48u1FhHvFNl/q612BhJ6TnaBaT8WrPuiP8mhQJQtfHcCo8IPh6ECE9wrS8tMljoA2O+UHJ9BBlZ5A01YgP55VLOtP8VA3/iv6JwqQnnWkK9ua91SNoVVqcoAmZD/c3Ht4EiJF9EuasMEa2qmf7bhr96VvHoKOmEZesgB9od7OjUSa6mMRRnBY3RJAUnYo2AvOv5MP2ZeAorjl5JRVYAFxkJJdMzcvRm4+renuFlpOjFuvKcJb4GqOkPCma2LqA8rNm2nLNiyrzetzd4nZL98CWwocDv88j9jYhiPy2+sv1a8xXj1IJNN2Kba12mBjHe5K FPW/6J2F z/h9YLp0DvrPvRZchTBlPEF2ZEiziDhosEovIffzjsgkYTZE5AsFivyt40OGT1+/rVdyyztQvPGdK16yHGhJL6fUEIkHhSyZ3dIxmRoJYROmQuc5Kvv7C1PZbUD9gAKX5FTMbvLVbi4oWik6RbH0G3xHWbcVkxTrhmYTB0moKoOposnf9ie9XrA5d7gSC/Y5UUejkTWClpybhCSEWODENWyg6y2imO4CTMDY66Hqk1XSl21b89LZq7SeeWplF0tobQmPw X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Tue, Jul 16, 2024 at 10:25:18AM +0800, Ma Ke wrote: > This code calls folio_put() on an error pointer which will lead to a > crash. Check for both error pointers and NULL pointers before calling > folio_put(). Have you observed this, or do you just think this can happen? If the former, please share the crash. If the latter, please document the path which can lead to this happening. > Fixes: 38a55db9877c ("filemap: Handle error return from __filemap_get_folio()") > Signed-off-by: Ma Ke > --- > mm/filemap.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/mm/filemap.c b/mm/filemap.c > index 657bcd887fdb..cd26617d8987 100644 > --- a/mm/filemap.c > +++ b/mm/filemap.c > @@ -3420,7 +3420,7 @@ vm_fault_t filemap_fault(struct vm_fault *vmf) > * re-find the vma and come back and find our hopefully still populated > * page. > */ > - if (!IS_ERR(folio)) > + if (!IS_ERR_OR_NULL(folio)) > folio_put(folio); > if (mapping_locked) > filemap_invalidate_unlock_shared(mapping); > -- > 2.25.1 >