* [PATCH v2] riscv: mm: add null check for find_vm_area in __set_memory
@ 2026-03-16 15:16 Osama Abdelkader
2026-03-16 15:44 ` Andrew Morton
2026-03-16 17:38 ` Lorenzo Stoakes (Oracle)
0 siblings, 2 replies; 3+ messages in thread
From: Osama Abdelkader @ 2026-03-16 15:16 UTC (permalink / raw)
To: Paul Walmsley, Palmer Dabbelt, Albert Ou, Alexandre Ghiti,
Lorenzo Stoakes, Andrew Morton, Suren Baghdasaryan,
Mike Rapoport (Microsoft), Qi Zheng, linux-riscv, linux-kernel
Cc: Osama Abdelkader, stable
find_vm_area() can return NULL. Add a null check to avoid potential
null pointer dereference, matching the pattern used by other arches.
Fixes: 311cd2f6e253 ("riscv: Fix set_memory_XX() and set_direct_map_XX() by splitting huge linear mappings")
Cc: stable@vger.kernel.org
Signed-off-by: Osama Abdelkader <osama.abdelkader@gmail.com>
---
v2:
- Add Cc: stable@vger.kernel.org
- Add Fixes: tag
- mention __set_memory in the commit message
---
arch/riscv/mm/pageattr.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/arch/riscv/mm/pageattr.c b/arch/riscv/mm/pageattr.c
index 3f76db3d2769..46a999c86b26 100644
--- a/arch/riscv/mm/pageattr.c
+++ b/arch/riscv/mm/pageattr.c
@@ -289,6 +289,10 @@ static int __set_memory(unsigned long addr, int numpages, pgprot_t set_mask,
int i, page_start;
area = find_vm_area((void *)start);
+ if (!area) {
+ ret = -EINVAL;
+ goto unlock;
+ }
page_start = (start - (unsigned long)area->addr) >> PAGE_SHIFT;
for (i = page_start; i < page_start + numpages; ++i) {
--
2.43.0
_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv
^ permalink raw reply related [flat|nested] 3+ messages in thread* Re: [PATCH v2] riscv: mm: add null check for find_vm_area in __set_memory
2026-03-16 15:16 [PATCH v2] riscv: mm: add null check for find_vm_area in __set_memory Osama Abdelkader
@ 2026-03-16 15:44 ` Andrew Morton
2026-03-16 17:38 ` Lorenzo Stoakes (Oracle)
1 sibling, 0 replies; 3+ messages in thread
From: Andrew Morton @ 2026-03-16 15:44 UTC (permalink / raw)
To: Osama Abdelkader
Cc: Paul Walmsley, Palmer Dabbelt, Albert Ou, Alexandre Ghiti,
Lorenzo Stoakes, Suren Baghdasaryan, Mike Rapoport (Microsoft),
Qi Zheng, linux-riscv, linux-kernel, stable
On Mon, 16 Mar 2026 16:16:39 +0100 Osama Abdelkader <osama.abdelkader@gmail.com> wrote:
> find_vm_area() can return NULL. Add a null check to avoid potential
> null pointer dereference, matching the pattern used by other arches.
>
> Fixes: 311cd2f6e253 ("riscv: Fix set_memory_XX() and set_direct_map_XX() by splitting huge linear mappings")
Three years ago.
> Cc: stable@vger.kernel.org
Why cc:stable? Has anyone ever hit this? Are we able to identify a
scenario where this bug might be triggered?
> --- a/arch/riscv/mm/pageattr.c
> +++ b/arch/riscv/mm/pageattr.c
> @@ -289,6 +289,10 @@ static int __set_memory(unsigned long addr, int numpages, pgprot_t set_mask,
> int i, page_start;
>
> area = find_vm_area((void *)start);
> + if (!area) {
> + ret = -EINVAL;
> + goto unlock;
> + }
> page_start = (start - (unsigned long)area->addr) >> PAGE_SHIFT;
>
> for (i = page_start; i < page_start + numpages; ++i) {
> --
> 2.43.0
_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: [PATCH v2] riscv: mm: add null check for find_vm_area in __set_memory
2026-03-16 15:16 [PATCH v2] riscv: mm: add null check for find_vm_area in __set_memory Osama Abdelkader
2026-03-16 15:44 ` Andrew Morton
@ 2026-03-16 17:38 ` Lorenzo Stoakes (Oracle)
1 sibling, 0 replies; 3+ messages in thread
From: Lorenzo Stoakes (Oracle) @ 2026-03-16 17:38 UTC (permalink / raw)
To: Osama Abdelkader
Cc: Paul Walmsley, Palmer Dabbelt, Albert Ou, Alexandre Ghiti,
Andrew Morton, Suren Baghdasaryan, Mike Rapoport (Microsoft),
Qi Zheng, linux-riscv, linux-kernel, stable
(-cc old email address +cc new.)
On Mon, Mar 16, 2026 at 04:16:39PM +0100, Osama Abdelkader wrote:
> find_vm_area() can return NULL. Add a null check to avoid potential
> null pointer dereference, matching the pattern used by other arches.
>
> Fixes: 311cd2f6e253 ("riscv: Fix set_memory_XX() and set_direct_map_XX() by splitting huge linear mappings")
> Cc: stable@vger.kernel.org
> Signed-off-by: Osama Abdelkader <osama.abdelkader@gmail.com>
> ---
> v2:
> - Add Cc: stable@vger.kernel.org
> - Add Fixes: tag
This isn't a bug AFAICT, and we'd only really cc: stable add fixes if it was
identifiable as one, as Andrew mentions.
> - mention __set_memory in the commit message
> ---
> arch/riscv/mm/pageattr.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/arch/riscv/mm/pageattr.c b/arch/riscv/mm/pageattr.c
> index 3f76db3d2769..46a999c86b26 100644
> --- a/arch/riscv/mm/pageattr.c
> +++ b/arch/riscv/mm/pageattr.c
> @@ -289,6 +289,10 @@ static int __set_memory(unsigned long addr, int numpages, pgprot_t set_mask,
> int i, page_start;
>
> area = find_vm_area((void *)start);
> + if (!area) {
> + ret = -EINVAL;
> + goto unlock;
> + }
This call is gated on is_vmalloc_or_module_addr() so how would we fail to find
an area here? (modules are also vmalloc()'d)
All set_memory_*() callers will be referencing genuine live data also, so I
don't think this is an issue?
Other arches do a NULL check, but they are not explicitly checking
is_vmalloc_or_module_addr() before doing the check, they seem to be using this
== NULL to imply the memory is something else.
So I think this patch is not correct, except for cases of some underlying bug,
but a bug SURELY would have triggered by now?
So yeah I don't think we should take this patch, as it implies a case that
simply cannot happen.
If it does happen and we get a bug report, it'll be very obvious where it
happened and why.
> page_start = (start - (unsigned long)area->addr) >> PAGE_SHIFT;
>
> for (i = page_start; i < page_start + numpages; ++i) {
> --
> 2.43.0
>
Thanks, Lorenzo
_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2026-03-16 17:38 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-03-16 15:16 [PATCH v2] riscv: mm: add null check for find_vm_area in __set_memory Osama Abdelkader
2026-03-16 15:44 ` Andrew Morton
2026-03-16 17:38 ` Lorenzo Stoakes (Oracle)
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox