Re: [PATCH 1/1] mm: implement ->map_pages for shmem/tmpfs

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
To: Ning Qu <quning@google.com>, Hugh Dickins <hughd@google.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
	Andrew Morton <akpm@linux-foundation.org>,
	Mel Gorman <mgorman@suse.de>, Rik van Riel <riel@redhat.com>,
	"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
	Andi Kleen <ak@linux.intel.com>,
	Matthew Wilcox <matthew.r.wilcox@intel.com>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	Alexander Viro <viro@zeniv.linux.org.uk>,
	Dave Chinner <david@fromorbit.com>,
	linux-mm@kvack.org, linux-fsdevel@vger.kernel.org,
	linux-kernel@vger.kernel.org
Subject: Re: [PATCH 1/1] mm: implement ->map_pages for shmem/tmpfs
Date: Mon,  3 Mar 2014 13:07:46 +0200 (EET)	[thread overview]
Message-ID: <20140303110747.01F2DE0098@blue.fi.intel.com> (raw)
In-Reply-To: <CACQD4-4bbwk_LOUVamTyB6V+Fg_F+Q4q2g8DxroTM7YiA=eJzQ@mail.gmail.com>

Ning Qu wrote:
> Btw, should we first check if page returned by radix_tree_deref_slot is NULL?

Yes, we should. I don't know how I missed that. :(

The patch below should address both issues.

>From dca24c9a1f31ee1599fe81e9a60d4f87a4eaf0ea Mon Sep 17 00:00:00 2001
From: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
Date: Mon, 3 Mar 2014 12:07:03 +0200
Subject: [PATCH] mm: filemap_map_pages() avoid dereference NULL/exception
 slots

radix_tree_deref_slot() can return NULL: add missed check.

Do no dereference 'page': we can get there as result of
radix_tree_exception(page) check.

Reported-by: Hugh Dickins <hughd@google.com>
Reported-by: Ning Qu <quning@google.com>
Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
---
 mm/filemap.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/mm/filemap.c b/mm/filemap.c
index 5f4fe7f0c258..e48624634927 100644
--- a/mm/filemap.c
+++ b/mm/filemap.c
@@ -1745,6 +1745,8 @@ void filemap_map_pages(struct vm_area_struct *vma, struct vm_fault *vmf)
 			break;
 repeat:
 		page = radix_tree_deref_slot(slot);
+		if (unlikely(!page))
+			goto next;
 		if (radix_tree_exception(page)) {
 			if (radix_tree_deref_retry(page))
 				break;
@@ -1790,7 +1792,7 @@ unlock:
 skip:
 		page_cache_release(page);
 next:
-		if (page->index == vmf->max_pgoff)
+		if (iter.index == vmf->max_pgoff)
 			break;
 	}
 	rcu_read_unlock();
-- 
 Kirill A. Shutemov

next prev parent reply	other threads:[~2014-03-03 11:07 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-02-28 22:18 [PATCH 0/1] mm, shmem: map few pages around fault address if they are in page cache Ning Qu
2014-02-28 22:18 ` [PATCH 1/1] mm: implement ->map_pages for shmem/tmpfs Ning Qu
2014-03-01  1:20   ` Hugh Dickins
2014-03-01  6:36     ` Ning Qu
2014-03-03 11:07       ` Kirill A. Shutemov [this message]
2014-03-03 18:49         ` Ning Qu
2014-03-04 20:02     ` Hugh Dickins
2014-02-28 22:34 ` [PATCH 0/1] mm, shmem: map few pages around fault address if they are in page cache Andrew Morton
2014-03-01  0:35 ` Ning Qu
2014-03-01  1:41   ` Andrew Morton
2014-03-01  6:10     ` Ning Qu
2014-03-01  6:27       ` Ning Qu
     [not found]         ` <20140303143834.90ebe8ec5c6a369e54a599ec@linux-foundation.org>
2014-03-03 23:07           ` Ning Qu
2014-03-03 23:29           ` Linus Torvalds
     [not found]             ` <20140303153707.beced5c271179d1b1658a246@linux-foundation.org>
2014-03-04  0:50               ` Kirill A. Shutemov
     [not found] ` <CACz4_2eYUOkHdOtBJGDGMMwBcQkyPs8BDXQ491Ab_ig4z8q5mQ@mail.gmail.com>
2014-03-13 20:46   ` Ning Qu

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:5f4fe7f0c25 dfblob:e4862463492 )
 OR (
bs:"mm: filemap_map_pages() avoid dereference NULL/exception" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20140303110747.01F2DE0098@blue.fi.intel.com \
    --to=kirill.shutemov@linux.intel.com \
    --cc=ak@linux.intel.com \
    --cc=akpm@linux-foundation.org \
    --cc=dave.hansen@linux.intel.com \
    --cc=david@fromorbit.com \
    --cc=hughd@google.com \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=matthew.r.wilcox@intel.com \
    --cc=mgorman@suse.de \
    --cc=quning@google.com \
    --cc=riel@redhat.com \
    --cc=torvalds@linux-foundation.org \
    --cc=viro@zeniv.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox