From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-lf1-f53.google.com (mail-lf1-f53.google.com [209.85.167.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 75D9878F2E for ; Fri, 13 Mar 2026 07:31:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.167.53 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773387099; cv=none; b=VHuw8P6klKqzvizSZORxnUnslAORnQPV1NEEPMBiRdFg9OVTMzboZJ4Of7bJV1n+Bpl61qtzbfqi3PNpORnz7+jH5S1EtlaA+dvOkY214Q3wdhem/CGgRtRMJDlrvvnbXct9LgBghpULP3HF6KJFvSgSZojNhM8VGGCWM9SRBqs= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773387099; c=relaxed/simple; bh=+CQs6W28lXGHQQn8stLHZMoWe+XQjbkMxiYCgYmsxVo=; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version:Content-Type; b=neEeDbmHpcDorZq5wxCUaO4wH68ZompdWgkAFdcaFvPPq2ZkDqAW/Dt7OSxxbXvJmHS5S3crDImG5p7ETBy3WbxUBpxtY+RE6Ka+/SueFcdqu8nE32Hm/kXAwuGPKKNXPYxT61oknaDIiSYnrBmZbmCdW4iuZKSEpEcBXsKTvV0= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=N2D8++A9; arc=none smtp.client-ip=209.85.167.53 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="N2D8++A9" Received: by mail-lf1-f53.google.com with SMTP id 2adb3069b0e04-5a0faa0d15cso1883573e87.0 for ; Fri, 13 Mar 2026 00:31:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1773387096; x=1773991896; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=I1uzZX7sv7myV9mNqzucwtZS5S1busM0uO/n4issQkE=; b=N2D8++A92UGprEKd/Lue7jP4i6xC+0P7YlUslmqT+w3sVZtzX7hNftlpE5KwWsHmLx P/9MGite1ArN3dzpzZmgMsPwKt8JAKf9MhGQIxasMea9311aD5Q4qPPhjsEtT/aJXbmU 2AKG3Cr2gzKcdVFMIxhEUk8WGBgA4bjQE1j8tF435nXm1TvZNYRGLD3vJOHY58nq/BLW nusBWKUuvKs3LNLL0v3rbkXGsb7yPD5JMrzcdr4nD9ZWCWFs0GudKTRqJqze4ARHcvBf tckApURDvpNwAwDAlTF7gac6rvHmrwpSsnpRwIyPktPJRo9HZZirGcmDxqOhrKVHI/1b PuIg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1773387096; x=1773991896; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=I1uzZX7sv7myV9mNqzucwtZS5S1busM0uO/n4issQkE=; b=CzgaqlwFl6NUBdD535PsdQ/yGt3lhQc8aJ9Qiwa3oFC4XOwx1Fu/zsbsF2QBS6CN5P x1RmEhzOcgR8giWfOsdKVmo0Q7fm9HW4CrWnYAI9vvu+bzCi+4OPSlmww2pTbaEXEaT+ 1haEaUp4kx0nVeDFexsRFVIFO1kPDoGLQtLB4A0N2bTOQ8F9AjyUtjsNf6vo7GtEpgyW CMHLYpBPAmsxOS7i6EpfGOMmHwB5cM5d+HY0yFb1gWr0uPcwLc8P/+r5G0wyahrKd/3O MkmeC1EmOPtggSbt9s4f7UVxCigZeOIn4uU8ECf1tZk/lVUQf9M7QlDxzJMxauhKfTUZ ZM/w== X-Forwarded-Encrypted: i=1; AJvYcCWJysfzItrM6VjL0ConCkSsBBoTDVjr4dweyDqlSuBIoZ4uMUxRyFHXk6e6OI/+wUEPL01NXBSVcea+O74=@vger.kernel.org X-Gm-Message-State: AOJu0YyqbS7nKiwoyHRVGJPEmvSns0L1qkOUKKeBYfAmaxlw8/YuRdNt IzjciwoYjngIrrW1LKd7rt/LealIa+Ft35fBbOdfjoNL2UsqCXRHb/Bo X-Gm-Gg: ATEYQzyqOlPVhkOwU5ogWhmuEDZkjS5Uidg7AvfoO7ndvi05aUWyTo2Ry8tYu7eoP8m 3V3wuw5dJNBewH1eti5hFbWrdT0WFjY1J0miG5T9XaXF51KjxNVfwbJU13DRyDO3Gb1OAKNbPch bKY66MKRVL3pAiYculioh/AqtWL41vpsSwhkJllIY1wXsGE1ArFVE9PKvObyPt2k+n3QKA4H2RM CneIF0ldRvWGgJTAlcKWsspGCHlvMKgVQeqBZdHY+Fk4ryxnevvXaDaSN8udH7fgc+jocCNEE9c kbrZUmV/R9wiCVk9zJjL7t00bmTMZ1COZ67P+LdDXjp/HrXx+4NALbW7/GcyipfxUdWrU2nXNfy X8qbmtfbYdqdmjQy8tyLMLM7gOI8WLUD5xIJlZAAEGzWvg8WDataVQi+YT/E6LLwi6gQ0Lxo6aU 7zMfCVdtV9ipJ9MnNt+xYeebjzGe+N8abpeTZx1ycjCiaL2cO/+dgZHhIw0EcN/QrS9lf2XTyIH LuUHzwh0Q== X-Received: by 2002:a05:6512:24d5:b0:5a1:24b3:d6e5 with SMTP id 2adb3069b0e04-5a162707017mr612711e87.15.1773387096234; Fri, 13 Mar 2026 00:31:36 -0700 (PDT) Received: from ubuntu.. (static.159.107.27.37.clients.your-server.de. [37.27.107.159]) by smtp.gmail.com with ESMTPSA id 2adb3069b0e04-5a156162b08sm1329379e87.53.2026.03.13.00.31.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 13 Mar 2026 00:31:34 -0700 (PDT) From: Josh Law X-Google-Original-From: Josh Law To: "Liam R . Howlett" , Andrew Morton Cc: Alice Ryhl , Andrew Ballance , linux-kernel@vger.kernel.org, maple-tree@lists.infradead.org, linux-mm@kvack.org, Josh Law Subject: [PATCH v2] lib/maple_tree: fix potential NULL dereference in mas_pop_node() Date: Fri, 13 Mar 2026 07:31:32 +0000 Message-Id: <20260313073132.159184-1-objecting@objecting.org> X-Mailer: git-send-email 2.34.1 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If kmem_cache_alloc_from_sheaf() returns NULL (possible under GFP_NOWAIT pressure), mas_pop_node() falls through to the out label and dereferences the NULL pointer in memset(ret, 0, sizeof(*ret)). Add a NULL check after the sheaf allocation to bail out early. Signed-off-by: Josh Law --- v2: drop WARN_ON_ONCE — this is a recoverable allocation failure, not a state that warrants a warning splat. lib/maple_tree.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/maple_tree.c b/lib/maple_tree.c index 739918e859e5..1eaaa5f964e9 100644 --- a/lib/maple_tree.c +++ b/lib/maple_tree.c @@ -1063,6 +1063,8 @@ static __always_inline struct maple_node *mas_pop_node(struct ma_state *mas) return NULL; ret = kmem_cache_alloc_from_sheaf(maple_node_cache, GFP_NOWAIT, mas->sheaf); + if (!ret) + return NULL; out: memset(ret, 0, sizeof(*ret)); -- 2.34.1