[PATCH] sched/core: Fix error pointer dereference

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH] sched/core: Fix error pointer dereference
@ 2026-02-17 18:06 Ethan Tidmore
  2026-02-20 10:20 ` Peter Zijlstra
  2026-02-26  5:18 ` Vishal Chourasia
  0 siblings, 2 replies; 4+ messages in thread
From: Ethan Tidmore @ 2026-02-17 18:06 UTC (permalink / raw)
  To: tglx, peterz; +Cc: mpe, cai, linux-kernel, Ethan Tidmore

The function idle_thread_get() can return an error pointer and is not
checked for one. Add check for error pointer.

Detected by Smatch:
kernel/cpu.c:911 finish_cpu() error:
'idle' dereferencing possible ERR_PTR()

Fixes: bf2c59fce4074 ("sched/core: Fix illegal RCU from offline CPUs")
Signed-off-by: Ethan Tidmore <ethantidmore06@gmail.com>
---
 kernel/cpu.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/kernel/cpu.c b/kernel/cpu.c
index bc4f7a9ba64e..30af888d1bc1 100644
--- a/kernel/cpu.c
+++ b/kernel/cpu.c
@@ -908,7 +908,12 @@ static int bringup_cpu(unsigned int cpu)
 static int finish_cpu(unsigned int cpu)
 {
 	struct task_struct *idle = idle_thread_get(cpu);
-	struct mm_struct *mm = idle->active_mm;
+	struct mm_struct *mm;
+
+	if (IS_ERR(idle))
+		return PTR_ERR(idle);
+
+	mm = idle->active_mm;
 
 	/*
 	 * sched_force_init_mm() ensured the use of &init_mm,
-- 
2.53.0


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH] sched/core: Fix error pointer dereference
  2026-02-17 18:06 [PATCH] sched/core: Fix error pointer dereference Ethan Tidmore
@ 2026-02-20 10:20 ` Peter Zijlstra
  2026-02-20 14:19   ` Ethan Tidmore
  2026-02-26  5:18 ` Vishal Chourasia
  1 sibling, 1 reply; 4+ messages in thread
From: Peter Zijlstra @ 2026-02-20 10:20 UTC (permalink / raw)
  To: Ethan Tidmore; +Cc: tglx, mpe, cai, linux-kernel

On Tue, Feb 17, 2026 at 12:06:33PM -0600, Ethan Tidmore wrote:
> The function idle_thread_get() can return an error pointer and is not
> checked for one. Add check for error pointer.
> 
> Detected by Smatch:
> kernel/cpu.c:911 finish_cpu() error:
> 'idle' dereferencing possible ERR_PTR()

How could this possibly happen?

> Signed-off-by: Ethan Tidmore <ethantidmore06@gmail.com>
> ---
>  kernel/cpu.c | 7 ++++++-
>  1 file changed, 6 insertions(+), 1 deletion(-)
> 
> diff --git a/kernel/cpu.c b/kernel/cpu.c
> index bc4f7a9ba64e..30af888d1bc1 100644
> --- a/kernel/cpu.c
> +++ b/kernel/cpu.c
> @@ -908,7 +908,12 @@ static int bringup_cpu(unsigned int cpu)
>  static int finish_cpu(unsigned int cpu)
>  {
>  	struct task_struct *idle = idle_thread_get(cpu);
> -	struct mm_struct *mm = idle->active_mm;
> +	struct mm_struct *mm;
> +
> +	if (IS_ERR(idle))
> +		return PTR_ERR(idle);
> +
> +	mm = idle->active_mm;
>  
>  	/*
>  	 * sched_force_init_mm() ensured the use of &init_mm,
> -- 
> 2.53.0
> 

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] sched/core: Fix error pointer dereference
  2026-02-20 10:20 ` Peter Zijlstra
@ 2026-02-20 14:19   ` Ethan Tidmore
  0 siblings, 0 replies; 4+ messages in thread
From: Ethan Tidmore @ 2026-02-20 14:19 UTC (permalink / raw)
  To: Peter Zijlstra, Ethan Tidmore; +Cc: tglx, mpe, cai, linux-kernel

On Fri Feb 20, 2026 at 4:20 AM CST, Peter Zijlstra wrote:
> On Tue, Feb 17, 2026 at 12:06:33PM -0600, Ethan Tidmore wrote:
>> The function idle_thread_get() can return an error pointer and is not
>> checked for one. Add check for error pointer.
>> 
>> Detected by Smatch:
>> kernel/cpu.c:911 finish_cpu() error:
>> 'idle' dereferencing possible ERR_PTR()
>
> How could this possibly happen?
>

Sorry about that, must be a false positive. I'll be more careful next
time.

Thanks,

ET

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] sched/core: Fix error pointer dereference
  2026-02-17 18:06 [PATCH] sched/core: Fix error pointer dereference Ethan Tidmore
  2026-02-20 10:20 ` Peter Zijlstra
@ 2026-02-26  5:18 ` Vishal Chourasia
  1 sibling, 0 replies; 4+ messages in thread
From: Vishal Chourasia @ 2026-02-26  5:18 UTC (permalink / raw)
  To: Ethan Tidmore; +Cc: tglx, peterz, mpe, cai, linux-kernel

On Tue, Feb 17, 2026 at 12:06:33PM -0600, Ethan Tidmore wrote:
> The function idle_thread_get() can return an error pointer and is not
> checked for one. Add check for error pointer.
> 
> Detected by Smatch:
> kernel/cpu.c:911 finish_cpu() error:
> 'idle' dereferencing possible ERR_PTR()
> 
> Fixes: bf2c59fce4074 ("sched/core: Fix illegal RCU from offline CPUs")
> Signed-off-by: Ethan Tidmore <ethantidmore06@gmail.com>
> ---
>  kernel/cpu.c | 7 ++++++-
>  1 file changed, 6 insertions(+), 1 deletion(-)
> 
> diff --git a/kernel/cpu.c b/kernel/cpu.c
> index bc4f7a9ba64e..30af888d1bc1 100644
> --- a/kernel/cpu.c
> +++ b/kernel/cpu.c
> @@ -908,7 +908,12 @@ static int bringup_cpu(unsigned int cpu)
>  static int finish_cpu(unsigned int cpu)
>  {
>  	struct task_struct *idle = idle_thread_get(cpu);
> -	struct mm_struct *mm = idle->active_mm;
> +	struct mm_struct *mm;
> +
> +	if (IS_ERR(idle))
> +		return PTR_ERR(idle);
> +
> +	mm = idle->active_mm;
>  
>  	/*
>  	 * sched_force_init_mm() ensured the use of &init_mm,
> -- 
> 2.53.0
> 
Reviewed-by: Vishal Chourasia <vishalc@linux.ibm.com>

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2026-02-26  5:18 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-02-17 18:06 [PATCH] sched/core: Fix error pointer dereference Ethan Tidmore
2026-02-20 10:20 ` Peter Zijlstra
2026-02-20 14:19   ` Ethan Tidmore
2026-02-26  5:18 ` Vishal Chourasia

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox