[PATCH] mm: filemap_map_pages() avoid dereference NULL/exception slots

From: Kirill A. Shutemov
Date: Mon Mar 03 2014 - 05:07:03 EST

Next message: David Long: "Re: [PATCH v6 00/14] uprobes: Add uprobes support for ARM"
Previous message: Lee Jones: "Re: [PATCH v2] timberdale: Use pci_enable_msix_exact() instead of pci_enable_msix()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

radix_tree_deref_slot() can return NULL: add missed check.

Do no dereference 'page': we can get there as result of
radix_tree_exception(page) check.

Reported-by: Hugh Dickins <hughd@xxxxxxxxxx>
Reported-by: Ning Qu <quning@xxxxxxxxxx>
Signed-off-by: Kirill A. Shutemov <kirill.shutemov@xxxxxxxxxxxxxxx>
---
mm/filemap.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/mm/filemap.c b/mm/filemap.c
index 5f4fe7f0c258..e48624634927 100644
--- a/mm/filemap.c
+++ b/mm/filemap.c
@@ -1745,6 +1745,8 @@ void filemap_map_pages(struct vm_area_struct *vma, struct vm_fault *vmf)
break;
repeat:
page = radix_tree_deref_slot(slot);
+ if (unlikely(!page))
+ goto next;
if (radix_tree_exception(page)) {
if (radix_tree_deref_retry(page))
break;
@@ -1790,7 +1792,7 @@ unlock:
skip:
page_cache_release(page);
next:
- if (page->index == vmf->max_pgoff)
+ if (iter.index == vmf->max_pgoff)
break;
}
rcu_read_unlock();
--
Kirill A. Shutemov
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: David Long: "Re: [PATCH v6 00/14] uprobes: Add uprobes support for ARM"
Previous message: Lee Jones: "Re: [PATCH v2] timberdale: Use pci_enable_msix_exact() instead of pci_enable_msix()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]