Re: [PATCH] x86/process: Return early on NULL iobm in native_tss_update_io_bitmap()

Next message: Aaron Lu: "Re: [PATCH v2 08/10] sched/fair: Add newidle balance to pick_task_fair()"
Previous message: kernel test robot: "Re: [PATCH] media: bcm2835-unicam: Fix querycap multiple caps"
Next in thread: Li,Rongqing: "&#x7B54;&#x590D;: [&#x5916;&#x90E8;&#x90AE;&#x4EF6;] Re: [PATCH] x86/process: Return early on NULL iobm in native_tss_update_io_bitmap()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Sohil Mehta

Date: Thu Jun 11 2026 - 22:20:08 EST

How about?

x86/process: Return early if TIF_IO_BITMAP is set but no IO bitmap is
assigned

On 5/31/2026 10:37 PM, lirongqing wrote:
> From: Li RongQing <lirongqing@xxxxxxxxx>
>
> When 'iobm' is NULL, native_tss_update_io_bitmap() clears the thread
> flag and invalidates the TSS bitmap, but falls through to subsequent code
> that dereferences 'iobm'.
>

"When iobm is NULL.." makes it sound like this can easily happen. Would
it be better to say:

Outside the IOPL emulation path, the IO bitmap is always expected to be
allocated when TIF_IO_BITMAP is set. The paranoid WARN_ON_ONCE() handles
the case where the flag and the pointer got out of sync. In this rare
scenario, return early instead of continuing and dereferencing a NULL
pointer.

> Add a missing return statement to prevent a potential kernel NULL
> pointer dereference panic.
>
> Signed-off-by: Li RongQing <lirongqing@xxxxxxxxx>
> ---
> arch/x86/kernel/process.c | 1 +
> 1 file changed, 1 insertion(+)
>

The code change looks good to me.

Reviewed-by: Sohil Mehta <sohil.mehta@xxxxxxxxx>

> diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
> index 4c718f8..d5cd217 100644
> --- a/arch/x86/kernel/process.c
> +++ b/arch/x86/kernel/process.c
> @@ -486,6 +486,7 @@ void native_tss_update_io_bitmap(void)
> if (WARN_ON_ONCE(!iobm)) {
> clear_thread_flag(TIF_IO_BITMAP);
> native_tss_invalidate_io_bitmap();
> + return;
> }
>
> /*