答复: [外部邮件] Re: [PATCH] x86/process: Return early on NULL iobm in native_tss_update_io_bitmap()
From: Li,Rongqing
Date: Thu Jun 11 2026 - 23:20:14 EST
>
> How about?
>
> x86/process: Return early if TIF_IO_BITMAP is set but no IO bitmap is
> assigned
>
>
> On 5/31/2026 10:37 PM, lirongqing wrote:
> > From: Li RongQing <lirongqing@xxxxxxxxx>
> >
> > When 'iobm' is NULL, native_tss_update_io_bitmap() clears the thread
> > flag and invalidates the TSS bitmap, but falls through to subsequent
> > code that dereferences 'iobm'.
> >
>
> "When iobm is NULL.." makes it sound like this can easily happen. Would it
> be better to say:
True, I haven’t observed this issue myself. I agree that your commit message is better, so I will send a v2 with it.
Thanks
-Li
>
> Outside the IOPL emulation path, the IO bitmap is always expected to be
> allocated when TIF_IO_BITMAP is set. The paranoid WARN_ON_ONCE()
> handles the case where the flag and the pointer got out of sync. In this rare
> scenario, return early instead of continuing and dereferencing a NULL pointer.
>
> > Add a missing return statement to prevent a potential kernel NULL
> > pointer dereference panic.
> >
> > Signed-off-by: Li RongQing <lirongqing@xxxxxxxxx>
> > ---
> > arch/x86/kernel/process.c | 1 +
> > 1 file changed, 1 insertion(+)
> >
>
> The code change looks good to me.
>
> Reviewed-by: Sohil Mehta <sohil.mehta@xxxxxxxxx>
>
> > diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
> > index 4c718f8..d5cd217 100644
> > --- a/arch/x86/kernel/process.c
> > +++ b/arch/x86/kernel/process.c
> > @@ -486,6 +486,7 @@ void native_tss_update_io_bitmap(void)
> > if (WARN_ON_ONCE(!iobm)) {
> > clear_thread_flag(TIF_IO_BITMAP);
> > native_tss_invalidate_io_bitmap();
> > + return;
> > }
> >
> > /*
>