[PATCH 5.6 075/118] arm64: hugetlb: avoid potential NULL dereference
From: Greg Kroah-Hartman
Date: Wed May 13 2020 - 05:58:46 EST
From: Mark Rutland <mark.rutland@xxxxxxx>
commit 027d0c7101f50cf03aeea9eebf484afd4920c8d3 upstream.
The static analyzer in GCC 10 spotted that in huge_pte_alloc() we may
pass a NULL pmdp into pte_alloc_map() when pmd_alloc() returns NULL:
| CC arch/arm64/mm/pageattr.o
| CC arch/arm64/mm/hugetlbpage.o
| from arch/arm64/mm/hugetlbpage.c:10:
| arch/arm64/mm/hugetlbpage.c: In function âhuge_pte_allocâ:
| ./arch/arm64/include/asm/pgtable-types.h:28:24: warning: dereference of NULL âpmdpâ [CWE-690] [-Wanalyzer-null-dereference]
| ./arch/arm64/include/asm/pgtable.h:436:26: note: in expansion of macro âpmd_valâ
| arch/arm64/mm/hugetlbpage.c:242:10: note: in expansion of macro âpte_alloc_mapâ
| |arch/arm64/mm/hugetlbpage.c:232:10:
| |./arch/arm64/include/asm/pgtable-types.h:28:24:
| ./arch/arm64/include/asm/pgtable.h:436:26: note: in expansion of macro âpmd_valâ
| arch/arm64/mm/hugetlbpage.c:242:10: note: in expansion of macro âpte_alloc_mapâ
This can only occur when the kernel cannot allocate a page, and so is
unlikely to happen in practice before other systems start failing.
We can avoid this by bailing out if pmd_alloc() fails, as we do earlier
in the function if pud_alloc() fails.
Fixes: 66b3923a1a0f ("arm64: hugetlb: add support for PTE contiguous bit")
Signed-off-by: Mark Rutland <mark.rutland@xxxxxxx>
Reported-by: Kyrill Tkachov <kyrylo.tkachov@xxxxxxx>
Cc: <stable@xxxxxxxxxxxxxxx> # 4.5.x-
Cc: Will Deacon <will@xxxxxxxxxx>
Signed-off-by: Catalin Marinas <catalin.marinas@xxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
arch/arm64/mm/hugetlbpage.c | 2 ++
1 file changed, 2 insertions(+)
--- a/arch/arm64/mm/hugetlbpage.c
+++ b/arch/arm64/mm/hugetlbpage.c
@@ -230,6 +230,8 @@ pte_t *huge_pte_alloc(struct mm_struct *
ptep = (pte_t *)pudp;
} else if (sz == (CONT_PTE_SIZE)) {
pmdp = pmd_alloc(mm, pudp, addr);
+ if (!pmdp)
+ return NULL;
WARN_ON(addr & (sz - 1));
/*