[RFC PATCH] perf/core: Prevent dereferencing NULL pointer
From: I Hsin Cheng
Date: Wed Feb 05 2025 - 14:06:24 EST
According to coverity scan check, there's possible cases where
"ring_buffer_get()" returns a NULL in "perf_mmap_close".
Use a "BUG_ON()" to check for NULL pointer existence, panic if it does
exist, otherwise it's safe to dereference "rb" and access its members.
The scan check report link is:
scan5.scan.coverity.com/#/project-view/63416/10063?selectedIssue=1636067
Signed-off-by: I Hsin Cheng <richard120310@xxxxxxxxx>
---
kernel/events/core.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/kernel/events/core.c b/kernel/events/core.c
index bcb09e011e9e..fe83d4754746 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -6410,11 +6410,17 @@ static void perf_mmap_close(struct vm_area_struct *vma)
{
struct perf_event *event = vma->vm_file->private_data;
struct perf_buffer *rb = ring_buffer_get(event);
- struct user_struct *mmap_user = rb->mmap_user;
- int mmap_locked = rb->mmap_locked;
- unsigned long size = perf_data_size(rb);
+ struct user_struct *mmap_user;
+ int mmap_locked;
+ unsigned long size;
bool detach_rest = false;
+ BUG_ON(!rb);
+
+ mmap_user = rb->mmap_user;
+ mmap_locked = rb->mmap_locked;
+ size = perf_data_size(rb);
+
if (event->pmu->event_unmapped)
event->pmu->event_unmapped(event, vma->vm_mm);
--
2.43.0