Re: [PATCH] mm/filemap: fix NULL pointer dereference in do_read_cache_folio()

Next message: Andrii Nakryiko: "Re: [PATCH bpf-next] selftests/bpf: simplify the kernel_count bench trigger"
Previous message: Josh Poimboeuf: "Re: [PATCH 2/4] media: atomisp: Fix startup() section placement with -ffunction-sections"
In reply to: ssrane_b23: "[PATCH] mm/filemap: fix NULL pointer dereference in do_read_cache_folio()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Matthew Wilcox

Date: Fri Nov 14 2025 - 15:44:52 EST

On Sat, Nov 15, 2025 at 01:07:29AM +0530, ssrane_b23@xxxxxxxxxxxxx wrote:
> When read_cache_folio() is called with a NULL filler function on a
> mapping that does not implement read_folio, a NULL pointer
> dereference occurs in filemap_read_folio().
>
> The crash occurs when:
>
> build_id_parse() is called on a VMA backed by a file from a
> filesystem that does not implement ->read_folio() (e.g. procfs,
> sysfs, or other virtual filesystems).

Not a fan of this approach, to be honest. This should be caught at
a higher level. In __build_id_parse(), there's already a check:

/* only works for page backed storage */
if (!vma->vm_file)
return -EINVAL;

which is funny because the comment is correct, but the code is not.
I suspect the right answer is to add right after it:

+ if (vma->vm_file->f_mapping->a_ops == &empty_aops)
+ return -EINVAL;

Want to test that out?