[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20190723132648.25853-1-baijiaju1990@gmail.com>
Date: Tue, 23 Jul 2019 21:26:48 +0800
From: Jia-Ju Bai <baijiaju1990@...il.com>
To: dave.hansen@...ux.intel.com, luto@...nel.org, peterz@...radead.org,
tglx@...utronix.de, mingo@...hat.com, bp@...en8.de, hpa@...or.com
Cc: x86@...nel.org, linux-kernel@...r.kernel.org,
Jia-Ju Bai <baijiaju1990@...il.com>
Subject: [PATCH] x86: Fix possible null-pointer dereferences in untrack_pfn()
In untrack_pfn(), there is an if statement on line 1058 to check whether
vma is NULL:
if (vma && !(vma->vm_flags & VM_PAT))
When vma is NULL, vma is used on line 1064:
if (follow_phys(vma, vma->vm_start, 0, &prot, &paddr))
and line 1069:
size = vma->vm_end - vma->vm_start;
Thus, possible null-pointer dereferences may occur.
To fix these possible bugs, vma is checked on line 1063.
These bugs are found by a static analysis tool STCheck written by us.
Signed-off-by: Jia-Ju Bai <baijiaju1990@...il.com>
---
arch/x86/mm/pat.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/mm/pat.c b/arch/x86/mm/pat.c
index d9fbd4f69920..717456e7745e 100644
--- a/arch/x86/mm/pat.c
+++ b/arch/x86/mm/pat.c
@@ -1060,7 +1060,7 @@ void untrack_pfn(struct vm_area_struct *vma, unsigned long pfn,
/* free the chunk starting from pfn or the whole chunk */
paddr = (resource_size_t)pfn << PAGE_SHIFT;
- if (!paddr && !size) {
+ if (vma && !paddr && !size) {
if (follow_phys(vma, vma->vm_start, 0, &prot, &paddr)) {
WARN_ON_ONCE(1);
return;
--
2.17.0
Powered by blists - more mailing lists