1. Patchew
  2. linux
  3. View series

[PATCH v2] mm: fix a possible null pointer dereference in setup_zone_pageset()

Qiu-ji Chen posted 1 patch 2 weeks, 2 days ago 
mm/page_alloc.c | 6 ++++++
1 file changed, 6 insertions(+)
[PATCH v2] mm: fix a possible null pointer dereference in setup_zone_pageset()
Posted by Qiu-ji Chen 2 weeks, 2 days ago 
The function call alloc_percpu() returns a pointer to the memory address,
but it hasn't been checked. Our static analysis tool indicates that null
pointer dereference may exist in pointer zone->per_cpu_pageset. It is
always safe to judge the null pointer before use.

Signed-off-by: Qiu-ji Chen <chenqiuji666@gmail.com>
Cc: stable@vger.kernel.org
Fixes: 9420f89db2dd ("mm: move most of core MM initialization to mm/mm_init.c")
---
V2:
Fixed the incorrect code logic.
Thanks David Hildenbrand for helpful suggestion.
---
 mm/page_alloc.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/mm/page_alloc.c b/mm/page_alloc.c
index 8afab64814dc..7c8a74fd02d6 100644
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
@@ -5703,8 +5703,14 @@ void __meminit setup_zone_pageset(struct zone *zone)
 	/* Size may be 0 on !SMP && !NUMA */
 	if (sizeof(struct per_cpu_zonestat) > 0)
 		zone->per_cpu_zonestats = alloc_percpu(struct per_cpu_zonestat);
+	if (!zone->per_cpu_zonestats)
+		return;
 
 	zone->per_cpu_pageset = alloc_percpu(struct per_cpu_pages);
+	if (!zone->per_cpu_pageset) {
+		free_percpu(zone->per_cpu_zonestats);
+		return;
+	}
 	for_each_possible_cpu(cpu) {
 		struct per_cpu_pages *pcp;
 		struct per_cpu_zonestat *pzstats;
-- 
2.34.1
Re: [PATCH v2] mm: fix a possible null pointer dereference in setup_zone_pageset()
Posted by David Hildenbrand 2 weeks, 2 days ago 
On 07.11.24 13:41, Qiu-ji Chen wrote:
> The function call alloc_percpu() returns a pointer to the memory address,
> but it hasn't been checked. Our static analysis tool indicates that null
> pointer dereference may exist in pointer zone->per_cpu_pageset. It is
> always safe to judge the null pointer before use.
> 
> Signed-off-by: Qiu-ji Chen <chenqiuji666@gmail.com>
> Cc: stable@vger.kernel.org
> Fixes: 9420f89db2dd ("mm: move most of core MM initialization to mm/mm_init.c")
> ---
> V2:
> Fixed the incorrect code logic.
> Thanks David Hildenbrand for helpful suggestion.
> ---
>   mm/page_alloc.c | 6 ++++++
>   1 file changed, 6 insertions(+)
> 
> diff --git a/mm/page_alloc.c b/mm/page_alloc.c
> index 8afab64814dc..7c8a74fd02d6 100644
> --- a/mm/page_alloc.c
> +++ b/mm/page_alloc.c
> @@ -5703,8 +5703,14 @@ void __meminit setup_zone_pageset(struct zone *zone)
>   	/* Size may be 0 on !SMP && !NUMA */
>   	if (sizeof(struct per_cpu_zonestat) > 0)
>   		zone->per_cpu_zonestats = alloc_percpu(struct per_cpu_zonestat);
> +	if (!zone->per_cpu_zonestats)
> +		return;
>   
>   	zone->per_cpu_pageset = alloc_percpu(struct per_cpu_pages);
> +	if (!zone->per_cpu_pageset) {
> +		free_percpu(zone->per_cpu_zonestats);
> +		return;
> +	}
>   	for_each_possible_cpu(cpu) {
>   		struct per_cpu_pages *pcp;
>   		struct per_cpu_zonestat *pzstats;

Unmodified patch, likely not what you wanted to send?


-- 
Cheers,

David / dhildenb
Re: [PATCH v2] mm: fix a possible null pointer dereference in setup_zone_pageset()
Posted by Qiu-ji Chen 2 weeks, 2 days ago 
Hello, the previous patch did not correctly check and release the
relevant pointers. Version 2 has fixed these issues. Thank you for
your response.


On Thu, Nov 7, 2024 at 8:53 PM David Hildenbrand <david@redhat.com> wrote:
>
> On 07.11.24 13:41, Qiu-ji Chen wrote:
> > The function call alloc_percpu() returns a pointer to the memory address,
> > but it hasn't been checked. Our static analysis tool indicates that null
> > pointer dereference may exist in pointer zone->per_cpu_pageset. It is
> > always safe to judge the null pointer before use.
> >
> > Signed-off-by: Qiu-ji Chen <chenqiuji666@gmail.com>
> > Cc: stable@vger.kernel.org
> > Fixes: 9420f89db2dd ("mm: move most of core MM initialization to mm/mm_init.c")
> > ---
> > V2:
> > Fixed the incorrect code logic.
> > Thanks David Hildenbrand for helpful suggestion.
> > ---
> >   mm/page_alloc.c | 6 ++++++
> >   1 file changed, 6 insertions(+)
> >
> > diff --git a/mm/page_alloc.c b/mm/page_alloc.c
> > index 8afab64814dc..7c8a74fd02d6 100644
> > --- a/mm/page_alloc.c
> > +++ b/mm/page_alloc.c
> > @@ -5703,8 +5703,14 @@ void __meminit setup_zone_pageset(struct zone *zone)
> >       /* Size may be 0 on !SMP && !NUMA */
> >       if (sizeof(struct per_cpu_zonestat) > 0)
> >               zone->per_cpu_zonestats = alloc_percpu(struct per_cpu_zonestat);
> > +     if (!zone->per_cpu_zonestats)
> > +             return;
> >
> >       zone->per_cpu_pageset = alloc_percpu(struct per_cpu_pages);
> > +     if (!zone->per_cpu_pageset) {
> > +             free_percpu(zone->per_cpu_zonestats);
> > +             return;
> > +     }
> >       for_each_possible_cpu(cpu) {
> >               struct per_cpu_pages *pcp;
> >               struct per_cpu_zonestat *pzstats;
>
> Unmodified patch, likely not what you wanted to send?
>
>
> --
> Cheers,
>
> David / dhildenb
>
Re: [PATCH v2] mm: fix a possible null pointer dereference in setup_zone_pageset()
Posted by David Hildenbrand 2 weeks, 2 days ago 
On 07.11.24 14:09, Qiu-ji Chen wrote:
> Hello, the previous patch did not correctly check and release the
> relevant pointers. Version 2 has fixed these issues. Thank you for
> your response.

I'm afraid I'm missing how my review feedback was addresses :/

-- 
Cheers,

David / dhildenb

Patchew 2.1-devel-b67e4c2

© 2016 - 2024 Red Hat, Inc.