Message ID | 20221018143639.5099-1-91tuocao@gmail.com (mailing list archive) |
---|---|
State | New |
Headers | show |
Series | mm: folio-compat: fix bug for pagecache_get_page | expand |
On Tue, Oct 18, 2022 at 10:36:39PM +0800, Tuo Cao wrote: > The folio returned from __filemap_get_folio may be a NULL, it will > causes the kernel crash when access folio->page. This is not a bug. &folio->page does not dereference folio but performs pointer arithmetic.
On Tue, 18 Oct 2022 15:39:39 +0100 Matthew Wilcox <willy@infradead.org> wrote: > On Tue, Oct 18, 2022 at 10:36:39PM +0800, Tuo Cao wrote: > > The folio returned from __filemap_get_folio may be a NULL, it will > > causes the kernel crash when access folio->page. > > This is not a bug. &folio->page does not dereference folio but performs > pointer arithmetic. This is the third attempt to "fix" this. So far. I think we should take the hint and make the check for a null pointer more explicit.
On Tue, Oct 18, 2022 at 01:48:34PM -0700, Andrew Morton wrote: > On Tue, 18 Oct 2022 15:39:39 +0100 Matthew Wilcox <willy@infradead.org> wrote: > > > On Tue, Oct 18, 2022 at 10:36:39PM +0800, Tuo Cao wrote: > > > The folio returned from __filemap_get_folio may be a NULL, it will > > > causes the kernel crash when access folio->page. > > > > This is not a bug. &folio->page does not dereference folio but performs > > pointer arithmetic. > > This is the third attempt to "fix" this. So far. I think we should > take the hint and make the check for a null pointer more explicit. I think it's doing a great job of pointing out how many alleged kernel programmers don't actually understand C and aren't capable of searching mailing lists to see if somebody else already sent a patch. Hopefully somebody's keeping track and is feeding this information into their hiring algorithms. The real solution is to convert all the callers of pagecache_get_page() to use folios, and then we can delete this code. I have a small series in progress. The amount of text savings is immense; half a kilobyte from one conversion alone. Our compound_head() has got very bloated.
diff --git a/mm/folio-compat.c b/mm/folio-compat.c index e1e23b4947d7..37ba33135506 100644 --- a/mm/folio-compat.c +++ b/mm/folio-compat.c @@ -108,7 +108,7 @@ struct page *pagecache_get_page(struct address_space *mapping, pgoff_t index, struct folio *folio; folio = __filemap_get_folio(mapping, index, fgp_flags, gfp); - if ((fgp_flags & FGP_HEAD) || !folio || xa_is_value(folio)) + if ((fgp_flags & FGP_HEAD) || xa_is_value(folio)) return &folio->page; return folio_file_page(folio, index); }
The folio returned from __filemap_get_folio may be a NULL, it will causes the kernel crash when access folio->page. Signed-off-by: Tuo Cao <91tuocao@gmail.com> --- mm/folio-compat.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)