From patchwork Mon Apr 22 20:33:49 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Liam R. Howlett" X-Patchwork-Id: 13638955 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id E3252C4345F for ; Mon, 22 Apr 2024 20:34:43 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 54E5A6B0092; Mon, 22 Apr 2024 16:34:43 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 4FDD36B0093; Mon, 22 Apr 2024 16:34:43 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 377406B0095; Mon, 22 Apr 2024 16:34:43 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 189606B0092 for ; Mon, 22 Apr 2024 16:34:43 -0400 (EDT) Received: from smtpin06.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id CF9F9A0DD5 for ; Mon, 22 Apr 2024 20:34:42 +0000 (UTC) X-FDA: 82038321204.06.FD2ED51 Received: from mx0a-00069f02.pphosted.com (mx0a-00069f02.pphosted.com [205.220.165.32]) by imf29.hostedemail.com (Postfix) with ESMTP id 87AED120009 for ; Mon, 22 Apr 2024 20:34:39 +0000 (UTC) Authentication-Results: imf29.hostedemail.com; dkim=pass header.d=oracle.com header.s=corp-2023-11-20 header.b=ZwzAgGMT; dkim=pass header.d=oracle.onmicrosoft.com header.s=selector2-oracle-onmicrosoft-com header.b="zLQ/ZVU6"; dmarc=pass (policy=quarantine) header.from=oracle.com; spf=pass (imf29.hostedemail.com: domain of liam.howlett@oracle.com designates 205.220.165.32 as permitted sender) smtp.mailfrom=liam.howlett@oracle.com; arc=pass ("microsoft.com:s=arcselector9901:i=1") ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1713818079; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:in-reply-to: references:dkim-signature; bh=3K4P4JuBuNlZbcsga6MXMOdIH6qrTwFkbB7Gx2cPTKE=; b=rNqO+h/tycRz3EIMYwHvtUUHttB8+83JYrUmcXpHQppbf3GuzSrKAMOwQs8xq15f56yzV9 ZHb9IH9TBcAis04Ct3Mw8AMixF1hUEXsYVaVjCqfO4zUu2Aoio9M2i/Tdxzbg+UDIDLOYi UynfMIDlp+B+PWDj2VeF/RiAn6GDAfE= ARC-Authentication-Results: i=2; imf29.hostedemail.com; dkim=pass header.d=oracle.com header.s=corp-2023-11-20 header.b=ZwzAgGMT; dkim=pass header.d=oracle.onmicrosoft.com header.s=selector2-oracle-onmicrosoft-com header.b="zLQ/ZVU6"; dmarc=pass (policy=quarantine) header.from=oracle.com; spf=pass (imf29.hostedemail.com: domain of liam.howlett@oracle.com designates 205.220.165.32 as permitted sender) smtp.mailfrom=liam.howlett@oracle.com; arc=pass ("microsoft.com:s=arcselector9901:i=1") ARC-Seal: i=2; s=arc-20220608; d=hostedemail.com; t=1713818079; a=rsa-sha256; cv=pass; b=n0ZyMwEBbeOD6bc1HHSC30OdD5UR4PCCmitvU/xOTp6Vimkje/TGwzf35awAKLZinCEEKo I7OpcEBvdBrhx5fNRt7q9IBKr1r8ji+9wlgMRZxTUOoJLyOf37rmpLGSDjybmKaCGXE+ri ykMOrRBv4FqavpFqrHE6mkGxpOEplCY= Received: from pps.filterd (m0333521.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 43MHnQ9j005092; Mon, 22 Apr 2024 20:34:37 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : cc : subject : date : message-id : content-transfer-encoding : content-type : mime-version; s=corp-2023-11-20; bh=3K4P4JuBuNlZbcsga6MXMOdIH6qrTwFkbB7Gx2cPTKE=; b=ZwzAgGMTfvxXlJyznEhrNxgm++sMzPILSEa9yCgbVVrHOgTW9A9//WSxFB9jxTuGB1Yo YvSYHVYREwWLio8PMYscasox21eJHxU0o36vPeI8FSgO6MAmVkpsIy7EYtdQk6qyCryB Zpv+U4k7EKsAObXBcw+QH84GpJgouPe1uQ32XSQ8ZU4sXYkHozZIb9Z08o8WBCd/FefN atqTC9Ab2H23bCuzSo1yTytTgAdC+BM4yEjyTB9UfXVL+YWkzTjLPNeWFobYnHEHFjTQ AA1QWMrc3cZ0VGktBozRRJL0fpTtWB8uWDMcVs4YCmg5mnTzejnPMV+U1AJiXLZXILkl VQ== Received: from iadpaimrmta03.imrmtpd1.prodappiadaev1.oraclevcn.com (iadpaimrmta03.appoci.oracle.com [130.35.103.27]) by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 3xm4md3pce-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 22 Apr 2024 20:34:20 +0000 Received: from pps.filterd (iadpaimrmta03.imrmtpd1.prodappiadaev1.oraclevcn.com [127.0.0.1]) by iadpaimrmta03.imrmtpd1.prodappiadaev1.oraclevcn.com (8.17.1.19/8.17.1.19) with ESMTP id 43MK6dub006759; Mon, 22 Apr 2024 20:34:19 GMT Received: from nam10-bn7-obe.outbound.protection.outlook.com (mail-bn7nam10lp2100.outbound.protection.outlook.com [104.47.70.100]) by iadpaimrmta03.imrmtpd1.prodappiadaev1.oraclevcn.com (PPS) with ESMTPS id 3xm45677uw-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 22 Apr 2024 20:34:18 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Jqcjo50jTpJv5AwEftFQlJG28R3RXBrXYIFzr6vEt6zkQrAfd4f570pSX2cDS+LGYoutYz4xWRO71dZFxsbEnIaxWmfO4k1PWCVi4SmFG7PADRT81Glj8sAGmWSX17QXLURGzFeCHXF5iq9uMu4zz9a2ncTB880QBLzYHbbkzRLukNuYUR+orwHlz1J/2i9xS5KmJSK0swoaslYGLkTj13BBNZw2XDum1tZQgDX/PEyi1wG1XAg2z1IMKbhPVD7USVt6NXGbHMq/ePFNfd4gKuFCOj25Iyw7cDohdkIBmeG+xX0UYEqTLD5QMf1bg14Bd4sUFE2HFIAxj+ePcU68gw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=3K4P4JuBuNlZbcsga6MXMOdIH6qrTwFkbB7Gx2cPTKE=; b=iHKRKxg0Mrxd22xp6EswrUZKBhV2r2044aWwOPg5BWeqViwygx3id/nLIqk6SCy0fCipSqs+z1sR5b4ahlX25Apa9DKFYsPvM5RYIMsAbbRegfnXWUWL9B7L6/l3frJeFTPpG1iecuI+2OvHM6+p3HcIL69Qsmh3RBmalNSk3ygndTPazQMxuTk9h4chS0EZg5RFkziRmV7OGnN9xUO7JJtDoYK1eEmXsfqQxN8QoFr2UfZnrKI4YIXQA6sF3u3PojMKqljh2Jo79ddHI2+BkW4KzA30K8Hl95rog2WGRLDbGm5oblPQyQG3m/TWBD46dWzY5UJJuqu3cEE5vjKR0Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=oracle.com; dmarc=pass action=none header.from=oracle.com; dkim=pass header.d=oracle.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.onmicrosoft.com; s=selector2-oracle-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3K4P4JuBuNlZbcsga6MXMOdIH6qrTwFkbB7Gx2cPTKE=; b=zLQ/ZVU6FBb45if+MXxflQfnCqsu+ZFfsp+/QTbRUg32zDoTRc969e00EQMb7gzikj61CCx/9KEptV+jlZFpOChtDvHJ3wuqmitGy7/99aDbLQaufOSyRq7QS2JRmjoiKZ6Lvdy8pYOqktKdou1M/czHd6hTEJmMuY922If5BxU= Received: from DS0PR10MB7933.namprd10.prod.outlook.com (2603:10b6:8:1b8::15) by DM4PR10MB7449.namprd10.prod.outlook.com (2603:10b6:8:17e::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7472.44; Mon, 22 Apr 2024 20:34:16 +0000 Received: from DS0PR10MB7933.namprd10.prod.outlook.com ([fe80::2561:85b0:ae8f:9490]) by DS0PR10MB7933.namprd10.prod.outlook.com ([fe80::2561:85b0:ae8f:9490%6]) with mapi id 15.20.7472.044; Mon, 22 Apr 2024 20:34:15 +0000 From: "Liam R. Howlett" To: Andrew Morton Cc: maple-tree@lists.infradead.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, "Liam R. Howlett" , Marius Fleischer , Sidhartha Kumar , stable@vger.kernel.org Subject: [PATCH] maple_tree: Fix mas_empty_area_rev() null pointer dereference Date: Mon, 22 Apr 2024 16:33:49 -0400 Message-ID: <20240422203349.2418465-1-Liam.Howlett@oracle.com> X-Mailer: git-send-email 2.43.0 X-ClientProxiedBy: YT4PR01CA0355.CANPRD01.PROD.OUTLOOK.COM (2603:10b6:b01:fc::25) To DS0PR10MB7933.namprd10.prod.outlook.com (2603:10b6:8:1b8::15) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS0PR10MB7933:EE_|DM4PR10MB7449:EE_ X-MS-Office365-Filtering-Correlation-Id: 4092826d-4705-4a09-f7e9-08dc630b93e7 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: uODq/kldDq8yWccTv+HqrfQj/e71MrB6KrnrbMLSQpmePGK2pudEpO/Oh0FS+F2hsvH4D7L7WiivQHNNQ4vCO/XyAlovqg7eaBJhfH3YK6EGpxGCREVOypR3n9fKM7WIRb0Spz7ZLonyphxgNPH2pogX92Xo8N/IvdMzYZ0A7wIpNjrRCFZ/gcdbkLeGKWwA/4J8OkH6/6U0x24As3R9+z+fvMXQU5UvyYADjlnVM8eR2HvPpsEZIAlndFLQzjKb0AjftVspng2zN0n4r8kmiy2wOG1t+GtKBgz71P6gWi3C0CWmYN9LY1y69fvYpHBc1Sq4s9RjR5yCEb+DWJDFDCJyJ6TKmzmrWj4hj57EAw3tgGELQroPP4FZw4ScwPYSEjHZCVi9yGNTGE6mi5/PFuF2WmsTVDWmbscngSHjTbYSOzU5Ez4rqelT3Bj5YBbmgWEI8B06qqYxNuH1fgdbKxfZ08FMdfHDVRSom8QMEfVoV5g04q3eKuq2ivbtHEhSbmXglobERvMR66iUT+sPie24xDlkmTlVNpBdRy/qoUfyAH1CKr1nXvILE1C7qrNQwjjh92ZfC06EBLAWj1LoAKSwOGXwlGqXTag7jxM8RhnOoqOV/cSmLmutlLdc2oLFrSj0Os9zu6VuNSAJScR7kQEh6RqZ1j1ywu2j8Un9aCUq/1Upc390yzosvLkvX4LbF5/cxQPv3c0iI3VdMhUHuJPnfKXLpLg4pBftORibeVlrG6heaE/+LKmaaVTe7eFCDAPeygyW2/D4ncrkXBxgb6kxNxEQOl+6Q1lFiJ9uaFamVl1Vqw78xWXdLXn10g0YYsN2TUL1xDpp+G+0E5PRJqznPpHqQbDkFXdQkb5VU4ywIhs4OEj5nxiwLbA3866sgeiQRISY60ehgu7xxcvTQEecY2LWJFsGJraKTvdOyf7AP9cROTWmF+CfqYoODG4ha1B+rPAC6tPgI73LbLXDAQzh+QEU+SUx9dfM3pWWQ5nxilye5AgdrzwnktVXLj+xv0msnRr8RcVDkPvYwCNjfgdvE1O9XxgxhgkGAm9+ydyzFAICVyzWrxlnDerk7vaWOJEHiIyht7/k/hClPzpGuQq+cYWs6ujZsd/n1CUhmvxodKnVjyroZNZ7vG7OpcCj2XmtEufsixAWAtwC+H9ndoPrUMoKVEHJesIXSnhK9P4ZnZk3P1E8x2DIeQsuYUA7n9Lq1MwiMiQCznGur5mewRY9e+EPswN6wqfrC/qiCS6M4ElDxmOwV3jrdjaICVNB+X4A2GNUbr8TKsevEe2uHQ== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DS0PR10MB7933.namprd10.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230031)(366007)(376005)(1800799015);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: WU3tVXQ86O4DbPE+2yzCuEse/8MhLunbQRjEQ8CjazDp3JgkK/yHz5bmQHj7uiKfU6yCX1jaBGAPjbI1o7BPBiAp46P3wUFmIVYV/t4fxRMoQJcAW+PD1wWUxbLyt/afZMXW/IhGikDqUjJ6uygawyQBfx4UznDKQa8ydalBrjwmJuk3xazUqfmizJmNGNS33g4c6JZnMgM/m4RB/ZNgY0XsQJph9XhUZ9RzJWr4cJfybgnBpaQm7zYEi9gSyz891fv5tBcH1trMKeG42RGMv5tPUg2291pdrEiMERCPDgfh5/yBFxthF/pv71fmiX1I46VQpcqRGspTaR50PSHOPOyfATayrHZ1Ilu4JDZQTybHBKQ9Et9NCaW+w1kGRYtmVx/zqadxl1lnNId2YJK2wQ13J1RIg/iyX2RUA9ZGD4IvcX+9EemTPCeVCtcM75yoxkblmuWFhS6/fBQP1fSb5ZDMFg9ZBYOdp0YvdKFrmafJWEWeNESrPNdJeslxdI32a/Xx0p3/eOyTcaidMUeQjFE4VaZketKYwstrVHa5QixH8FvYbw6UDgd1oM2Qc5C6h4uMEoNeFH1fuqC75ehGp/tttr4cb3TbQ1UQUx0Q6CdmHds9fH4VuPrAjfdvSP8Gto9zxblD4tsu7cCeXXnVkgkIjN+cfrz9z7NHXAmJd0JZkdJQe5Qe1RF0UpJm1slYOBKs1ZaSJm+sjHhT9IJWpAvsp/rsCT6RJ78peD/4MLBZYmLJYKzXRownjNNPvbsfFhNfScXzx/TfAYPGyNd6Si6+LzRiuPPU7mGDGQz8oXg0fveq6lso/7KRb0NPEF8Ol5HMSWDq8x719GdtjIvuPzoQBAXKfeLLEBZF+TiGLBpPAcdhpBIhJVsPqEIMdjmNYcascQJ4JPY2cauO1NOWmpXEg31g6Bb2WxkIZve2m7zry5j5Bmsu2oRsgbSm5IOioEgAMWTo8C3BsQVR5bBe9NVK02IrbUjUeKW4AFLZwVkdVQueEqglWUZPAF3rXMKMnRxMgBWabfw32g9XHbT6v4ZjV+vvvRyrSRZv4xyfmlxc7grmUFaBGEgdH8SdXyC/VcZI94gscgpusbi88dM7mYlMmc8vDS3RzfuSDdcm7yE3N2OaHGidUJPSYQt+8ti1dP61xC/3TRsSsVUMIYVn8mxNcFz6/GQymGCcIlLtOa79coIb/90fdX6eRzkAhNgqDHIzMfwlFc0M2FvVBtyE67eukI58kN5MNf6VyLkG91myFf7fT3Biy3rTdc1flLg7aLegsup1X1vuGpW9rCZDxMlgZLzXx3PJgFOOH1a7MVcvpWRrPjiRXPtXBjUfmBOGo5rOVh6CaEUvpWI4yd+vkpOnz+cg1j5PsYVwQc3kRVBKqvVTBxlQh3Fn8ip7P+YFq1Smmfd2YCM0S+3J7j5YHyC2wiUXS9ZrQcHTrTVnUbWrxGL21e56AZNMWUsN/V5813WGLwrObylsgRDxZwVwPbx/eIn66kfm6kw4KEsJxkxH9v10U2m0mA/SAVF/1v9cSfwuIaeSJPoOGzEN13PKAnJ4xlhJyBR0ZTWFGD25xVG5XWmNKSuClO5G6lB1JRuL X-MS-Exchange-AntiSpam-ExternalHop-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-ExternalHop-MessageData-0: msdPbYdSCF+A15EvVU8gppw9cDvek1RJwLaaRruWoljdrrM8UURlMUke9+EVwqo/XGKcQoxnd1g3cUlyH4nogYTX2zx0flr0YPAphxtOcQ6xXBb2xFBFzggipVBip5XpnQ/mwkek3H6KqxxRJd9JGaFlTWyrCd/mfbEhJexmXoRhi79KOTC/aOVtHv0qcEYEJvFj+eSZDqnV/AU7eI12Y/Eu42S6sAa2qQ9rFgle9Zt7hPEGoMwOHmx+i8hmgkowVz+L+8y6QBY8PX7IDt7xNJ5Rg1BOw9/E1mX6yCdzQksMLnUfzwB61/1amjijgT7NAMo3MtXIqOLuLZA2MPeFaKZ5X2IdyGhrUVym9gFFYbcqj4yCir/DMYcO9mUiwcCrMjvCsy2LnrZZi0Zd3ZCr7JFHEI7nsETZyW2vWQxtP5O+UlwqFyEMk1PlS4ctNCBHfLA9ft4ZX17fR3T+vKH19PcFDZrKF2aJmv1MkjPbGWLfrpWgQocS+yHFkaytG3b3Q2WxeyHAcrrPEgkiVMivRstdLw8dRqtYkq0Mjgo87bSgljEsHz86BAIDdx/gaIU3VhFc93avIg04/gg8JOZhLIIj4m6YtQSMSMAS4czOH4E= X-OriginatorOrg: oracle.com X-MS-Exchange-CrossTenant-Network-Message-Id: 4092826d-4705-4a09-f7e9-08dc630b93e7 X-MS-Exchange-CrossTenant-AuthSource: DS0PR10MB7933.namprd10.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Apr 2024 20:34:15.8353 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: iYo/pi03O8kX91OpNJcoeCZNH+evYN9I6ycYWyvRpJbYM9G/kJTHuKWG2kzMYiL5sSiurD+GVLL8nkaBvwNHng== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR10MB7449 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-04-22_14,2024-04-22_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 malwarescore=0 mlxscore=0 spamscore=0 bulkscore=0 suspectscore=0 mlxlogscore=999 adultscore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2404010000 definitions=main-2404220087 X-Proofpoint-ORIG-GUID: jmK1BxBrpnyHu7mVxlh1VW8R4MKeW1dW X-Proofpoint-GUID: jmK1BxBrpnyHu7mVxlh1VW8R4MKeW1dW X-Rspam-User: X-Rspamd-Server: rspam11 X-Rspamd-Queue-Id: 87AED120009 X-Stat-Signature: ing9f3959ahwqmpo69cjawbsdogqxpmy X-HE-Tag: 1713818079-850130 X-HE-Meta: U2FsdGVkX190dMVoubjGnbjs0OqLDXHyO0zFs4CF19jt1rZIUrIP2Q9o5s1rO6k2AkSvZpRWxHVA40i9QGwpzKJ50X03UCwWmaAyPkE2Y2DQkySjRmWONCkrIQ1nSHR9c5wJH2DliFsoUr5td2tdijbVU34sGf2YJ9/Esl6ezG4G7hqeMi4KNf3+ZyZ837mSThniNaWPwK+QiSIHZ6MtW5h0KHSSyaO7q5k3pGsHEKNXTs8vo9d9JQGN5auHHFUvO2aG4ZiHcPOGGsUZJpNu6EKTO1X9l6C6Z2SNK/jZav9Yd7+fUfetykNgRLuUHt7Ia2Pve7EFff53slGAnlnc/GJ5oE5a42k0XVwxkc9FWXsaphyOgCGlsm8BOvNVWMno0pN13zgvw5sOuf5OC/NupFFFdDzqGH/GaUHCq1Ls2JJzANjLFAg90aj2X/B+0j641FcyoUSSsRvdScwa4LwJaE7v2tMa2zJDtu7MopT+jF038q7ENB6r3oOtJofueppRTd/dnE8br93w0UUmARgw57t+gblrlHKpvXzKW+cROJciagSxb0dqen0xbfrAlbkGurkwWv06ijVyPQe5l5/k0PGUiq+rxCizXZBdMUDxzKAZto45WiKOBK+eX4562KjlGzfkhrmsKXwcHirEozt1xR2EgZqb3kD0WjnjsdlXB6ehkU0mFs8WkgiYkjD9JtzNCaN2DmGer/4UMNT8H6Kt2UaqNfJ/59oR3GwBUMQWhuq0QAL4l5UZPybohIShcSYDKuYRUcwiRrowsbbHsf9mcXFTtmJOv3zD74ogr1tnN6LpGRAguS5NoS44IzbIcZExLx+7ErFTDzFTfM6913wvev8VfqJuVHnlPv1Tf3bZscujHT6Ymid6C0jNAMN12KQypBmaiSPshIklerY25NVYaJ/Z/0+lddANHhN+UCnchnCeRidZHLDcWIta6iRN3hG0FmEdgLTgvMmVumZEwNC mb3YFn2d d7dKpfIgagOGmPTzIFmGAwh8kI7pLqWezJ+ot6LGzyL6GP4xOOI/kimth8nhZdp6itg9I10DdvRuUxt5h8yPt+HzJYDVjqdtyrFG7LjYJ4j58ttzlZ0GTJAqLuzBD8A5wWPlH7tBPtYoC/r1E+KiPDf5v/XJxit5oWzuyodS/7nTQH4GszlWo6P/Bt1FIoVrAoK55ZeYhhOt321jaRVPqJgruDADVtjTWogBJOfnn1OPVKAWLPxHOf1moZHPT5QcomOQxkieZSMUkWMBM+n6/j88/lUi+apJpA0X5wzHGxmt/2pn9X9NArBgLaZAnpq8dhMWfO00jlgzmq95b3vV2pDAPBb1pTLSS8hQ0cy9Bqm+f3F5oALz3itkRsZwHtppBnrPOijspLLkoIFaP1P9Gt6M9dHHGBRFD7KFlgovvg6Maa0zDZtjowcQWYY4mFR4afL2tOeS/hbvHaVWN2r2jqCiT3BtJCpNCqIWyHceKZ84qeTxSYFNO5wv0k4gDKfMSOwLDzFUsA73HnY2ZChQEpU7IIb0BwVxTik8oa5+w3+iO6tsaTrFFZZKsoQhDYMNiHsgtTsqUR1JmkpSMONMNyNAGUxdELP8cyAi6YvsUKZw4Lhu5udKCO3KBclC2FrA8dm9ZIWs7Z7UPq2CLvgbX/Ff9Ek+2OjM94HwL1+zWHfWACuI= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Currently the code calls mas_start() followed by mas_data_end() if the maple state is MA_START, but mas_start() may return with the maple state node == NULL. This will lead to a null pointer dereference when checking information in the NULL node, which is done in mas_data_end(). Avoid setting the offset if there is no node by waiting until after the maple state is checked for an empty or single entry state. A user could trigger the events to cause a kernel oops by unmapping all vmas to produce an empty maple tree, then mapping a vma that would cause the scenario described above. Reported-by: Marius Fleischer Closes: https://lore.kernel.org/lkml/CAJg=8jyuSxDL6XvqEXY_66M20psRK2J53oBTP+fjV5xpW2-R6w@mail.gmail.com/ Link: https://lore.kernel.org/lkml/CAJg=8jyuSxDL6XvqEXY_66M20psRK2J53oBTP+fjV5xpW2-R6w@mail.gmail.com/ Fixes: 54a611b60590 ("Maple Tree: add new data structure") Tested-by: Marius Fleischer Tested-by: Sidhartha Kumar Cc: maple-tree@lists.infradead.org Cc: linux-mm@kvack.org Cc: stable@vger.kernel.org Signed-off-by: Liam R. Howlett --- lib/maple_tree.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/lib/maple_tree.c b/lib/maple_tree.c index 55e1b35bf877..2d7d27e6ae3c 100644 --- a/lib/maple_tree.c +++ b/lib/maple_tree.c @@ -5109,18 +5109,18 @@ int mas_empty_area_rev(struct ma_state *mas, unsigned long min, if (size == 0 || max - min < size - 1) return -EINVAL; - if (mas_is_start(mas)) { + if (mas_is_start(mas)) mas_start(mas); - mas->offset = mas_data_end(mas); - } else if (mas->offset >= 2) { - mas->offset -= 2; - } else if (!mas_rewind_node(mas)) { + else if ((mas->offset < 2) && (!mas_rewind_node(mas))) return -EBUSY; - } - /* Empty set. */ - if (mas_is_none(mas) || mas_is_ptr(mas)) + if (unlikely(mas_is_none(mas) || mas_is_ptr(mas))) return mas_sparse_area(mas, min, max, size, false); + else if (mas->offset >= 2) + mas->offset -= 2; + else + mas->offset = mas_data_end(mas); + /* The start of the window can only be within these values. */ mas->index = min;