From patchwork Wed Jun 26 00:16:39 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Waiman Long X-Patchwork-Id: 13712142 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id D8767C2BBCA for ; Wed, 26 Jun 2024 00:17:02 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 1585E6B0083; Tue, 25 Jun 2024 20:17:02 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 107616B0085; Tue, 25 Jun 2024 20:17:02 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id F37BA6B0088; Tue, 25 Jun 2024 20:17:01 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id D61466B0083 for ; Tue, 25 Jun 2024 20:17:01 -0400 (EDT) Received: from smtpin21.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 906D21607AC for ; Wed, 26 Jun 2024 00:17:01 +0000 (UTC) X-FDA: 82271124642.21.796AD16 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by imf18.hostedemail.com (Postfix) with ESMTP id CFF351C000D for ; Wed, 26 Jun 2024 00:16:59 +0000 (UTC) Authentication-Results: imf18.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=MJQlV1uO; spf=pass (imf18.hostedemail.com: domain of longman@redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=longman@redhat.com; dmarc=pass (policy=none) header.from=redhat.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1719361012; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:references:dkim-signature; bh=zdU+rDDqlIgpLxiqowKiFIoMTlc4uejP8unMxUUC8sQ=; b=hmvZYz0bGdoPnvX+6CO0Rv9pfV8yA2fbuccKH0jFULKuC6j0lhKRINg3IFn8a+8bLGSTNb yq9weizOAsNrquRq2MMf+XLvh3cmx/EsmVowd4M716kLMufNWoOIhtt5WsBFowpSKny9lS YODGBIrf8LoUQkXTUqKxfgnb+c/GBlE= ARC-Authentication-Results: i=1; imf18.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=MJQlV1uO; spf=pass (imf18.hostedemail.com: domain of longman@redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=longman@redhat.com; dmarc=pass (policy=none) header.from=redhat.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1719361012; a=rsa-sha256; cv=none; b=XwhFOrWJYhAfdobjRLWaoTNjGB72OtilQ2SuRf7OcNQOc6IZcoV6lnILVqlYIp9HVGotcE HoEv/C/YP/QlU/GFVnRL1llYfKS6Wa1FNtg8xFC9uVHs2v6P+rVoBfERWqd9mK11LwCAb2 1lXKt4KIHN7oYZwoWfLjV91Y/oz4eQQ= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1719361019; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=zdU+rDDqlIgpLxiqowKiFIoMTlc4uejP8unMxUUC8sQ=; b=MJQlV1uOLqsQzY3yYivgFI7hTzAExswAQXwtyJHqgAx1Z9uQuEP3ENcBOhASHVAT7ptYW8 I61LGK1/5evVZdNJWZuxfaR0aH291DssjW+q8uY8HQo+D3vZr1OlgqD1obnm5eOGCxbUCH kQrvsNS76t1p30ses67FohR/uaZ5fKY= Received: from mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-583-MBZNVlmGOCyCMcXoEicPAQ-1; Tue, 25 Jun 2024 20:16:55 -0400 X-MC-Unique: MBZNVlmGOCyCMcXoEicPAQ-1 Received: from mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.15]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 30284195609E; Wed, 26 Jun 2024 00:16:54 +0000 (UTC) Received: from llong.com (unknown [10.22.10.23]) by mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 7F3C71956087; Wed, 26 Jun 2024 00:16:52 +0000 (UTC) From: Waiman Long To: Andrew Morton , Charan Teja Kalla Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org, Waiman Long Subject: [PATCH] mm: Prevent derefencing NULL ptr in pfn_section_valid() Date: Tue, 25 Jun 2024 20:16:39 -0400 Message-Id: <20240626001639.1350646-1-longman@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.0 on 10.30.177.15 X-Rspamd-Server: rspam03 X-Rspam-User: X-Rspamd-Queue-Id: CFF351C000D X-Stat-Signature: 53ydoifs7wyxkxqob3sqwmkmhycp3xqk X-HE-Tag: 1719361019-900090 X-HE-Meta: U2FsdGVkX19wGhbXx5bDUIRyfVpS5ctNOs84LNUbOu+72hp/Fmgn4cf4wAw2TfRraOpdOyIwjbrMs5JS4vkZBhJ2kvX4NzGMdPxHtgemhFUIF9vUf6I/Q8WH/zDNgBf3hThcT59y7kNtnryiLlY5zA9IPf294DIOw/ZJpgzmgyQUfzG6dOnNjOJA8I4fCNmMjlcSH06KG3xWLF2ONKriJ8Ye2Wac94GyyZcM1qjiwymWrGrENmHXhg6dh9Lp0KFvgjpGhevFjEZIDeZMPbJM5cBJ5NoGGPT6I7erGgjAXi7yWSXjjtnb9xuq8wj0nO/ee5yvWRvvgElHnaeT4Mt9yLjKkxMQ0UDWds7mgpYkObofEO5cSlZ6YIPTGuNoRr1NMbV86uLi+lTorcUzpjIopxwhLRj3dvXWY9htfH8b5DPQitmQW0aVnB2r5lvEWoSTjLXwYqTUCwEmA/2Z4R7xTMJB9BHB47DH+MUVSRrflisifXJjPkQ3xYrFffeAzN62w4p1Vpx4uRONMUh9QD/Lk9KHzvAFrYZOuNKuMOp6p6KJQJXhzxMxSczPhnb1t+v7+9/6D+fswWRRJuOJnkVYPnNV0OKfpMb7Q48j/YwyrPriZEXRd1h8smFy95pp9N15pqV5UaQmILDhYUTd3pMqdpDM3/Vrof0wa6LD/jrD3CpND8pYYak0jiHslGE0OzlOYwO3MNVpQDBzO5OlGOoK5ZohYlW7pNUSxsFK3PG/kE3syNbbHen6FUCFrKog9PK+tUG1cGog/5k0h9RE/IUWF7QH6xobCrKkbE5moMeElUW10EamDFhCZJfjGEcBt+6jYaDcTLSc4nVE8XhKWO5X/0IkOr87TRq7h1MP6opSAd7pQRw98nkZIHSX2e9hvb+B6pMtgr8kSCrEG5mJzTtSttajbsI2YMx94W8H0o/XMiZjVab5mwRbQjiJ1WAXQ1InMW876el/nHfmin7x5Bi Ar4MXpQR h8ML5d40QaRzy8lxMcxdqKQCgik4LVSVAkvCTZP7JfCMaNxusu8JuZ2euST7NRK5wruPttIl99b6VPm1N+AuB96jcC/W2Z8+905OMEtRx1a4XPiuRKI7tjaMO1DPcD2UVNn8ubduCpWL7WagT8ugx/TmSXJNEaikBeO74J6dtNZnmjv++rhN0HgoMn1DKENfvU4j5RHnEU+2RI91NjdNK99UHhOGYBlJEWUrplz5jHQgmA0fZLSzuQFf+mKAjyzrrZ0pwf+gxy8XZ9XJUcAjV5HKgqC6ZBHxaY5VX/diRD2ukQquvgyjBTrNnmA0dEtihFlU399Q1d9PJF1HqLERCL34+gQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Commit 5ec8e8ea8b77 ("mm/sparsemem: fix race in accessing memory_section->usage") changed pfn_section_valid() to add a READ_ONCE() call around "ms->usage" to fix a race with section_deactivate() where ms->usage can be cleared. The READ_ONCE() call, by itself, is not enough to prevent NULL pointer dereference. We need to check its value before dereferencing it. Fixes: 5ec8e8ea8b77 ("mm/sparsemem: fix race in accessing memory_section->usage") Signed-off-by: Waiman Long --- include/linux/mmzone.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/linux/mmzone.h b/include/linux/mmzone.h index 8f9c9590a42c..b1dcf6ddb406 100644 --- a/include/linux/mmzone.h +++ b/include/linux/mmzone.h @@ -1980,8 +1980,9 @@ static inline int subsection_map_index(unsigned long pfn) static inline int pfn_section_valid(struct mem_section *ms, unsigned long pfn) { int idx = subsection_map_index(pfn); + struct mem_section_usage *usage = READ_ONCE(ms->usage); - return test_bit(idx, READ_ONCE(ms->usage)->subsection_map); + return usage ? test_bit(idx, usage->subsection_map) : 0; } #else static inline int pfn_section_valid(struct mem_section *ms, unsigned long pfn)