Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp8844199ybi; Tue, 23 Jul 2019 16:33:27 -0700 (PDT) X-Google-Smtp-Source: APXvYqx+ayakwqM77nMALXT0Ru5wOlQ4ImZNJK1zX8Y0fEbVN96xbzRO/1lVIu4N5JToQlyNEsFa X-Received: by 2002:a65:4304:: with SMTP id j4mr80231347pgq.419.1563924807607; Tue, 23 Jul 2019 16:33:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1563924807; cv=none; d=google.com; s=arc-20160816; b=DLoT3BHxMjPngOiyKu5RF4hzgS1baUn75e7QSDDpClva/uxVufwfBXUo+Z/6paLL/N 4gm5RpLUKtYk36EKkradYxnpAL4l2G2OVTqpSpFpKYomDIiVjSa33EWPwgCnSPL5rDQn tbXW39ot8fVHfMEaYSx5yQ1UbvS34IYRX3exXR6elfKpu7a+1kD0TuK5lOECIi34aWEH DC9yZUbvVo//fVC7DJCvS6zqAWfZ1Zed1ahsoHp6JjmSjZz0ns9SnjdWQy5LuJJkyJzR K+sIZE9+dtadCS2Pmoke2ni5bG6hPw50WJatGJWhBkOhA2x3f2gJRnVviH1PLi67nZjw X9DA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :dkim-signature; bh=Hgu5qjFhmazmMbubW4moD18H6id0kW8fsRyGvNDOd1g=; b=XZmwWQpmwP6VSL+c4HdtpuF/lBVehq/7PtLTwxe/0ZUe2HmjPUoeknKoFpepZB7clP 7ztg5UmNMld7EzcFfk+QH0rowo7Bg/L00FJk6q+XzzJtd1D6FX+jZko5trAY9Q/fHYDl KncrBt4NeVzbKHCsy90XY9cl8IFGeh0BM5nPaeujRVmbxx1OE3N52XMWhK5JNmzCsOxh J7KqDEMhOlipqS4qEybJJ+cOD+XlHZxak8CCrMeSOpJtdIwH/t4JDwuO6JIDAadqsTKA Sm44WGXLKCgu+G9PMFKutAbt3BT0TZIwxyIKnLUPcOudgfFCfbkIfTm6JXov5OMAcw+U toLw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=GgQR+qcc; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d30si12519370pla.419.2019.07.23.16.33.11; Tue, 23 Jul 2019 16:33:27 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=GgQR+qcc; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2390206AbfGWN04 (ORCPT + 99 others); Tue, 23 Jul 2019 09:26:56 -0400 Received: from mail-pf1-f196.google.com ([209.85.210.196]:39090 "EHLO mail-pf1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730591AbfGWN04 (ORCPT ); Tue, 23 Jul 2019 09:26:56 -0400 Received: by mail-pf1-f196.google.com with SMTP id f17so15159163pfn.6 for ; Tue, 23 Jul 2019 06:26:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=Hgu5qjFhmazmMbubW4moD18H6id0kW8fsRyGvNDOd1g=; b=GgQR+qccw6P9XFNdlnoBLTB0RMc7OC4KTTPYp6WUMNZHeaIDaEZrhSnPMQgizoqiYp W3rOMjh23ll7qpXuP8n51Jpou4jE9RzZxKABOr0FhIyTs3ZNe7EhvaEohaA2wz/D6lrA RFh8YVNcpDv1WmeeYuF1arv3j+dEqvrfmWDwTlZz2MFtwUHfrrKSezOXTqUAvAKyq2NK 77PT0+x8eH/ci9wxLYZUCjjvinTatlXEZo/F2zU5YLk0Y4D9xEbVr2iwbmiUHofNUDm5 ZG+EjLOIF/bhFe9zJobQBdk0zfuOZLQUGiZDCiBbL7GX7xLQ/SAHdljSEddsZQgwNlcY lVtw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=Hgu5qjFhmazmMbubW4moD18H6id0kW8fsRyGvNDOd1g=; b=BJgmhqc3qTjvoqA/Huzl0TCsFLblz3Zb/GH8BeGoBTM3PuPgPUm7jceq6lSpvTxuIj mykZKCGDoZlnnXEU/Erzskh8fVg0DbJnKBxEJHVtIvU9uOLMHGXX2q220L9za53CkfGW iS/+UcY+fAEntwHltb1JGsSLtSLACgilldXb41Y6vXFJdesHU8XrDiYTZ94tQxElx33e aV2e0rJHVJavUOrx1mIyccv1lyqQqh6R7+WBfG19K3T0Guk+bbnTI7HYyvnxhPNWbLJ8 9zxnVdBJmJOLgKMIJbcNns2Js4W4M1HUd4vi64u8IiUHjMo0XEJi+oqgNBpQdVxbCDRe IwsA== X-Gm-Message-State: APjAAAUzfx/azpUUT95wyv11+oNHO3dRFpJmpPMlH6ifyGAkc9CP03aG B5C1UQcE/z3YhzM5HxXWGhZ7me21 X-Received: by 2002:a63:3d8f:: with SMTP id k137mr77400277pga.337.1563888415706; Tue, 23 Jul 2019 06:26:55 -0700 (PDT) Received: from oslab.tsinghua.edu.cn ([2402:f000:4:72:808::3ca]) by smtp.gmail.com with ESMTPSA id o14sm88152136pfh.153.2019.07.23.06.26.52 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 23 Jul 2019 06:26:55 -0700 (PDT) From: Jia-Ju Bai To: dave.hansen@linux.intel.com, luto@kernel.org, peterz@infradead.org, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, hpa@zytor.com Cc: x86@kernel.org, linux-kernel@vger.kernel.org, Jia-Ju Bai Subject: [PATCH] x86: Fix possible null-pointer dereferences in untrack_pfn() Date: Tue, 23 Jul 2019 21:26:48 +0800 Message-Id: <20190723132648.25853-1-baijiaju1990@gmail.com> X-Mailer: git-send-email 2.17.0 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org In untrack_pfn(), there is an if statement on line 1058 to check whether vma is NULL: if (vma && !(vma->vm_flags & VM_PAT)) When vma is NULL, vma is used on line 1064: if (follow_phys(vma, vma->vm_start, 0, &prot, &paddr)) and line 1069: size = vma->vm_end - vma->vm_start; Thus, possible null-pointer dereferences may occur. To fix these possible bugs, vma is checked on line 1063. These bugs are found by a static analysis tool STCheck written by us. Signed-off-by: Jia-Ju Bai --- arch/x86/mm/pat.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/mm/pat.c b/arch/x86/mm/pat.c index d9fbd4f69920..717456e7745e 100644 --- a/arch/x86/mm/pat.c +++ b/arch/x86/mm/pat.c @@ -1060,7 +1060,7 @@ void untrack_pfn(struct vm_area_struct *vma, unsigned long pfn, /* free the chunk starting from pfn or the whole chunk */ paddr = (resource_size_t)pfn << PAGE_SHIFT; - if (!paddr && !size) { + if (vma && !paddr && !size) { if (follow_phys(vma, vma->vm_start, 0, &prot, &paddr)) { WARN_ON_ONCE(1); return; -- 2.17.0