Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp4636497ybb; Tue, 7 Apr 2020 11:20:11 -0700 (PDT) X-Google-Smtp-Source: APiQypI1LlaFt8oUhQp5PA+fdB9ltRIrspMftyMato1/xyFu+JAmSVAvssm8LF4BTcDOY09PdT23 X-Received: by 2002:a9d:6354:: with SMTP id y20mr2690627otk.171.1586283611390; Tue, 07 Apr 2020 11:20:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1586283611; cv=none; d=google.com; s=arc-20160816; b=Pj1iPaMEgmLmVktpxxzxrF7edvOOtdUZJJZvdewd5nkGTE5loDzuUPWvI6mQr/ToTb kcO+ZTfExCGnRPGAnQIBPNbIRlaZbA60RsT8o83NO+updJcdhDsB9GQAfJYZBZihCJSA CjED3E35SAACArXychOuzlkvMLvPxddOieRCALgxxEDIgLjJKK9ZqZ6+TpF1zl5Mn0UF b8rR/gHPjmPai2LEyk1PCsIDkX/9NgYRe7eslsKsbBqB72n0pLJNANVJkOIE7r3WwFjg rzEYdpSX2kK0o6FqbD2yM+atFvA+s2hCSlg7sg+If2jT/iEq16vKcaU4DkaPgNvLaxuO jxpA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:ironport-sdr:ironport-sdr; bh=qrhjDHztQSXLQU2xJuCQVizLICxx7Jp0vrMDNjprkXs=; b=Ars4uU2q4kjz4+/goG7WXYyhoiI4ey9gT6pFgJ+FzRNnD80khURS4zBCZ/g+gi3BqK Dyhk8x9xpFb6OZJUr2d1QZiAWFNVhVjm51kS1it8ss8bgzTmO6dVdFBpSgZy7BwjNNXb OXSUol4eZNruo9qBbHJq71CPbkPWPXcxRPIQHuYU9Xo5dDIYVmDiDArb8p1MUQcmIXHn EE1OydlPY9FAw2hfRjw7peDc+ShyMDNRFCA/tI2rmb2+cQutTzi3aCUEmnBYQKkNWocp 0dLpL20W8m0TH74t54CMcmbnN5KCugQcxiecJVWf6jTgLNo74rXCQFngrdj8qRd3e4Yc YMcQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w28si1620185oth.317.2020.04.07.11.19.57; Tue, 07 Apr 2020 11:20:11 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726386AbgDGSTK (ORCPT + 99 others); Tue, 7 Apr 2020 14:19:10 -0400 Received: from mga01.intel.com ([192.55.52.88]:52939 "EHLO mga01.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726420AbgDGSTJ (ORCPT ); Tue, 7 Apr 2020 14:19:09 -0400 IronPort-SDR: CBgkUhMsTzaB2+QZBsUBwD0XqM42ZvThBvRoWxen6rQqLwRQVxPrkxXhYbXCO0TseomAXWX3t7 5b68GO3DoHgw== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Apr 2020 11:19:08 -0700 IronPort-SDR: hrIdburDaMCzTAQyPcSF6hxKn0vdzYIyj0JgJyyQtUugCGrjCw8SK7PRdi+nBnpzQcRmt5bpho ZdVHFyZ+P7BA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.72,356,1580803200"; d="scan'208";a="451317416" Received: from iweiny-desk2.sc.intel.com ([10.3.52.147]) by fmsmga005.fm.intel.com with ESMTP; 07 Apr 2020 11:19:08 -0700 Date: Tue, 7 Apr 2020 11:19:08 -0700 From: Ira Weiny To: Miles Chen Cc: Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, linux-mediatek@lists.infradead.org, wsd_upstream@mediatek.com Subject: Re: [PATCH] mm/gup: fix null pointer dereference detected by coverity Message-ID: <20200407181908.GB94792@iweiny-DESK2.sc.intel.com> References: <20200407095107.1988-1-miles.chen@mediatek.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200407095107.1988-1-miles.chen@mediatek.com> User-Agent: Mutt/1.11.1 (2018-12-01) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Apr 07, 2020 at 05:51:07PM +0800, Miles Chen wrote: > In fixup_user_fault(), it is possible that unlocked is NULL, > so we should test unlocked before using it. > > For example, in arch/arc/kernel/process.c, NULL is passed > to fixup_user_fault(). > > SYSCALL_DEFINE3(arc_usr_cmpxchg, int *, uaddr, int, expected, int, new) > { > ... > ret = fixup_user_fault(current, current->mm, (unsigned long) uaddr, > FAULT_FLAG_WRITE, NULL); > ... > } > > Fixes: 4a9e1cda2748 ("mm: bring in additional flag for fixup_user_fault to signal unlock") > Signed-off-by: Miles Chen Reviewed-by: Ira Weiny > --- > mm/gup.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/mm/gup.c b/mm/gup.c > index da3e03185144..a68d11dc232d 100644 > --- a/mm/gup.c > +++ b/mm/gup.c > @@ -1230,7 +1230,8 @@ int fixup_user_fault(struct task_struct *tsk, struct mm_struct *mm, > if (ret & VM_FAULT_RETRY) { > down_read(&mm->mmap_sem); > if (!(fault_flags & FAULT_FLAG_TRIED)) { > - *unlocked = true; > + if (unlocked) > + *unlocked = true; > fault_flags |= FAULT_FLAG_TRIED; > goto retry; > } > -- > 2.18.0