Received: by 2002:a25:1985:0:0:0:0:0 with SMTP id 127csp603582ybz; Wed, 15 Apr 2020 14:59:18 -0700 (PDT) X-Google-Smtp-Source: APiQypKZE22+AlkN4AYUG9E4oF9Ac+jLCP9lYN6jJdunbaBzktQLSVCWxo9XRjHRuWsAUgnigYP0 X-Received: by 2002:a17:906:1ecd:: with SMTP id m13mr6992143ejj.277.1586987957922; Wed, 15 Apr 2020 14:59:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1586987957; cv=none; d=google.com; s=arc-20160816; b=bf96Ok874SDdVIBxnYtUmoE0cn9Pt7w1mJLnaIBtBIX5MzizpTCWeGD5MUd+75QGd1 R8OIQhOgg1BEmzhUzf7gHb5CQ4ru4bG+RHDE7bNPuOmC9f8gMYbgDIvxAmiFvtMRlEHc F5k8GbusLFVr6zUzSR+yLWS7I1s5Dn0LDSG0muIbt30prOK0zIBvZy2OR5QjhyHAdBb0 n41DVlRF0kXT59v/3oko6BoRvbn49gd80xFcp7MZG06DK+cuOJVKzwnbc1KcC/w0N0wj ojn7E6MzaLFUu766DrA+DqJFx/8rnmWAAoX97n/dz1G8n8RDb2dbLLUn3FPyTghEfSnQ YDyA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:subject:cc:to:from:date :dkim-signature; bh=577bKBtAPmuaRDLUX0xPuOinZGchv3Z6lsFuPl1hBWI=; b=pNfxz6ocwBf4/Qau2/HFfo3rpMcBzTU63mO4nQs3wspEFy7ihOoWsDdVB5P9OkKGMN sOolpQa5C/LcAKt522nPelR2XR7iZIWQHPXX/Tyk4E+VKUMuQTjV86XuaiMLQlFkZpiu n3o3pPB/deI70fuvz7h5Ue8A6U1Y2LAY1JhKTA+qiSLQ/TYwLiKOSZkAxw2qRnA2fQG+ I/bFdN8CV+2MNkuQcWDsZauUk5Xc/5KenzYvnRNhegA9+m0vZYL6Rw0kvTzKaYu2qv5q WL3kid6/sKKxb/CIoTjmpoCPek7zJGeARQNkrb4VmIoZxcTCHOYMJJP/5aucPTmpi6ct g53w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=2mGwezel; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id p16si6405620eja.354.2020.04.15.14.58.54; Wed, 15 Apr 2020 14:59:17 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=2mGwezel; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731583AbgDOAIb (ORCPT + 99 others); Tue, 14 Apr 2020 20:08:31 -0400 Received: from mail.kernel.org ([198.145.29.99]:35608 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2392264AbgDOAI2 (ORCPT ); Tue, 14 Apr 2020 20:08:28 -0400 Received: from localhost.localdomain (c-73-231-172-41.hsd1.ca.comcast.net [73.231.172.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 949782076B; Wed, 15 Apr 2020 00:08:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1586909307; bh=cdX73dCi301I9IaDllfT9erksCJfp1wTJ5tC0x+WiuA=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=2mGwezel0ZXkJr4sx2a0wDhInI7pjl5enz3UaaoGYhfXZ/wUoVmUbTrcMwRxXw1jv fPXjR/bmvr/56sm7nrV2qyYWd7Npe3LuzHY44neC3rTOdwDK4OxAcn95d5EC4SoJl7 /Nu4RdF2mi2gnU/YXKDoSs10B1MsP9DDHzpxvpbw= Date: Tue, 14 Apr 2020 17:08:27 -0700 From: Andrew Morton To: Miles Chen Cc: , , , , Peter Xu Subject: Re: [PATCH] mm/gup: fix null pointer dereference detected by coverity Message-Id: <20200414170827.d32fc1fc12a33b140b740b94@linux-foundation.org> In-Reply-To: <20200407095107.1988-1-miles.chen@mediatek.com> References: <20200407095107.1988-1-miles.chen@mediatek.com> X-Mailer: Sylpheed 3.5.1 (GTK+ 2.24.31; x86_64-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 7 Apr 2020 17:51:07 +0800 Miles Chen wrote: > In fixup_user_fault(), it is possible that unlocked is NULL, > so we should test unlocked before using it. > > For example, in arch/arc/kernel/process.c, NULL is passed > to fixup_user_fault(). > > SYSCALL_DEFINE3(arc_usr_cmpxchg, int *, uaddr, int, expected, int, new) > { > ... > ret = fixup_user_fault(current, current->mm, (unsigned long) uaddr, > FAULT_FLAG_WRITE, NULL); > ... > } (cc Peter) > --- a/mm/gup.c > +++ b/mm/gup.c > @@ -1230,7 +1230,8 @@ int fixup_user_fault(struct task_struct *tsk, struct mm_struct *mm, > if (ret & VM_FAULT_RETRY) { > down_read(&mm->mmap_sem); > if (!(fault_flags & FAULT_FLAG_TRIED)) { > - *unlocked = true; > + if (unlocked) > + *unlocked = true; > fault_flags |= FAULT_FLAG_TRIED; > goto retry; > } Not sure. If the caller passes FAULT_FLAG_ALLOW_RETRY then they must also pass in a valid non-NULL `unlocked'. If the caller passed FAULT_FLAG_ALLOW_RETRY and unlocked==NULL then the resulting oops is an appropriate way of reporting this mistake. I think?