Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp4219549pxf;
        Tue, 16 Mar 2021 08:18:13 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJyZd2gFb9dNBmmDGhd25LfnhNmLVUY1caiA/ayVFJWVGLvrxJB4vQN+ecTTqmNKniaIO6+j
X-Received: by 2002:aa7:dc04:: with SMTP id b4mr36245508edu.221.1615907893715;
        Tue, 16 Mar 2021 08:18:13 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1615907893; cv=none;
        d=google.com; s=arc-20160816;
        b=0VqkqqKwzOHCRXQvgsImov/Fh0NaRjS5F0VU2EUqhPWq1/sukdqWHFrga4mIXlmsJi
         PASnX4R2790rkfrUTq8BEnZ9c0zh6PFMtQrzbwfScQpydWEe6eRT+br0KKXzk2LNzfbg
         zA/m10P0j4l69Dczmw94x/opE4jpKz2l4z8aaTkhGbrwHPWG5Lf0d7SOeCsD8s2UJk8w
         Rigy3SnT/tGF/jBO8Fwf3fDJxkBxIa/hwwvP1ssN+71Py4ksvRrXZFbOUA+W5YBlkOcn
         W89cqHrE5CrXR00A8ll3/9Bn9UOhbimjg4vLTxbjKLEjJPybBVSehPbeQFcvFdLY9/gH
         ApXA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from;
        bh=QjXo9lCkqsobm0Ghwdg6xPzaXIWlXKqequLlgrvTBqA=;
        b=E7MfKC7hcZxw1B/HhPcXd9hJYjxSTaQ3emleKMVOh37CZyRwfY47MwQelRx0Mzv1Gp
         wcxIYarZL0mxUvrmVD7SOu27QbC2ZB/Xfv2Ht2D0MMZ3+BJ0PXFLaPblxAIT4Z9pz4fR
         6Q49Q099pGhlIdeBGZjqXJ6zcku7/WSLVHZnUvXTrtNnCJ/uXDXIRv8vfYoxPYKTV1Rn
         QKqM7GEUKcuR7MwA64vte2nN9rRhBpO/xOrWzuCawaRIwJq/dSVtVyrFHoXPmKVGDn9H
         P6A8T354b2cMLD2JW57RmWVcdwcwEG0loVoCiEMAJdX4UugWd7UnrGUo6jp0aGlNKZ7X
         Dasg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=canonical.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id u19si14042943edo.583.2021.03.16.08.17.50;
        Tue, 16 Mar 2021 08:18:13 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=canonical.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S236228AbhCPKEo (ORCPT <rfc822;maagaton03@gmail.com> + 99 others);
        Tue, 16 Mar 2021 06:04:44 -0400
Received: from youngberry.canonical.com ([91.189.89.112]:40942 "EHLO
        youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S236203AbhCPKEk (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 16 Mar 2021 06:04:40 -0400
Received: from 1.general.cking.uk.vpn ([10.172.193.212] helo=localhost)
        by youngberry.canonical.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
        (Exim 4.86_2)
        (envelope-from <colin.king@canonical.com>)
        id 1lM6Yz-0005p6-G2; Tue, 16 Mar 2021 10:04:33 +0000
From:   Colin King <colin.king@canonical.com>
To:     Andrew Morton <akpm@linux-foundation.org>,
        Minchan Kim <minchan@kernel.org>,
        John Hubbard <jhubbard@nvidia.com>,
        Stephen Rothwell <sfr@canb.auug.org.au>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        linux-mm@kvack.org
Cc:     kernel-janitors@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH] mm: cma: Fix potential null dereference on pointer cma
Date:   Tue, 16 Mar 2021 10:04:33 +0000
Message-Id: <20210316100433.17665-1-colin.king@canonical.com>
X-Mailer: git-send-email 2.30.2
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Colin Ian King <colin.king@canonical.com>

At the start of the function there is a null pointer check on cma
and then branch to error handling label 'out'.  The subsequent call
to cma_sysfs_fail_pages_count dereferences cma, hence there is a
potential null pointer deference issue.  Fix this by only calling
cma_sysfs_fail_pages_count if cma is not null.

Addresses-Coverity: ("Dereference after null check")
Fixes: dc4764f7e9ac ("mm: cma: support sysfs")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
---
 mm/cma.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/mm/cma.c b/mm/cma.c
index 6d4dbafdb318..90e27458ddb7 100644
--- a/mm/cma.c
+++ b/mm/cma.c
@@ -512,7 +512,8 @@ struct page *cma_alloc(struct cma *cma, size_t count, unsigned int align,
 		cma_sysfs_alloc_pages_count(cma, count);
 	} else {
 		count_vm_event(CMA_ALLOC_FAIL);
-		cma_sysfs_fail_pages_count(cma, count);
+		if (cma)
+			cma_sysfs_fail_pages_count(cma, count);
 	}
 
 	return page;
-- 
2.30.2