[PATCH] hugetlbfs: use i_mmap_rwsem for more pmd sharing

From: Mike Kravetz
Date: Fri Dec 21 2018 - 18:55:57 EST

Next message: Stephen Rothwell: "linux-next: manual merge of the iommu tree with the powerpc tree"
Previous message: Fengguang Wu: "[PATCH 076/166] mempolicy: force NUMA balancing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The earlier check implies that "mapping" may be a null pointer:

var_compare_op: Comparing mapping to null implies that mapping might be
null.

1008 if (!(flags & MF_MUST_KILL) && !PageDirty(hpage) && mapping &&
1009 mapping_cap_writeback_dirty(mapping)) {

..however later "mapper" is dereferenced when it may be potentially null:

1034 /*
1035 * For hugetlb pages, try_to_unmap could potentially
call
1036 * huge_pmd_unshare. Because of this, take semaphore in
1037 * write mode here and set TTU_RMAP_LOCKED to
indicate we
1038 * have taken the lock at this higer level.
1039 */
CID 1476097 (#1 of 1): Dereference after null check (FORWARD_NULL)

var_deref_model: Passing null pointer mapping to
i_mmap_lock_write, which dereferences it.

1040 i_mmap_lock_write(mapping);
1041 unmap_success = try_to_unmap(hpage,
ttu|TTU_RMAP_LOCKED);
1042 i_mmap_unlock_write(mapping);

Colin

Next message: Stephen Rothwell: "linux-next: manual merge of the iommu tree with the powerpc tree"
Previous message: Fengguang Wu: "[PATCH 076/166] mempolicy: force NUMA balancing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]