On Wed, Aug 31, 2016 at 12:36:26PM -0400, Robert Foss wrote: > On 2016-08-31 05:45 AM, Jacek Anaszewski wrote: > > > +static void *m_totmaps_start(struct seq_file *p, loff_t *pos) > > > +{ > > > + return NULL + (*pos == 0); > > > +} > > > + > > > +static void *m_totmaps_next(struct seq_file *p, void *v, loff_t *pos) > > > +{ > > > + ++*pos; > > > + return NULL; > > > +} > > > + > > > > When reading totmaps of kernel processes the following NULL pointer > > dereference occurs: > > > > Unable to handle kernel NULL pointer dereference at virtual address > > 00000044 > > [<c06c01f4>] (down_read) from [<c022a154>] (totmaps_proc_show+0x2c/0x1e8) > > [<c022a154>] (totmaps_proc_show) from [<c01fe564>] (seq_read+0x1c8/0x4b8) > > [<c01fe564>] (seq_read) from [<c01dc850>] (__vfs_read+0x2c/0x110) > > [<c01dc850>] (__vfs_read) from [<c01ddca0>] (vfs_read+0x8c/0x110) > > [<c01ddca0>] (vfs_read) from [<c01ddd64>] (SyS_read+0x40/0x8c) > > [<c01ddd64>] (SyS_read) from [<c0107900>] (ret_fast_syscall+0x0/0x3c) > > > > It seems that some protection is needed for such processes, so that > > totmaps would return empty string then, like in case of smaps. > > > > Thanks for the testing Jacek! > > I had a look around the corresponding smaps code, but I'm not seeing any > checks, do you know where that check actually is made? > See m_start in f/sproc/task_mmu.c. It not only check for non-null mm, but also tries to bump ->mm_users and only then proceeds to walk the mm. -- Mateusz Guzik -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html