[Patch V2] proc: check error pointer returned by m_start()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

From: WANG Cong <xiyou.wangcong@xxxxxxxxx>

V2: move the check into m_stop() as suggested by Linus,
also, most ->show() implementations assume the second parameter 'v'
is not NULL, this fixes them too.

Anca reported a bug:

[15117.080119] BUG: unable to handle kernel paging request at fffffffffffffff3
[15117.080152] IP: [<ffffffff811b4989>] vma_stop+0x19/0x40

Linus did the initial analysis, and found this was caused
by commit ec6fd8a4355c ("report errors in /proc/*/*map*
sanely"), which replaces NULL with various ERR_PTR() cases.

This is true, that commit changed the return value of m_start(),
which will return an error pointer on failure, but Al forgot
to check the error pointer in m_stop() which will be called
when m_start() fails. This patches fixes it.

Reported-by: Anca Emanuel <anca.emanuel@xxxxxxxxx>
Tested-by: Anca Emanuel <anca.emanuel@xxxxxxxxx>
Cc: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
Cc: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
Signed-off-by: WANG Cong <amwang@xxxxxxxxxx>
Signed-off-by: WANG Cong <xiyou.wangcong@xxxxxxxxx>

---

diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c
index 7c708a4..8e59169 100644
--- a/fs/proc/task_mmu.c
+++ b/fs/proc/task_mmu.c
@@ -124,8 +124,10 @@ static void *m_start(struct seq_file *m, loff_t *pos)
 		return ERR_PTR(-ESRCH);
 
 	mm = mm_for_maps(priv->task);
-	if (!mm || IS_ERR(mm))
+	if (IS_ERR_OR_NULL(mm)) {
+		put_task_struct(priv->task);
 		return mm;
+	}
 	down_read(&mm->mmap_sem);
 
 	tail_vma = get_gate_vma(priv->task->mm);
@@ -182,6 +184,8 @@ static void m_stop(struct seq_file *m, void *v)
 	struct proc_maps_private *priv = m->private;
 	struct vm_area_struct *vma = v;
 
+	if (IS_ERR_OR_NULL(v))
+		return;
 	vma_stop(priv, vma);
 	if (priv->task)
 		put_task_struct(priv->task);
diff --git a/fs/seq_file.c b/fs/seq_file.c
index 05d6b0e..e17d5e6 100644
--- a/fs/seq_file.c
+++ b/fs/seq_file.c
@@ -83,7 +83,7 @@ static int traverse(struct seq_file *m, loff_t offset)
 	p = m->op->start(m, &index);
 	while (p) {
 		error = PTR_ERR(p);
-		if (IS_ERR(p))
+		if (IS_ERR_OR_NULL(p))
 			break;
 		error = m->op->show(m, p);
 		if (error < 0)
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]
  Powered by Linux