Hello Liam R. Howlett,
Commit 131e4ef350fa ("mm: change failure of MAP_FIXED to restoring
the gap on failure") from Aug 22, 2024 (linux-next), leads to the
following Smatch static checker warning:
mm/vma.h:240 vms_abort_munmap_vmas()
error: NULL dereference inside function
mm/vma.h
226 static inline void vms_abort_munmap_vmas(struct vma_munmap_struct *vms,
227 struct ma_state *mas_detach)
228 {
229 if (!vms->nr_pages)
230 return;
231
232 if (vms->clear_ptes)
233 return reattach_vmas(mas_detach);
234
235 /*
236 * Aborting cannot just call the vm_ops open() because they are often
237 * not symmetrical and state data has been lost. Resort to the old
238 * failure method of leaving a gap where the MAP_FIXED mapping failed.
239 */
--> 240 if (unlikely(vma_iter_store_gfp(vms->vmi, NULL, GFP_KERNEL))) {
^^^^
Passing a NULL "vma" pointer will lead to a crash.
241 pr_warn_once("%s: (%d) Unable to abort munmap() operation\n",
242 current->comm, current->pid);
243 /* Leaving vmas detached and in-tree may hamper recovery */
244 reattach_vmas(mas_detach);
245 } else {
246 /* Clean up the insertion of unfortunate the gap */
247 vms_complete_munmap_vmas(vms, mas_detach);
248 }
249 }
regards,
dan carpenter
