* Dan Carpenter <dan.carpenter@xxxxxxxxxx> [240827 06:22]:
> Hello Liam R. Howlett,
>
> Commit 131e4ef350fa ("mm: change failure of MAP_FIXED to restoring
> the gap on failure") from Aug 22, 2024 (linux-next), leads to the
> following Smatch static checker warning:
>
> mm/vma.h:240 vms_abort_munmap_vmas()
> error: NULL dereference inside function
>
> mm/vma.h
> 226 static inline void vms_abort_munmap_vmas(struct vma_munmap_struct *vms,
> 227 struct ma_state *mas_detach)
> 228 {
> 229 if (!vms->nr_pages)
> 230 return;
> 231
> 232 if (vms->clear_ptes)
> 233 return reattach_vmas(mas_detach);
> 234
> 235 /*
> 236 * Aborting cannot just call the vm_ops open() because they are often
> 237 * not symmetrical and state data has been lost. Resort to the old
> 238 * failure method of leaving a gap where the MAP_FIXED mapping failed.
> 239 */
> --> 240 if (unlikely(vma_iter_store_gfp(vms->vmi, NULL, GFP_KERNEL))) {
> ^^^^
> Passing a NULL "vma" pointer will lead to a crash.
Ah, yes it will.
I need to use vma_iter_clear(vms->vmi);
Thanks,
Liam
