On Tue, Jan 28, 2025 at 02:22:52AM -0500, sooraj wrote:
> Problem:
> The __vmalloc_user_flags() function attempts to acquire mmap_lock
> via current->mm without checking if the mm context exists. This causes
> a NULL pointer dereference when called from kernel threads (where
> current->mm == NULL), such as during filesystem operations.
I'm having a hard time thinking of a case where this could happen.
Could you provide a backtrace showing an example?
> Fix:
> Add a NULL check for current->mm before attempting mmap_lock operations.
> Kernel threads don't have user memory mappings, so VM_USERMAP flag
> setting can be safely skipped in this context.
>
> Signed-off-by: sooraj <sooraj20636@xxxxxxxxx>
Do you sign cheques as 'sooraj'? You need to use your real, legal name.
> + struct mm_struct *mm = current->mm;
> +
> + if(!mm){
> + goto out;
> + }
All kinds of whitespace problems here. It should be:
if (!mm)
goto out;
> mmap_write_lock(current->mm);
> vma = find_vma(current->mm, (unsigned long)ret);
And since you've gone to the trouble of loading current->mm into
a local variable, you should use it throughout the function.
> @@ -160,6 +165,7 @@ static void *__vmalloc_user_flags(unsigned long size, gfp_t flags)
> mmap_write_unlock(current->mm);
> }
>
> + out:
and this should not be indented.
> return ret;
