Thanks for the updates! Best wishes, -- Ning Qu (曲宁) | Software Engineer | quning@xxxxxxxxxx | +1-408-418-6066 On Mon, Mar 3, 2014 at 3:07 AM, Kirill A. Shutemov <kirill.shutemov@xxxxxxxxxxxxxxx> wrote: > Ning Qu wrote: >> Btw, should we first check if page returned by radix_tree_deref_slot is NULL? > > Yes, we should. I don't know how I missed that. :( > > The patch below should address both issues. > > From dca24c9a1f31ee1599fe81e9a60d4f87a4eaf0ea Mon Sep 17 00:00:00 2001 > From: "Kirill A. Shutemov" <kirill.shutemov@xxxxxxxxxxxxxxx> > Date: Mon, 3 Mar 2014 12:07:03 +0200 > Subject: [PATCH] mm: filemap_map_pages() avoid dereference NULL/exception > slots > > radix_tree_deref_slot() can return NULL: add missed check. > > Do no dereference 'page': we can get there as result of > radix_tree_exception(page) check. > > Reported-by: Hugh Dickins <hughd@xxxxxxxxxx> > Reported-by: Ning Qu <quning@xxxxxxxxxx> > Signed-off-by: Kirill A. Shutemov <kirill.shutemov@xxxxxxxxxxxxxxx> > --- > mm/filemap.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/mm/filemap.c b/mm/filemap.c > index 5f4fe7f0c258..e48624634927 100644 > --- a/mm/filemap.c > +++ b/mm/filemap.c > @@ -1745,6 +1745,8 @@ void filemap_map_pages(struct vm_area_struct *vma, struct vm_fault *vmf) > break; > repeat: > page = radix_tree_deref_slot(slot); > + if (unlikely(!page)) > + goto next; > if (radix_tree_exception(page)) { > if (radix_tree_deref_retry(page)) > break; > @@ -1790,7 +1792,7 @@ unlock: > skip: > page_cache_release(page); > next: > - if (page->index == vmf->max_pgoff) > + if (iter.index == vmf->max_pgoff) > break; > } > rcu_read_unlock(); > -- > Kirill A. Shutemov > > -- > To unsubscribe, send a message with 'unsubscribe linux-mm' in > the body to majordomo@xxxxxxxxx. For more info on Linux MM, > see: http://www.linux-mm.org/ . > Don't email: <a href=mailto:"dont@xxxxxxxxx"> email@xxxxxxxxx </a> -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href