On Fri, Apr 04, 2014 at 03:03:45PM -0700, Andrew Morton wrote: > On Fri, 04 Apr 2014 14:43:33 -0400 Naoya Horiguchi <n-horiguchi@xxxxxxxxxxxxx> wrote: > > > huge_pte_offset() could return NULL, so we need NULL check to avoid > > potential NULL pointer dereferences. > > > > --- a/mm/hugetlb.c > > +++ b/mm/hugetlb.c > > @@ -2662,7 +2662,8 @@ static int hugetlb_cow(struct mm_struct *mm, struct vm_area_struct *vma, > > BUG_ON(huge_pte_none(pte)); > > spin_lock(ptl); > > ptep = huge_pte_offset(mm, address & huge_page_mask(h)); > > - if (likely(pte_same(huge_ptep_get(ptep), pte))) > > + if (likely(ptep && > > + pte_same(huge_ptep_get(ptep), pte))) > > goto retry_avoidcopy; > > /* > > * race occurs while re-acquiring page table > > @@ -2706,7 +2707,7 @@ static int hugetlb_cow(struct mm_struct *mm, struct vm_area_struct *vma, > > */ > > spin_lock(ptl); > > ptep = huge_pte_offset(mm, address & huge_page_mask(h)); > > - if (likely(pte_same(huge_ptep_get(ptep), pte))) { > > + if (likely(ptep && pte_same(huge_ptep_get(ptep), pte))) { > > ClearPagePrivate(new_page); > > > > /* Break COW */ > > Has anyone been hitting oopses here or was this from code inspection? It's from code inspection. This is why I didn't CCed stable. Naoya -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx"> email@xxxxxxxxx </a>