On Fri, Apr 04, 2014 at 03:03:45PM -0700, Andrew Morton wrote:
> On Fri, 04 Apr 2014 14:43:33 -0400 Naoya Horiguchi <n-horiguchi@xxxxxxxxxxxxx> wrote:
>
> > huge_pte_offset() could return NULL, so we need NULL check to avoid
> > potential NULL pointer dereferences.
> >
> > --- a/mm/hugetlb.c
> > +++ b/mm/hugetlb.c
> > @@ -2662,7 +2662,8 @@ static int hugetlb_cow(struct mm_struct *mm, struct vm_area_struct *vma,
> > BUG_ON(huge_pte_none(pte));
> > spin_lock(ptl);
> > ptep = huge_pte_offset(mm, address & huge_page_mask(h));
> > - if (likely(pte_same(huge_ptep_get(ptep), pte)))
> > + if (likely(ptep &&
> > + pte_same(huge_ptep_get(ptep), pte)))
> > goto retry_avoidcopy;
> > /*
> > * race occurs while re-acquiring page table
> > @@ -2706,7 +2707,7 @@ static int hugetlb_cow(struct mm_struct *mm, struct vm_area_struct *vma,
> > */
> > spin_lock(ptl);
> > ptep = huge_pte_offset(mm, address & huge_page_mask(h));
> > - if (likely(pte_same(huge_ptep_get(ptep), pte))) {
> > + if (likely(ptep && pte_same(huge_ptep_get(ptep), pte))) {
> > ClearPagePrivate(new_page);
> >
> > /* Break COW */
>
> Has anyone been hitting oopses here or was this from code inspection?
It's from code inspection. This is why I didn't CCed stable.
Naoya
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@xxxxxxxxx. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>