This is a note to let you know that I've just added the patch titled
arm64: hugetlb: avoid potential NULL dereference
to the 4.9-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
arm64-hugetlb-avoid-potential-null-dereference.patch
and it can be found in the queue-4.9 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
commit 57097abe9f98cc9acf2d7a730974069608c165ca
Author: Mark Rutland <mark.rutland@xxxxxxx>
Date: Tue May 5 13:59:30 2020 +0100
arm64: hugetlb: avoid potential NULL dereference
[ Upstream commit 027d0c7101f50cf03aeea9eebf484afd4920c8d3 ]
The static analyzer in GCC 10 spotted that in huge_pte_alloc() we may
pass a NULL pmdp into pte_alloc_map() when pmd_alloc() returns NULL:
| CC arch/arm64/mm/pageattr.o
| CC arch/arm64/mm/hugetlbpage.o
| from arch/arm64/mm/hugetlbpage.c:10:
| arch/arm64/mm/hugetlbpage.c: In function â??huge_pte_allocâ??:
| ./arch/arm64/include/asm/pgtable-types.h:28:24: warning: dereference of NULL â??pmdpâ?? [CWE-690] [-Wanalyzer-null-dereference]
| ./arch/arm64/include/asm/pgtable.h:436:26: note: in expansion of macro â??pmd_valâ??
| arch/arm64/mm/hugetlbpage.c:242:10: note: in expansion of macro â??pte_alloc_mapâ??
| |arch/arm64/mm/hugetlbpage.c:232:10:
| |./arch/arm64/include/asm/pgtable-types.h:28:24:
| ./arch/arm64/include/asm/pgtable.h:436:26: note: in expansion of macro â??pmd_valâ??
| arch/arm64/mm/hugetlbpage.c:242:10: note: in expansion of macro â??pte_alloc_mapâ??
This can only occur when the kernel cannot allocate a page, and so is
unlikely to happen in practice before other systems start failing.
We can avoid this by bailing out if pmd_alloc() fails, as we do earlier
in the function if pud_alloc() fails.
Fixes: 66b3923a1a0f ("arm64: hugetlb: add support for PTE contiguous bit")
Signed-off-by: Mark Rutland <mark.rutland@xxxxxxx>
Reported-by: Kyrill Tkachov <kyrylo.tkachov@xxxxxxx>
Cc: <stable@xxxxxxxxxxxxxxx> # 4.5.x-
Cc: Will Deacon <will@xxxxxxxxxx>
Signed-off-by: Catalin Marinas <catalin.marinas@xxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
diff --git a/arch/arm64/mm/hugetlbpage.c b/arch/arm64/mm/hugetlbpage.c
index 45bec627bae3e..848d13d9a553e 100644
--- a/arch/arm64/mm/hugetlbpage.c
+++ b/arch/arm64/mm/hugetlbpage.c
@@ -103,6 +103,8 @@ pte_t *huge_pte_alloc(struct mm_struct *mm,
pte = (pte_t *)pud;
} else if (sz == (PAGE_SIZE * CONT_PTES)) {
pmd_t *pmd = pmd_alloc(mm, pud, addr);
+ if (!pmdp)
+ return NULL;
WARN_ON(addr & (sz - 1));
/*
