在 2025/1/16 12:01, Andrew Morton 写道: > On Thu, 16 Jan 2025 10:50:05 +0800 Liu Ye wrote: > >> Add VM_WARN_ON to prevent 'adjust' from accessing NULL pointers >> when 'adjust' is NULL and 'expanded' is false or 'adj_start' is >> not zero. >> >> ... >> >> --- a/mm/vma.c >> +++ b/mm/vma.c >> @@ -641,6 +641,7 @@ static int commit_merge(struct vma_merge_struct *vmg, >> >> init_multi_vma_prep(&vp, vmg->vma, adjust, remove, remove2); >> >> + VM_WARN_ON(!adjust && (!expanded || adj_start)); >> VM_WARN_ON(vp.anon_vma && adjust && adjust->anon_vma && >> vp.anon_vma != adjust->anon_vma); >> > This won't prevent a null deref. It will emit a warning which > duplicates all the information which we're about to emit from the oops > handler. Yes, the accurate description should be that an oops warning message will be generated when the corresponding input parameter is illegal.  This helps to find the problem. > Are there any reports of an oops from a NULL deref of `adjust'? This issue is not from any report yet, but by cppcheck tool only. mm/vma.c:652:29: warning: Possible null pointer dereference: adjust [nullPointer]   vma_iter_config(vmg->vmi, adjust->vm_start + adj_start,                                                             ^ mm/vma.c:1072:24: note: Calling function 'commit_merge', 2nd argument 'NULL' value is 0  if (commit_merge(vmg, NULL, remove_next ? next : NULL, NULL, 0, true))                                                    ^ mm/vma.c:652:29: note: Null pointer dereference   vma_iter_config(vmg->vmi, adjust->vm_start + adj_start,                                                             ^ mm/vma.c:653:5: warning: Possible null pointer dereference: adjust [nullPointer]     adjust->vm_end);     ^ mm/vma.c:1072:24: note: Calling function 'commit_merge', 2nd argument 'NULL' value is 0  if (commit_merge(vmg, NULL, remove_next ? next : NULL, NULL, 0, true))                                                   ^ mm/vma.c:653:5: note: Null pointer dereference     adjust->vm_end);     ^ Before calling commit_merge, the correct relationship between adjust, adj_start, and expanded must be ensured, such as the functions vma_merge_existing_range and vma_expand. Therefore, VM_WARN_ON is added inside the function to detect incorrect relationships. Of course, commit_merge is not used anywhere else at present, so adding VM_WARN_ON is just a suggestion.