From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 78ABFC8303C for ; Mon, 7 Jul 2025 11:04:59 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id F40A96B020A; Mon, 7 Jul 2025 07:04:58 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id EC39D6B020C; Mon, 7 Jul 2025 07:04:58 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id DB2DF6B020D; Mon, 7 Jul 2025 07:04:58 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id C3ED46B020A for ; Mon, 7 Jul 2025 07:04:58 -0400 (EDT) Received: from smtpin08.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 490BE1604BF for ; Mon, 7 Jul 2025 11:04:58 +0000 (UTC) X-FDA: 83637186276.08.07A6203 Received: from szxga04-in.huawei.com (szxga04-in.huawei.com [45.249.212.190]) by imf16.hostedemail.com (Postfix) with ESMTP id 10834180018 for ; Mon, 7 Jul 2025 11:04:55 +0000 (UTC) Authentication-Results: imf16.hostedemail.com; dkim=none; spf=pass (imf16.hostedemail.com: domain of liuyuntao12@huawei.com designates 45.249.212.190 as permitted sender) smtp.mailfrom=liuyuntao12@huawei.com; dmarc=pass (policy=quarantine) header.from=huawei.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1751886296; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:in-reply-to: references; bh=pd4/sh49vGntZnODor/K+tGmKiyN9BbHsQb0klSmDOI=; b=6E07GWEOeMYUTZ4WsN9J/PNM2tluKo+t15jmPEmOeDmt9aMNDFt4iUsAbOjPtiW0rApQL5 H7eJIMnnGGN6GYjP01iTXoucOuj3R3B706vgPvTJNkSzstKafWZ/opR7rC3JXuqvt6dRPi g2AI/ukoceUxC4xrA8FgdhzAfhScf/I= ARC-Authentication-Results: i=1; imf16.hostedemail.com; dkim=none; spf=pass (imf16.hostedemail.com: domain of liuyuntao12@huawei.com designates 45.249.212.190 as permitted sender) smtp.mailfrom=liuyuntao12@huawei.com; dmarc=pass (policy=quarantine) header.from=huawei.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1751886296; a=rsa-sha256; cv=none; b=8BvepRvs4RD8+UcY19udljql9CD8mlhf/q4TKFB7lvG+5xh3/cDJyXVQX3fPAqiKGuM4Xi RbsF6iZp0hjmhkYwZEej/+X9J0JXHipmom14GokhnewATcXMrTvWjQWRpBrmZM2MKVcHLh 7q8Zj7RUj7ApvXQZLlR7SN9T5XHgnEo= Received: from mail.maildlp.com (unknown [172.19.88.214]) by szxga04-in.huawei.com (SkyGuard) with ESMTP id 4bbLtp4FfNz2SSwY; Mon, 7 Jul 2025 19:02:58 +0800 (CST) Received: from kwepemg500010.china.huawei.com (unknown [7.202.181.71]) by mail.maildlp.com (Postfix) with ESMTPS id 6150B1A016C; Mon, 7 Jul 2025 19:04:51 +0800 (CST) Received: from huawei.com (10.67.174.76) by kwepemg500010.china.huawei.com (7.202.181.71) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.11; Mon, 7 Jul 2025 19:04:50 +0800 From: Yuntao Liu To: , CC: , , , , , , , , Subject: [PATCH -next] mm/memory: fix null pointer dereference in fault_dirty_shared_page Date: Mon, 7 Jul 2025 10:51:18 +0000 Message-ID: <20250707105118.413056-1-liuyuntao12@huawei.com> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Originating-IP: [10.67.174.76] X-ClientProxiedBy: kwepems200002.china.huawei.com (7.221.188.68) To kwepemg500010.china.huawei.com (7.202.181.71) X-Rspam-User: X-Rspamd-Queue-Id: 10834180018 X-Rspamd-Server: rspam09 X-Stat-Signature: afh5foreoqkzutendqmnsmqy17i7g4rg X-HE-Tag: 1751886295-736051 X-HE-Meta: U2FsdGVkX1+DyM5P42E0zsz+PWWsyYpzBWwsl14wWGrwD95IJ+D5F+PBeQ4LNtVUtwT7PlsYE1flE2vyfXLE2pWXPd/p4c0ynq/AY41kqkJmv8svDnU6grLhHCTgFgGETkUarruEbC5PYY5D04hhCeVHpR03ZWBPRZsP+TJRVZ+1auxpytrEfBCmKuYaUK7f32KYxWcWG4KFk6+T0BxKt+ROndcqpJFV3S28muLMzn4UFsSB/xb7JE9thyvIxCcPZqO357Ym28pwDvHvsZ5hjrPo2wKSFpeHVDI+jDkFr/pW48xwjowQlhDN0CwP/kU/AxK5frZ7fbo/jZoDTqb23W4jXmeOW6C05qf2/aqOJnw7OrZcm2WmvZTY8bvcb2Ua+5veNDlaJ8oN4YA8b6xIJWBAbcCtDp1mHMUtMxVC87/GqF6vKXQKXpRQDkFCRN0bWYstPhWXQh5CRfirAlRI0Bqrsu7EFwfKSWDbwrXDzuhKmAt1rRE67pJSffCQBa9l9r2xAWkcHNd1W1jn8j9yBca7/DQOnW+E8rWusudMWUC3yH49d0ZQa13r7sA030NMoNDZt6KS+7Do6P/elGXKk/Vx2fbuI0SYjLeIgEUezrXSlf+3921Ep+JE53ujJev1re6zU3IrGL4ZIEzdbDzbV+Mb1mL6/1iA8YehDXlNrK7jodYVBYKuXulpATS8K0vhlyz5ShprPxGeWsGNVJ+1Y5xqfnEtJIxXJnr34AMeXMgIN0sBpXdzkmreNdD1uEHEpU23whYM8Ddl+sG720YBGkM4wi8x+yshteYh8Q6TAB5TFkZUibn+4MzktTv2RDkP+mPM13BrfeKJpjVPQmyr5Y5T+HxD5TzZCCwxhklKfNBkikIDr1F3B3ejskBkQt+o62gUp5nn9UcuAA854NUAUrDEY3+n9uEhT5251qlkWxIg4K52FIe9y8OsYtenWZeMBQ6EUgEP0zieQ9NGADz ZW23qe+a mR3Sm X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Page mapping with "VM_READ|VM_WRITE|VM_MAYREAD|VM_MAYWRITE|VM_SHARED", the first time accessing this address through a write operation will trigger a do_shared_fault, if mapping is anonymous, it can lead to a null pointer dereference. [ 23.232336][ T195] Call trace: [ 23.232542][ T195] file_update_time+0x2c/0xd8 [ 23.232801][ T195] fault_dirty_shared_page+0x1a0/0x220 [ 23.233099][ T195] do_shared_fault+0xe8/0x240 [ 23.233374][ T195] do_fault+0x78/0x240 [ 23.233629][ T195] handle_pte_fault+0x1f0/0x3f0 [ 23.233905][ T195] __handle_mm_fault+0x2b0/0x548 [ 23.234186][ T195] handle_mm_fault+0xd4/0x2f8 [ 23.234462][ T195] do_page_fault+0x2f0/0x5f8 [ 23.234727][ T195] do_translation_fault+0x8c/0xc8 [ 23.235021][ T195] do_mem_abort+0x68/0x100 [ 23.235283][ T195] el0_da+0x4c/0x1a8 [ 23.235551][ T195] el0t_64_sync_handler+0xe4/0x158 [ 23.235861][ T195] el0t_64_sync+0x37c/0x380 Signed-off-by: Yuntao Liu --- mm/memory.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mm/memory.c b/mm/memory.c index eaf98d518289..8106ef8a5036 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -3412,7 +3412,7 @@ static vm_fault_t fault_dirty_shared_page(struct vm_fault *vmf) mapping = folio_raw_mapping(folio); folio_unlock(folio); - if (!page_mkwrite) + if (!page_mkwrite && vma->vm_file) file_update_time(vma->vm_file); /* -- 2.34.1