From: Huiwen He <hehuiwen@kylinos.cn>
To: Liam.Howlett@oracle.com
Cc: aliceryhl@google.com, andrewjballance@gmail.com,
maple-tree@lists.infradead.org, linux-mm@kvack.org,
linux-kernel@vger.kernel.org, Huiwen He <hehuiwen@kylinos.cn>
Subject: [PATCH] maple_tree: Fix potential NULL pointer dereference if mas_pop_node() fails
Date: Sat, 18 Oct 2025 23:23:05 +0800 [thread overview]
Message-ID: <20251018152305.1612722-1-hehuiwen@kylinos.cn> (raw)
mas_pop_node() may return NULL when memory allocation fails or when
mas->sheaf is invalid. Several callers of mas_pop_node() did not check
the return value and directly dereferenced the pointer, which could
lead to a NULL pointer dereference and kernel crash.
Fixes: 54a611b60590 ("maple_tree: add mas_pop_node() helper")
Signed-off-by: Huiwen He <hehuiwen@kylinos.cn>
---
lib/maple_tree.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/lib/maple_tree.c b/lib/maple_tree.c
index 39bb779cb311..524e1cfb4439 100644
--- a/lib/maple_tree.c
+++ b/lib/maple_tree.c
@@ -3085,6 +3085,9 @@ static inline void mas_root_expand(struct ma_state *mas, void *entry)
int slot = 0;
node = mas_pop_node(mas);
+ if (unlikely(!node))
+ return;
+
pivots = ma_pivots(node, type);
slots = ma_slots(node, type);
node->parent = ma_parent_ptr(mas_tree_parent(mas));
@@ -3367,6 +3370,9 @@ static inline void mas_new_root(struct ma_state *mas, void *entry)
}
node = mas_pop_node(mas);
+ if (unlikely(!node))
+ return;
+
pivots = ma_pivots(node, type);
slots = ma_slots(node, type);
node->parent = ma_parent_ptr(mas_tree_parent(mas));
@@ -3506,6 +3512,9 @@ static inline void mas_wr_node_store(struct ma_wr_state *wr_mas,
newnode = &reuse;
}
+ if (unlikely(!newnode))
+ return;
+
newnode->parent = mas_mn(mas)->parent;
dst_pivots = ma_pivots(newnode, wr_mas->type);
dst_slots = ma_slots(newnode, wr_mas->type);
--
2.43.0
next reply other threads:[~2025-10-18 15:23 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-18 15:23 Huiwen He [this message]
2025-10-18 16:38 ` Markus Elfring
2025-10-19 0:32 ` Matthew Wilcox
2025-10-19 11:49 ` Huiwen He
2025-10-19 20:14 ` Matthew Wilcox
2025-10-21 14:19 ` Liam R. Howlett
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251018152305.1612722-1-hehuiwen@kylinos.cn \
--to=hehuiwen@kylinos.cn \
--cc=Liam.Howlett@oracle.com \
--cc=aliceryhl@google.com \
--cc=andrewjballance@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=maple-tree@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox