From: Dan Carpenter <dan.carpenter@linaro.org>
To: Zi Yan <ziy@nvidia.com>
Cc: Antonio Quartulli <antonio@mandelbit.com>,
linux-mm@kvack.org, Andrew Morton <akpm@linux-foundation.org>,
David Hildenbrand <david@redhat.com>,
Lorenzo Stoakes <lorenzo.stoakes@oracle.com>,
Baolin Wang <baolin.wang@linux.alibaba.com>,
"Liam R. Howlett" <Liam.Howlett@oracle.com>,
Nico Pache <npache@redhat.com>,
Ryan Roberts <ryan.roberts@arm.com>, Dev Jain <dev.jain@arm.com>,
Barry Song <baohua@kernel.org>
Subject: Re: [RFC] mm/huge_memory: prevent potential NULL pointer dereference
Date: Wed, 16 Jul 2025 19:18:08 +0300 [thread overview]
Message-ID: <27254b10-79db-43a2-a443-e7686082dfa8@suswa.mountain> (raw)
In-Reply-To: <FDB41C5A-5C1B-426D-900B-AE7A1DE78CB2@nvidia.com>
On Wed, Jul 16, 2025 at 11:10:00AM -0400, Zi Yan wrote:
> On 16 Jul 2025, at 10:58, Antonio Quartulli wrote:
>
> > I just found this issue in the last linux-next Coverity report and it
> > caught my attention.
> > I am not familiar with this code, therefore I am sending this patch
> > as RFC because I am not 100% sure whether this is a false positive or
> > not.
> > However, it seems potentially legit to me:
> >
> > In __folio_split(), when looping over folios we dereference
> > `mapping` before ensuring it is non-NULL.
> >
> > Following code in the loop body performs such check, thus
> > suggesting that `mapping` may be NULL and accessing it
> > without any check may be dangerous.
> >
> > Add NULL check before passing it to shmem_mapping().
> >
> > Cc: Zi Yan <ziy@nvidia.com>
> > Fixes: 00527733d0dc ("mm/huge_memory: add two new (not yet used) functions for folio_split()")
> > Addresses-Coverity-ID: 1647614 ("FORWARD_NULL")
> > Signed-off-by: Antonio Quartulli <antonio@mandelbit.com>
> > ---
> > mm/huge_memory.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/mm/huge_memory.c b/mm/huge_memory.c
> > index 389620c65a5f..d649026db95a 100644
> > --- a/mm/huge_memory.c
> > +++ b/mm/huge_memory.c
> > @@ -3802,7 +3802,7 @@ static int __folio_split(struct folio *folio, unsigned int new_order,
> >
> > /* Some pages can be beyond EOF: drop them from cache */
> > if (new_folio->index >= end) {
> > - if (shmem_mapping(mapping))
> > + if (mapping && shmem_mapping(mapping))
> > nr_shmem_dropped += folio_nr_pages(new_folio);
> > else if (folio_test_clear_dirty(new_folio))
> > folio_account_cleaned(
> Hi Antonio,
>
> Is there a way of preventing Coverity/sparse from checking certain code?
> This non-NULL mapping issue pops up every time I touch the code.
>
> Dan Carpenter reported the issue yesterday and I explained it is no issue[1].
> The same report showed up when I added __split_unmapped_folio()
> back in February[2]
>
> [1] https://lore.kernel.org/oe-kbuild/64b54034-f311-4e7d-b935-c16775dbb642@suswa.mountain/
> [2] https://lore.kernel.org/linux-mm/2afe3d59-aca5-40f7-82a3-a6d976fb0f4f@stanley.mountain/
>
> I wonder how many times I need to explain this, although I appreciate
> your effort to improve kernel.
The way to disable static analysis is to wrap the line or function in
#ifndef __CHECKER__. This is a bad option. We could probably count
how many places do this using one set of fingers and toes. We don't
like defines in .c files. I hate when static analysis makes the code
messier and worse. We always say to fix the checker and leave the code
alone.
We generally try to only report warnings once, but in this case you
changed the name of the function so it shows up as new. All the scripts
say if you change the name of the file or the function that's a new
warning. When I'm searching for duplicate reports on lore, I use the
name of the function as well. Plus, I looked at the surrounding code
and everything on my screen was from Jul 7 so I assumed it was new.
The best option is to add a comment to the code. The next best option
is to just endure the occasional false positive.
One idea might be to add a hash tag to static checker warnings/patches
so we can manually search lore.kernel.org for the filename and hash tag
before sending new bug reports/fixes.
regards,
dan carpenter
prev parent reply other threads:[~2025-07-16 16:18 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-16 14:58 Antonio Quartulli
2025-07-16 15:07 ` Lorenzo Stoakes
2025-07-16 19:05 ` Antonio Quartulli
2025-07-16 19:10 ` Lorenzo Stoakes
2025-07-16 19:13 ` Antonio Quartulli
2025-07-16 15:10 ` Zi Yan
2025-07-16 15:18 ` David Hildenbrand
2025-07-16 15:24 ` Zi Yan
2025-07-16 15:31 ` David Hildenbrand
2025-07-16 16:18 ` Dan Carpenter [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=27254b10-79db-43a2-a443-e7686082dfa8@suswa.mountain \
--to=dan.carpenter@linaro.org \
--cc=Liam.Howlett@oracle.com \
--cc=akpm@linux-foundation.org \
--cc=antonio@mandelbit.com \
--cc=baohua@kernel.org \
--cc=baolin.wang@linux.alibaba.com \
--cc=david@redhat.com \
--cc=dev.jain@arm.com \
--cc=linux-mm@kvack.org \
--cc=lorenzo.stoakes@oracle.com \
--cc=npache@redhat.com \
--cc=ryan.roberts@arm.com \
--cc=ziy@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox