Re: [PATCH] mm/nommu: Fix NULL mm dereference in __vmalloc_user_flags

linux-mm.kvack.org archive mirror
 help / color / mirror / Atom feed

From: Matthew Wilcox <willy@infradead.org>
To: sooraj <sooraj20636@gmail.com>
Cc: linux-mm@kvack.org
Subject: Re: [PATCH] mm/nommu: Fix NULL mm dereference in __vmalloc_user_flags
Date: Mon, 27 Jan 2025 22:42:10 +0000	[thread overview]
Message-ID: <Z5gLwscD17jLDFHD@casper.infradead.org> (raw)
In-Reply-To: <20250128072252.10259-1-sooraj20636@gmail.com>

On Tue, Jan 28, 2025 at 02:22:52AM -0500, sooraj wrote:
> Problem:
> The __vmalloc_user_flags() function attempts to acquire mmap_lock
> via current->mm without checking if the mm context exists. This causes
> a NULL pointer dereference when called from kernel threads (where
> current->mm == NULL), such as during filesystem operations.

I'm having a hard time thinking of a case where this could happen.
Could you provide a backtrace showing an example?

> Fix:
> Add a NULL check for current->mm before attempting mmap_lock operations.
> Kernel threads don't have user memory mappings, so VM_USERMAP flag
> setting can be safely skipped in this context.
> 
> Signed-off-by: sooraj <sooraj20636@gmail.com>

Do you sign cheques as 'sooraj'?  You need to use your real, legal name.

> +		struct mm_struct *mm = current->mm;
> +
> +		if(!mm){
> +			goto out;
> +		}

All kinds of whitespace problems here.  It should be:

		if (!mm)
			goto out;

>  		mmap_write_lock(current->mm);
>  		vma = find_vma(current->mm, (unsigned long)ret);

And since you've gone to the trouble of loading current->mm into
a local variable, you should use it throughout the function.

> @@ -160,6 +165,7 @@ static void *__vmalloc_user_flags(unsigned long size, gfp_t flags)
>  		mmap_write_unlock(current->mm);
>  	}
>  
> +	out:

and this should not be indented.

>  	return ret;

     prev parent reply	other threads:[~2025-01-27 22:42 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-01-28  7:22 sooraj
2025-01-27 22:42 ` Matthew Wilcox [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=Z5gLwscD17jLDFHD@casper.infradead.org \
    --to=willy@infradead.org \
    --cc=linux-mm@kvack.org \
    --cc=sooraj20636@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox