mm: prevent derefencing NULL ptr in pfn_section_valid()

Waiman-Long · akpm00 · commit 82f0b6f041fa · 2024-07-03T22:40:36.000-07:00
Commit 5ec8e8e ("mm/sparsemem: fix race in accessing memory_section->usage") changed pfn_section_valid() to add a READ_ONCE() call around "ms->usage" to fix a race with section_deactivate() where ms->usage can be cleared. The READ_ONCE() call, by itself, is not enough to prevent NULL pointer dereference. We need to check its value before dereferencing it. Link: https://lkml.kernel.org/r/20240626001639.1350646-1-longman@redhat.com Fixes: 5ec8e8e ("mm/sparsemem: fix race in accessing memory_section->usage") Signed-off-by: Waiman Long <longman@redhat.com> Cc: Charan Teja Kalla <quic_charante@quicinc.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
diff --git a/include/linux/mmzone.h b/include/linux/mmzone.h
@@ -1979,8 +1979,9 @@ static inline int subsection_map_index(unsigned long pfn)
 static inline int pfn_section_valid(struct mem_section *ms, unsigned long pfn)
 {
 	int idx = subsection_map_index(pfn);
+	struct mem_section_usage *usage = READ_ONCE(ms->usage);
 
-	return test_bit(idx, READ_ONCE(ms->usage)->subsection_map);
+	return usage ? test_bit(idx, usage->subsection_map) : 0;
 }
 #else
 static inline int pfn_section_valid(struct mem_section *ms, unsigned long pfn)

Original file line number	Diff line number	Diff line change
`@@ -1979,8 +1979,9 @@ static inline int subsection_map_index(unsigned long pfn)`
`1979`	`1979`	`static inline int pfn_section_valid(struct mem_section *ms, unsigned long pfn)`
`1980`	`1980`	`{`
`1981`	`1981`	`int idx = subsection_map_index(pfn);`
	`1982`	`+ struct mem_section_usage *usage = READ_ONCE(ms->usage);`
`1982`	`1983`
`1983`		`- return test_bit(idx, READ_ONCE(ms->usage)->subsection_map);`
	`1984`	`+ return usage ? test_bit(idx, usage->subsection_map) : 0;`
`1984`	`1985`	`}`
`1985`	`1986`	`#else`
`1986`	`1987`	`static inline int pfn_section_valid(struct mem_section *ms, unsigned long pfn)`