From ce2f332d0f68fc1a2b1017556588d0ef56546bb0 Mon Sep 17 00:00:00 2001 From: Sasha Levin Date: Tue, 12 May 2020 11:05:46 -0400 Subject: [PATCH] Fixes for 4.14 Signed-off-by: Sasha Levin --- ...tlb-avoid-potential-null-dereference.patch | 60 +++++++++++++++++++ queue-4.14/series | 1 + 2 files changed, 61 insertions(+) create mode 100644 queue-4.14/arm64-hugetlb-avoid-potential-null-dereference.patch diff --git a/queue-4.14/arm64-hugetlb-avoid-potential-null-dereference.patch b/queue-4.14/arm64-hugetlb-avoid-potential-null-dereference.patch new file mode 100644 index 00000000000..9c325053502 --- /dev/null +++ b/queue-4.14/arm64-hugetlb-avoid-potential-null-dereference.patch @@ -0,0 +1,60 @@ +From a9ec0962c069fccbcfb6258b1d0b677e98c58084 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 5 May 2020 13:59:30 +0100 +Subject: arm64: hugetlb: avoid potential NULL dereference +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Mark Rutland + +[ Upstream commit 027d0c7101f50cf03aeea9eebf484afd4920c8d3 ] + +The static analyzer in GCC 10 spotted that in huge_pte_alloc() we may +pass a NULL pmdp into pte_alloc_map() when pmd_alloc() returns NULL: + +| CC arch/arm64/mm/pageattr.o +| CC arch/arm64/mm/hugetlbpage.o +| from arch/arm64/mm/hugetlbpage.c:10: +| arch/arm64/mm/hugetlbpage.c: In function ‘huge_pte_alloc’: +| ./arch/arm64/include/asm/pgtable-types.h:28:24: warning: dereference of NULL ‘pmdp’ [CWE-690] [-Wanalyzer-null-dereference] +| ./arch/arm64/include/asm/pgtable.h:436:26: note: in expansion of macro ‘pmd_val’ +| arch/arm64/mm/hugetlbpage.c:242:10: note: in expansion of macro ‘pte_alloc_map’ +| |arch/arm64/mm/hugetlbpage.c:232:10: +| |./arch/arm64/include/asm/pgtable-types.h:28:24: +| ./arch/arm64/include/asm/pgtable.h:436:26: note: in expansion of macro ‘pmd_val’ +| arch/arm64/mm/hugetlbpage.c:242:10: note: in expansion of macro ‘pte_alloc_map’ + +This can only occur when the kernel cannot allocate a page, and so is +unlikely to happen in practice before other systems start failing. + +We can avoid this by bailing out if pmd_alloc() fails, as we do earlier +in the function if pud_alloc() fails. + +Fixes: 66b3923a1a0f ("arm64: hugetlb: add support for PTE contiguous bit") +Signed-off-by: Mark Rutland +Reported-by: Kyrill Tkachov +Cc: # 4.5.x- +Cc: Will Deacon +Signed-off-by: Catalin Marinas +Signed-off-by: Sasha Levin +--- + arch/arm64/mm/hugetlbpage.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/arch/arm64/mm/hugetlbpage.c b/arch/arm64/mm/hugetlbpage.c +index 9f6ae9686dac6..74e03af04548b 100644 +--- a/arch/arm64/mm/hugetlbpage.c ++++ b/arch/arm64/mm/hugetlbpage.c +@@ -220,6 +220,8 @@ pte_t *huge_pte_alloc(struct mm_struct *mm, + pte = (pte_t *)pud; + } else if (sz == (PAGE_SIZE * CONT_PTES)) { + pmd_t *pmd = pmd_alloc(mm, pud, addr); ++ if (!pmdp) ++ return NULL; + + WARN_ON(addr & (sz - 1)); + /* +-- +2.20.1 + diff --git a/queue-4.14/series b/queue-4.14/series index 4e011b5550a..c52efd92573 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -34,3 +34,4 @@ x86-unwind-orc-fix-error-path-for-bad-orc-entry-type.patch netfilter-nat-never-update-the-udp-checksum-when-it-s-0.patch objtool-fix-stack-offset-tracking-for-indirect-cfas.patch scripts-decodecode-fix-trapping-instruction-formatting.patch +arm64-hugetlb-avoid-potential-null-dereference.patch -- 2.47.3