userswap: fix NULL pointer dereference in uswap_unmap_anon_page()

hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I6CAIM -------------------------------- If old_pte is NULL, *old_pte will result in a null pointer dereference. Fix this by adding a NULL check for old_pte. Signed-off-by: N ZhangPeng <zhangpeng362@huawei.com>

userswap: fix NULL pointer dereference in uswap_unmap_anon_page()
hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I6CAIM -------------------------------- If old_pte is NULL, *old_pte will result in a null pointer dereference. Fix this by adding a NULL check for old_pte. Signed-off-by: N ZhangPeng <zhangpeng362@huawei.com>
2e04865a · ZhangPeng · Ma Wupeng · cbf06b7d · 2e04865a
隐藏空白更改
内联并排

Showing with 4 addition and 2 deletion

mm/userswap.c mm/userswap.c +4 -2

未找到文件。
--- a/mm/userswap.c
+++ b/mm/userswap.c
@@ -162,7 +162,7 @@ static void uswap_unmap_anon_page(struct mm_struct *mm,
 {
 	struct mmu_notifier_range range;
 	spinlock_t *ptl;
-	pte_t *pte;
+	pte_t *pte, _old_pte;

 	mmu_notifier_range_init(&range, MMU_NOTIFY_UNMAP, 0, vma,
 				vma->vm_mm, addr, addr + PAGE_SIZE);
@@ -171,7 +171,7 @@ static void uswap_unmap_anon_page(struct mm_struct *mm,
 	if (pte_none(*pte))
 		goto out_release_unlock;
 	flush_cache_page(vma, addr, pte_pfn(*pte));
-	*old_pte = ptep_clear_flush(vma, addr, pte);
+	_old_pte = ptep_clear_flush(vma, addr, pte);
 	if (set_to_swp)
 		set_pte_at(mm, addr, pte, swp_entry_to_pte(swp_entry(
 			   SWP_USERSWAP_ENTRY, page_to_pfn(page))));
@@ -184,6 +184,8 @@ static void uswap_unmap_anon_page(struct mm_struct *mm,
 	pte_unmap_unlock(pte, ptl);
 	mmu_notifier_invalidate_range_end(&range);
 	page->mapping = NULL;
+	if (old_pte)
+		*old_pte = _old_pte;
 }

 static void uswap_map_anon_page(struct mm_struct *mm,