diff options
| author | Daniel Jordan <[email protected]> | 2019-03-05 15:48:19 -0800 |
|---|---|---|
| committer | Linus Torvalds <[email protected]> | 2019-03-05 21:07:19 -0800 |
| commit | c10d38cc8d3e43f946b6c2bf4602c86791587f30 (patch) | |
| tree | fceb58ebe239d9c4142ed1f0062616fc2f0c9da5 /tools/perf/scripts/python/export-to-sqlite.py | |
| parent | 060f005f074791ec15e3ea111a0b0cac28abab06 (diff) | |
mm, swap: bounds check swap_info array accesses to avoid NULL derefs
Dan Carpenter reports a potential NULL dereference in
get_swap_page_of_type:
Smatch complains that the NULL checks on "si" aren't consistent. This
seems like a real bug because we have not ensured that the type is
valid and so "si" can be NULL.
Add the missing check for NULL, taking care to use a read barrier to
ensure CPU1 observes CPU0's updates in the correct order:
CPU0 CPU1
alloc_swap_info() if (type >= nr_swapfiles)
swap_info[type] = p /* handle invalid entry */
smp_wmb() smp_rmb()
++nr_swapfiles p = swap_info[type]
Without smp_rmb, CPU1 might observe CPU0's write to nr_swapfiles before
CPU0's write to swap_info[type] and read NULL from swap_info[type].
Ying Huang noticed other places in swapfile.c don't order these reads
properly. Introduce swap_type_to_swap_info to encourage correct usage.
Use READ_ONCE and WRITE_ONCE to follow the Linux Kernel Memory Model
(see tools/memory-model/Documentation/explanation.txt).
This ordering need not be enforced in places where swap_lock is held
(e.g. si_swapinfo) because swap_lock serializes updates to nr_swapfiles
and the swap_info array.
Link: http://lkml.kernel.org/r/[email protected]
Fixes: ec8acf20afb8 ("swap: add per-partition lock for swapfile")
Signed-off-by: Daniel Jordan <[email protected]>
Reported-by: Dan Carpenter <[email protected]>
Suggested-by: "Huang, Ying" <[email protected]>
Reviewed-by: Andrea Parri <[email protected]>
Acked-by: Peter Zijlstra (Intel) <[email protected]>
Cc: Alan Stern <[email protected]>
Cc: Andi Kleen <[email protected]>
Cc: Dave Hansen <[email protected]>
Cc: Omar Sandoval <[email protected]>
Cc: Paul McKenney <[email protected]>
Cc: Shaohua Li <[email protected]>
Cc: Stephen Rothwell <[email protected]>
Cc: Tejun Heo <[email protected]>
Cc: Will Deacon <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
Diffstat (limited to 'tools/perf/scripts/python/export-to-sqlite.py')
0 files changed, 0 insertions, 0 deletions