Commit 592db83
mm/huge_memory: fix NULL pointer deference when splitting folio
[ Upstream commit cff47b9 ]
Commit c010d47 ("mm: thp: split huge page to any lower order pages")
introduced an early check on the folio's order via mapping->flags before
proceeding with the split work.
This check introduced a bug: for shmem folios in the swap cache and
truncated folios, the mapping pointer can be NULL. Accessing
mapping->flags in this state leads directly to a NULL pointer dereference.
This commit fixes the issue by moving the check for mapping != NULL before
any attempt to access mapping->flags.
Link: https://lkml.kernel.org/r/20251119235302.24773-1-richard.weiyang@gmail.com
Fixes: c010d47 ("mm: thp: split huge page to any lower order pages")
Signed-off-by: Wei Yang <richard.weiyang@gmail.com>
Reviewed-by: Zi Yan <ziy@nvidia.com>
Acked-by: David Hildenbrand (Red Hat) <david@kernel.org>
Reviewed-by: Baolin Wang <baolin.wang@linux.alibaba.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
[ applied fix to split_huge_page_to_list_to_order() instead of __folio_split() ]
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>1 parent 1001431 commit 592db83
1 file changed
Lines changed: 10 additions & 7 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
3404 | 3404 | | |
3405 | 3405 | | |
3406 | 3406 | | |
| 3407 | + | |
| 3408 | + | |
| 3409 | + | |
| 3410 | + | |
| 3411 | + | |
| 3412 | + | |
| 3413 | + | |
| 3414 | + | |
| 3415 | + | |
| 3416 | + | |
3407 | 3417 | | |
3408 | 3418 | | |
3409 | 3419 | | |
| |||
3466 | 3476 | | |
3467 | 3477 | | |
3468 | 3478 | | |
3469 | | - | |
3470 | | - | |
3471 | | - | |
3472 | | - | |
3473 | | - | |
3474 | | - | |
3475 | | - | |
3476 | 3479 | | |
3477 | 3480 | | |
3478 | 3481 | | |
| |||
0 commit comments