Hi,
Static analysis with CoverityScan on linux-next detected a potential null pointer dereference with the following commit:
From d8a1051ed4ba55679ef24e838a1942c9c40f0a14 Mon Sep 17 00:00:00 2001
From: Mike Kravetz mike.kravetz@oracle.com Date: Sat, 22 Dec 2018 10:55:57 +1100 Subject: [PATCH] hugetlbfs: use i_mmap_rwsem for more pmd sharing
The earlier check implies that "mapping" may be a null pointer:
var_compare_op: Comparing mapping to null implies that mapping might be null.
1008 if (!(flags & MF_MUST_KILL) && !PageDirty(hpage) && mapping && 1009 mapping_cap_writeback_dirty(mapping)) {
..however later "mapper" is dereferenced when it may be potentially null:
1034 /* 1035 * For hugetlb pages, try_to_unmap could potentially call 1036 * huge_pmd_unshare. Because of this, take semaphore in 1037 * write mode here and set TTU_RMAP_LOCKED to indicate we 1038 * have taken the lock at this higer level. 1039 */ CID 1476097 (#1 of 1): Dereference after null check (FORWARD_NULL)
var_deref_model: Passing null pointer mapping to i_mmap_lock_write, which dereferences it.
1040 i_mmap_lock_write(mapping); 1041 unmap_success = try_to_unmap(hpage, ttu|TTU_RMAP_LOCKED); 1042 i_mmap_unlock_write(mapping);
Colin