mm/ksm: add missing IS_ERR_OR_NULL check for stable_tree_search()

The stable_tree_search() maybe return -EBUSY if the stable node's page is
being migrated or nullptr, we need to check kfolio with IS_ERR_OR_NULL()
before dereference it.

To mitigate this, add IS_ERR_OR_NULL check for stable_tree_search().

Link: https://lkml.kernel.org/r/20241024032300.2501949-1-cuigaosheng1@huawei.com
Signed-off-by: Gaosheng Cui <cuigaosheng1@huawei.com>
Cc: Alex Shi <alexs@kernel.org>
Cc: David Hildenbrand <david@redhat.com>
Cc: "Matthew Wilcox (Oracle)" <willy@infradead.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>

diff --git a/mm/ksm.c b/mm/ksm.c
index 6f33f970627b6d6a503820599cc9736c45464cee..f5957bbfcd2f6bc9d19e5d2a438ce15d8c10e327 100644 (file)
--- a/mm/ksm.c
+++ b/mm/ksm.c
@@ -1787,7 +1787,7 @@ static __always_inline struct folio *chain(struct ksm_stable_node **s_n_d,
  * with identical content to the page that we are scanning right now.
  *
  * This function returns the stable tree node of identical content if found,
- * NULL otherwise.
+ * -EBUSY if the stable node's page is being migrated, NULL otherwise.
  */
 static struct folio *stable_tree_search(struct page *page)
 {
@@ -2261,7 +2261,8 @@ static void cmp_and_merge_page(struct page *page, struct ksm_rmap_item *rmap_ite
 
        /* Start by searching for the folio in the stable tree */
        kfolio = stable_tree_search(page);
-       if (&kfolio->page == page && rmap_item->head == stable_node) {
+       if (!IS_ERR_OR_NULL(kfolio) && &kfolio->page == page &&
+           rmap_item->head == stable_node) {
                folio_put(kfolio);
                return;
        }