lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 5 May 2014 19:14:28 +0200
From:	Peter Zijlstra <peterz@...radead.org>
To:	Vince Weaver <vincent.weaver@...ne.edu>
Cc:	Thomas Gleixner <tglx@...utronix.de>,
	Ingo Molnar <mingo@...nel.org>, linux-kernel@...r.kernel.org,
	Steven Rostedt <rostedt@...dmis.org>
Subject: Re: [perf] more perf_fuzzer memory corruption

On Mon, May 05, 2014 at 01:10:55PM -0400, Vince Weaver wrote:
> On Mon, 5 May 2014, Vince Weaver wrote:
> 
> > (Although often things like to crash the instant my tested-by e-mails 
> > clear the lkml list.)
> 
> This did turn up on the core2 machine.  I had been seeing this problem 
> earlier but was hoping it was part of the memory corruption issue:
> 
> [ 4918.921921] BUG: unable to handle kernel NULL pointer dereference at 0000000000000010
> [ 4918.925692] IP: [<ffffffff81539fa6>] mutex_lock+0x19/0x37

> [ 4918.925692] Call Trace:
> [ 4918.925692]  [<ffffffff810d10b7>] perf_event_init_context+0x7c/0x1c8
> [ 4918.925692]  [<ffffffff810d126c>] perf_event_init_task+0x69/0x6d
> [ 4918.925692]  [<ffffffff8103e1ff>] copy_process+0x5cc/0x163b
> [ 4918.925692]  [<ffffffff8103f536>] do_fork+0x74/0x1dc
> [ 4918.925692]  [<ffffffff8103f6b4>] SyS_clone+0x16/0x18
> [ 4918.925692]  [<ffffffff81542c89>] stub_clone+0x69/0x90


Cute.. does the below cure?


---
Subject: perf: Fix perf_event_init_context()
From: Peter Zijlstra <peterz@...radead.org>
Date: Mon May  5 19:12:20 CEST 2014

perf_pin_task_context() can return NULL but perf_event_init_context()
assumes it will not, correct this.

Signed-off-by: Peter Zijlstra <peterz@...radead.org>
---
 kernel/events/core.c |    2 ++
 1 file changed, 2 insertions(+)

--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -7745,6 +7745,8 @@ int perf_event_init_context(struct task_
 	 * swapped under us.
 	 */
 	parent_ctx = perf_pin_task_context(parent, ctxn);
+	if (!parent_ctx)
+		return 0;
 
 	/*
 	 * No need to check if parent_ctx != NULL here; since we saw

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ