| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 12 Apr 2018 14:28:03 -0700
From: Andrew Morton <akpm@...ux-foundation.org>
To: Ioan Nicu <ioan.nicu.ext@...ia.com>
Cc: Alexandre Bounine <alex.bou9@...il.com>,
Barry Wood <barry.wood@....com>,
Matt Porter <mporter@...nel.crashing.org>,
Christophe JAILLET <christophe.jaillet@...adoo.fr>,
Al Viro <viro@...iv.linux.org.uk>,
Logan Gunthorpe <logang@...tatee.com>,
Chris Wilson <chris@...is-wilson.co.uk>,
Tvrtko Ursulin <tvrtko.ursulin@...el.com>,
Frank Kunz <frank.kunz@...ia.com>,
Alexander Sverdlin <alexander.sverdlin@...ia.com>,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] rapidio: fix rio_dma_transfer error handling
On Thu, 12 Apr 2018 17:06:05 +0200 Ioan Nicu <ioan.nicu.ext@...ia.com> wrote:
> Some of the mport_dma_req structure members were initialized late
> inside the do_dma_request() function, just before submitting the
> request to the dma engine. But we have some error branches before
> that. In case of such an error, the code would return on the error
> path and trigger the calling of dma_req_free() with a req structure
> which is not completely initialized. This causes a NULL pointer
> dereference in dma_req_free().
>
> This patch fixes these error branches by making sure that all
> necessary mport_dma_req structure members are initialized in
> rio_dma_transfer() immediately after the request structure gets
> allocated.
This sounds like something which someone has actually triggered in a
real-world situation. So I added a cc:stable. Please let me know if
that was inappropriate.
And please remember to always include all information regarding
end-user impact when fixing bugs.
Powered by blists - more mailing lists