lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1360073811.27007.13.camel@gandalf.local.home>
Date:	Tue, 05 Feb 2013 09:16:51 -0500
From:	Steven Rostedt <rostedt@...dmis.org>
To:	LKML <linux-kernel@...r.kernel.org>
Cc:	linux-mm@...ck.org, Andrew Morton <akpm@...ux-foundation.org>,
	Christoph Lameter <cl@...ux-foundation.org>,
	Pekka Enberg <penberg@...nel.org>,
	Matt Mackall <mpm@...enic.com>
Subject: Re: [PATCH] slob: Check for NULL pointer before calling ctor()

Ping?

-- Steve


On Thu, 2013-01-17 at 12:13 -0500, Steven Rostedt wrote:
> [ Sorry for the duplicate email, it's linux-mm@...ck.org not linux-mm@...r.kernel.org ] 
> 
> While doing some code inspection, I noticed that the slob constructor
> method can be called with a NULL pointer. If memory is tight and slob
> fails to allocate with slob_alloc() or slob_new_pages() it still calls
> the ctor() method with a NULL pointer. Looking at the first ctor()
> method I found, I noticed that it can not handle a NULL pointer (I'm
> sure others probably can't either):
> 
> static void sighand_ctor(void *data)
> {
>         struct sighand_struct *sighand = data;
> 
>         spin_lock_init(&sighand->siglock);
>         init_waitqueue_head(&sighand->signalfd_wqh);
> }
> 
> The solution is to only call the ctor() method if allocation succeeded.
> 
> Signed-off-by: Steven Rostedt <rostedt@...dmis.org>
> 
> diff --git a/mm/slob.c b/mm/slob.c
> index a99fdf7..48fcb90 100644
> --- a/mm/slob.c
> +++ b/mm/slob.c
> @@ -554,7 +554,7 @@ void *kmem_cache_alloc_node(struct kmem_cache *c, gfp_t flags, int node)
>  					    flags, node);
>  	}
>  
> -	if (c->ctor)
> +	if (b && c->ctor)
>  		c->ctor(b);
>  
>  	kmemleak_alloc_recursive(b, c->size, 1, c->flags, flags);
> 
> 


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ