lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 23 Sep 2013 12:41:10 -0700
From:	Andrew Morton <akpm@...ux-foundation.org>
To:	P J P <ppandit@...hat.com>
Cc:	linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/2] Fix NULL pointer dereference while loading
 initramfs

On Sun, 15 Sep 2013 14:33:53 +0530 (IST) P J P <ppandit@...hat.com> wrote:

> Make menuconfig allows one to choose compression format of an
> initial ramdisk image. But this choice does not result in duly
> compressed initial ramdisk image. Because - $ make install - does
> not pass on the selected compression choice to the dracut(8) tool,
> which creates the initramfs file. dracut(8) generates the image
> with the default compression, ie. gzip(1).
> 
> If a user chose any other compression instead of gzip(1), it leads
> to a crash due to NULL pointer dereference in crd_load(), caused by
> a NULL function pointer returned by the 'decompress_method()' routine.
> Because the initramfs image is gzip(1) compressed, whereas the kernel
> knows how decompress the chosen format and not gzip(1).
> 
> This patch replaces the crash by an explicit panic() call with an
> appropriate error message. This shall prevent the kernel from
> eventually panicking in: init/do_mounts.c: mount_block_root() with
>   -> panic("VFS: Unable to mount root fs on %s", b);
> 
> Signed-off-by: P J P <prasad@...hat.com>
> 
> diff --git a/init/do_mounts_rd.c b/init/do_mounts_rd.c
> index 6be2879..76faec1 100644
> --- a/init/do_mounts_rd.c
> +++ b/init/do_mounts_rd.c
> @@ -342,6 +342,13 @@ static int __init crd_load(int in_fd, int out_fd, decompress_fn deco)
>  	int result;
>  	crd_infd = in_fd;
>  	crd_outfd = out_fd;
> +
> +    if (!deco)
> +    {
> +        printk(KERN_EMERG "Invalid decompression routine address: %p\n", deco);
> +        panic("Could not decompress initial ramdisk image.");
> +    }

A few things here.

- the coding style is very unconventional.  We'd do it like this:

static int __init crd_load(int in_fd, int out_fd, decompress_fn deco)
{
	int result;
	crd_infd = in_fd;
	crd_outfd = out_fd;

	if (!deco) {
		pr_emerg("Invalid decompression routine address: %p\n", deco);
		panic("Could not decompress initial ramdisk image.");
	}

	result = deco(NULL, 0, compr_fill, compr_flush, NULL, NULL, error);
	if (decompress_error)
		result = 1;
	return result;
}

- Note the use of the pr_emerg() shorthand, which prevents the
  statement from overflowing 80 columns.

- There isn't much point in printing the value of `deco' - we already
  know it's NULL.  Isn't there some more useful message we can display
  which will tell the user what he/she did wrong, and which explains
  how to fix it?

- Is anyone working on fixing up Kconfig/dracut(8) so the correct
  decompression method is used?

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ