lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sat, 09 Sep 2017 22:47:40 +0100
From:   Ben Hutchings <ben@...adent.org.uk>
To:     linux-kernel@...r.kernel.org, stable@...r.kernel.org
CC:     akpm@...ux-foundation.org,
        "Linus Torvalds" <torvalds@...ux-foundation.org>,
        "KAMEZAWA Hiroyuki" <kamezawa.hiroyu@...fujitsu.com>,
        "Sasha Levin" <levinsasha928@...il.com>,
        "Dave Hansen" <dave@...ux.vnet.ibm.com>,
        "KOSAKI Motohiro" <kosaki.motohiro@...fujitsu.com>,
        "Hugh Dickins" <hughd@...gle.com>,
        "Johannes Weiner" <hannes@...xchg.org>,
        "Mel Gorman" <mel@....ul.ie>, "Christoph Lameter" <cl@...ux.com>
Subject: [PATCH 3.2 104/106] mm: fix NULL ptr dereference in move_pages

3.2.93-rc1 review patch.  If anyone has any objections, please let me know.

------------------

From: Sasha Levin <levinsasha928@...il.com>

commit 6e8b09eaf268bceac0c62e389b4bc0cb83dfb8e5 upstream.

Commit 3268c63 ("mm: fix move/migrate_pages() race on task struct") has
added an odd construct where 'mm' is checked for being NULL, and if it is,
it would get dereferenced anyways by mput()ing it.

Signed-off-by: Sasha Levin <levinsasha928@...il.com>
Cc: Dave Hansen <dave@...ux.vnet.ibm.com>
Cc: Mel Gorman <mel@....ul.ie>
Cc: Johannes Weiner <hannes@...xchg.org>
Cc: KOSAKI Motohiro <kosaki.motohiro@...fujitsu.com>
Cc: KAMEZAWA Hiroyuki <kamezawa.hiroyu@...fujitsu.com>
Cc: Hugh Dickins <hughd@...gle.com>
Acked-by: Christoph Lameter <cl@...ux.com>
Signed-off-by: Andrew Morton <akpm@...ux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@...ux-foundation.org>
Signed-off-by: Ben Hutchings <ben@...adent.org.uk>
---
 mm/migrate.c | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

--- a/mm/migrate.c
+++ b/mm/migrate.c
@@ -1412,14 +1412,14 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid,
 	mm = get_task_mm(task);
 	put_task_struct(task);
 
-	if (mm) {
-		if (nodes)
-			err = do_pages_move(mm, task_nodes, nr_pages, pages,
-					    nodes, status, flags);
-		else
-			err = do_pages_stat(mm, nr_pages, pages, status);
-	} else
-		err = -EINVAL;
+	if (!mm)
+		return -EINVAL;
+
+	if (nodes)
+		err = do_pages_move(mm, task_nodes, nr_pages, pages,
+				    nodes, status, flags);
+	else
+		err = do_pages_stat(mm, nr_pages, pages, status);
 
 	mmput(mm);
 	return err;

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ