lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20171102061729.GD5678@1wt.eu>
Date:   Thu, 2 Nov 2017 07:17:29 +0100
From:   Willy Tarreau <w@....eu>
To:     Andreas Gruenbacher <agruenba@...hat.com>
Cc:     LKML <linux-kernel@...r.kernel.org>,
        stable <stable@...r.kernel.org>, linux@...ck-us.net,
        Al Viro <viro@...iv.linux.org.uk>
Subject: Re: [PATCH 3.10 054/139] direct-io: Prevent NULL pointer access in
 submit_page_section

Hi Andreas,

On Wed, Nov 01, 2017 at 11:43:26PM +0100, Andreas Gruenbacher wrote:
> > diff --git a/fs/direct-io.c b/fs/direct-io.c
> > index e17d919..85485c1 100644
> > --- a/fs/direct-io.c
> > +++ b/fs/direct-io.c
> > @@ -760,6 +760,8 @@ out:
> >         if (sdio->boundary) {
> >                 ret = dio_send_cur_page(dio, sdio, map_bh);
> >                 dio_bio_submit(dio, sdio);
> > +               if (sdio->bio)
> > +                       dio_bio_submit(dio, sdio);
> >                 page_cache_release(sdio->cur_page);
> >                 sdio->cur_page = NULL;
> >         }
> 
> this is incorrect; please compare with the upstream commit.

Oh crap, sorry! I had to fix it by hand and I messed up fixing
the conflict! I've just dropped the first dio_bio_submit() so
that only the conditional one remains now.

Thanks for reporting it!
Willy

---

commit d75e8540fd8bedc8ee8d11941a7aed3a86735c47
Author: Andreas Gruenbacher <agruenba@...hat.com>
Date:   Mon Oct 9 11:13:18 2017 +0200

    direct-io: Prevent NULL pointer access in submit_page_section
    
    commit 899f0429c7d3eed886406cd72182bee3b96aa1f9 upstream.
    
    In the code added to function submit_page_section by commit b1058b981,
    sdio->bio can currently be NULL when calling dio_bio_submit.  This then
    leads to a NULL pointer access in dio_bio_submit, so check for a NULL
    bio in submit_page_section before trying to submit it instead.
    
    Fixes xfstest generic/250 on gfs2.
    
    Cc: stable@...r.kernel.org # v3.10+
    Signed-off-by: Andreas Gruenbacher <agruenba@...hat.com>
    Reviewed-by: Jan Kara <jack@...e.cz>
    Signed-off-by: Al Viro <viro@...iv.linux.org.uk>
    Signed-off-by: Willy Tarreau <w@....eu>

diff --git a/fs/direct-io.c b/fs/direct-io.c
index e17d919..4007749 100644
--- a/fs/direct-io.c
+++ b/fs/direct-io.c
@@ -759,7 +759,8 @@ out:
 	 */
 	if (sdio->boundary) {
 		ret = dio_send_cur_page(dio, sdio, map_bh);
-		dio_bio_submit(dio, sdio);
+		if (sdio->bio)
+			dio_bio_submit(dio, sdio);
 		page_cache_release(sdio->cur_page);
 		sdio->cur_page = NULL;
 	}

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ