| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20190517082633.GA3890@zhanggen-UX430UQ> Date: Fri, 17 May 2019 16:26:33 +0800 From: Gen Zhang <blackgod016574@...il.com> To: ard.biesheuvel@...aro.org, dvhart@...radead.org Cc: linux-kernel@...r.kernel.org Subject: [PATCH] efi_64: Fix a missing-check bug in arch/x86/platform/efi/efi_64.c of Linux 5.1 save_pgd is allocated by kmalloc_array. And it is dereferenced in the following codes. However, memory allocation functions such as kmalloc_array may fail. Dereferencing this save_pgd null pointer may cause the kernel go wrong. Thus we should check this allocation and add error handling code. Signed-off-by: Gen Zhang <blackgod016574@...il.com> --- diff --git a/arch/x86/platform/efi/efi_64.c b/arch/x86/platform/efi/efi_64.c index cf0347f..fb9ae57 100644 --- a/arch/x86/platform/efi/efi_64.c +++ b/arch/x86/platform/efi/efi_64.c @@ -91,6 +91,8 @@ pgd_t * __init efi_call_phys_prolog(void) n_pgds = DIV_ROUND_UP((max_pfn << PAGE_SHIFT), PGDIR_SIZE); save_pgd = kmalloc_array(n_pgds, sizeof(*save_pgd), GFP_KERNEL); + if (!save_pgd) + goto err; /* * Build 1:1 identity mapping for efi=old_map usage. Note that @@ -142,6 +144,9 @@ pgd_t * __init efi_call_phys_prolog(void) __flush_tlb_all(); return save_pgd; +err: + __flush_tlb_all(); + return ERR_PTR(-ENOMEM); } void __init efi_call_phys_epilog(pgd_t *save_pgd) ---
Powered by blists - more mailing lists