lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAFqt6zYztssQEgMJtafr_ZdMYvBwAU-BZ4Z4tOWQPJ6eFnHq2Q@mail.gmail.com>
Date:   Wed, 15 Apr 2020 01:25:07 +0530
From:   Souptick Joarder <jrdr.linux@...il.com>
To:     Ira Weiny <ira.weiny@...el.com>
Cc:     Miles Chen <miles.chen@...iatek.com>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Linux-MM <linux-mm@...ck.org>, linux-kernel@...r.kernel.org,
        linux-mediatek@...ts.infradead.org, wsd_upstream@...iatek.com
Subject: Re: [PATCH] mm/gup: fix null pointer dereference detected by coverity

On Tue, Apr 7, 2020 at 11:49 PM Ira Weiny <ira.weiny@...el.com> wrote:
>
> On Tue, Apr 07, 2020 at 05:51:07PM +0800, Miles Chen wrote:
> > In fixup_user_fault(), it is possible that unlocked is NULL,
> > so we should test unlocked before using it.
> >
> > For example, in arch/arc/kernel/process.c, NULL is passed
> > to fixup_user_fault().
> >
> > SYSCALL_DEFINE3(arc_usr_cmpxchg, int *, uaddr, int, expected, int, new)
> > {
> > ...
> >       ret = fixup_user_fault(current, current->mm, (unsigned long) uaddr,
> >                              FAULT_FLAG_WRITE, NULL);
> > ...
> > }
> >
> > Fixes: 4a9e1cda2748 ("mm: bring in additional flag for fixup_user_fault to signal unlock")
> > Signed-off-by: Miles Chen <miles.chen@...iatek.com>
>
> Reviewed-by: Ira Weiny <ira.weiny@...el.com>

Acked-by: Souptick Joarder <jrdr.linux@...il.com>

>
> > ---
> >  mm/gup.c | 3 ++-
> >  1 file changed, 2 insertions(+), 1 deletion(-)
> >
> > diff --git a/mm/gup.c b/mm/gup.c
> > index da3e03185144..a68d11dc232d 100644
> > --- a/mm/gup.c
> > +++ b/mm/gup.c
> > @@ -1230,7 +1230,8 @@ int fixup_user_fault(struct task_struct *tsk, struct mm_struct *mm,
> >       if (ret & VM_FAULT_RETRY) {
> >               down_read(&mm->mmap_sem);
> >               if (!(fault_flags & FAULT_FLAG_TRIED)) {
> > -                     *unlocked = true;
> > +                     if (unlocked)
> > +                             *unlocked = true;
> >                       fault_flags |= FAULT_FLAG_TRIED;
> >                       goto retry;
> >               }
> > --
> > 2.18.0
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ