| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <YKE8OHsq4IHN9q8W@hirez.programming.kicks-ass.net>
Date: Sun, 16 May 2021 17:37:28 +0200
From: Peter Zijlstra <peterz@...radead.org>
To: Khaled Romdhani <khaledromdhani216@...il.com>
Cc: mingo@...hat.com, juri.lelli@...hat.com,
vincent.guittot@...aro.org, dietmar.eggemann@....com,
rostedt@...dmis.org, bsegall@...gle.com, mgorman@...e.de,
bristot@...hat.com, linux-kernel@...r.kernel.org,
kernel-janitors@...r.kernel.org
Subject: Re: [PATCH-next] sched: Fix Null pointer derefrence
On Sun, May 16, 2021 at 02:01:29PM +0100, Khaled Romdhani wrote:
> On Sat, May 15, 2021 at 11:02:38PM +0200, Peter Zijlstra wrote:
> > On Sat, May 15, 2021 at 05:46:45PM +0100, Khaled ROMDHANI wrote:
> > > The 'curr' variable could be NULL and derefrenced by
> > > pick_next_entity. Fix this by adding a check that prevent
> > > the invocation of pick_next_entity with a NULL passed argument.
> >
> > And why exactly is that a problem?
> >
> Within pick_next_entity, we could have 'left = curr'.
> Thus the function wakeup_preempt_entity which is invoked
> from pick_next_entity, derefrence the the sched entity 'left'
> that may be a NULL passed argument.
We call pick_next_entity() from pick_task_fair() (or
pick_next_task_fair(), same argument for both), we only call it when
cfs_rq->nr_running != 0. IOW we *know* there is at least one task.
Therefore, if curr == NULL, we *must* have left.
If you can't read code, stay away from Coverity, it's crap.
Powered by blists - more mailing lists