| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 9 Oct 2021 20:35:47 +0100
From: Matthew Wilcox <willy@...radead.org>
To: cgel.zte@...il.com
Cc: akpm@...ux-foundation.org, linux-mm@...ck.org,
linux-kernel@...r.kernel.org, xu xin <xu.xin16@....com.cn>,
Zeal Robot <zealci@....com.cn>
Subject: Re: [PATCH linux-next] mm/folio-compat: fix potential NULL pointer
access
On Mon, Sep 13, 2021 at 08:11:13AM +0000, cgel.zte@...il.com wrote:
> From: xu xin <xu.xin16@....com.cn>
>
> The pointer 'folio' might be NULL, but the structure it points to is accessed.
> Accordingly, we add a check of NULL pointer by 'if (!folio)'.
> Secondly, there is no need to check if folio is pointer or value with 'xa_is_value(folio)'
> because folio is alwayse pointer.
>
> Reported-by: Zeal Robot <zealci@....com.cn>
Your robot is garbage.
> folio = __filemap_get_folio(mapping, index, fgp_flags, gfp);
> - if ((fgp_flags & FGP_HEAD) || !folio || xa_is_value(folio))
> + if (!folio)
> + return NULL;
> + if ((fgp_flags & FGP_HEAD))
> return &folio->page;
&folio->page *does not access folio*. It does pointer arithmetic on
folio. Specifically, it adds zero to folio, because page is the first
element of folio.
Secondly, __filemap_get_folio() absolutely can return an xa_is_value()
result if FGP_ENTRY entry is set. It's right there in the first few
lines:
folio = mapping_get_entry(mapping, index);
if (xa_is_value(folio)) {
if (fgp_flags & FGP_ENTRY)
return folio;
Powered by blists - more mailing lists