| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20211210131655.2eeb8f866382c324b605a6ce@linux-foundation.org>
Date: Fri, 10 Dec 2021 13:16:55 -0800
From: Andrew Morton <akpm@...ux-foundation.org>
To: Jiasheng Jiang <jiasheng@...as.ac.cn>
Cc: pmladek@...e.com, valentin.schneider@....com, peterz@...radead.org,
keescook@...omium.org, robdclark@...omium.org,
samitolvanen@...gle.com, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] kthread: potential dereference of null pointer
On Thu, 9 Dec 2021 14:43:14 +0800 Jiasheng Jiang <jiasheng@...as.ac.cn> wrote:
> The return value of kzalloc() needs to be checked.
> To avoid use of null pointer in case of the failure of alloc.
>
> ...
>
> --- a/kernel/kthread.c
> +++ b/kernel/kthread.c
> @@ -101,6 +101,8 @@ void set_kthread_struct(struct task_struct *p)
> return;
>
> kthread = kzalloc(sizeof(*kthread), GFP_KERNEL);
> + if (!kthread)
> + return;
> /*
> * We abuse ->set_child_tid to avoid the new member and because it
> * can't be wrongly copied by copy_process(). We also rely on fact
No, we shouldn't simply leave ->set_child_tid uninitialized if kmalloc
failed.
set_ktread_struct() appears to be designed so that callers must check
that to_kthread() returns non-zero after having called
set_kthread_struct().
Which is a quite weird interface, but I'm not seeing any bugs here. If
kthread() sees to_kthread()==NULL then this kthread won't be created
and all the other unchecked calls to to_kthread() will never execute,
because this kthread doesn't exist.
The exception is in init_idle(), but that's __init code, executed at
boot time when we assume that allocations will always succeed.
Powered by blists - more mailing lists