| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 6 Jan 2022 07:59:24 -0500
From: "Michael S. Tsirkin" <mst@...hat.com>
To: Jiasheng Jiang <jiasheng@...as.ac.cn>
Cc: jasowang@...hat.com, virtualization@...ts.linux-foundation.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] virtio_ring: Check null pointer
On Tue, Jan 04, 2022 at 11:12:51PM +0800, Jiasheng Jiang wrote:
> As the alloc_indirect_packed() returns kmalloc_array() that could
> allocation fail and return null pointer, it should be check in order to
> prevent the dereference of null pointer.
>
> Fixes: 1ce9e6055fa0 ("virtio_ring: introduce packed ring support")
> Signed-off-by: Jiasheng Jiang <jiasheng@...as.ac.cn>
Well upstream has:
virtio_ring: check desc == NULL when using indirect with packed
so this no longer applies.
I think we do need to fix it: the END_USE is missing there.
Sending a patch.
> ---
> v2: Remove the redundant empty line.
> ---
> drivers/virtio/virtio_ring.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/drivers/virtio/virtio_ring.c b/drivers/virtio/virtio_ring.c
> index 71e16b53e9c1..2923d8a68dc3 100644
> --- a/drivers/virtio/virtio_ring.c
> +++ b/drivers/virtio/virtio_ring.c
> @@ -992,6 +992,10 @@ static int virtqueue_add_indirect_packed(struct vring_virtqueue *vq,
>
> head = vq->packed.next_avail_idx;
> desc = alloc_indirect_packed(total_sg, gfp);
> + if (!desc) {
> + END_USE(vq);
> + return -ENOMEM;
> + }
>
> if (unlikely(vq->vq.num_free < 1)) {
> pr_debug("Can't add buf len 1 - avail = 0\n");
> --
> 2.25.1
Powered by blists - more mailing lists