| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 22 Sep 2022 18:01:40 +0200
From: Johannes Zink <j.zink@...gutronix.de>
To: masahiroy@...nel.org, linux-kbuild@...r.kernel.org,
linux-kernel@...r.kernel.org
Cc: kernel@...gutronix.de
Subject: PROBLEM: Segfault in kconfig
Hi everyone,
[1.] One line summary of the problem:
kconfig crashes with segfault under rare circumstances
[2.] Full description of the problem/report:
Under certain circumstances jump keys are displayed on the search
results even if a symbol is deactivated by one of its
dependencies. Using the jump keys then triggers a segmentation
fault due to a NULL dereference. Perform the following steps to
trigger the issue
1.: ARCH=arm64 make defconfig
2.: ARCH=arm64 make menuconfig
3.: press '/' key to search for the string "EFI". Use jump key
(1) to jump to search result. Press 'n' key to deactivate the
entry.
4.: press '/' to seach for the string "ACPI". Use the jump key
(1) to jump to the search result.
Menuconfig then crashes with a segfault.
[3.] Keywords (i.e., modules, networking, kernel):
kconfig, mconf
[4.] Kernel information
[4.1.] Kernel version (from /proc/version):
v6.0.0-rc6
[4.2.] Kernel .config file:
arm64 default defconfig
[5.] Most recent kernel version which did not have the bug:
v5.15
[6.] Output of Oops.. message (if applicable) with symbolic information
resolved (see Documentation/admin-guide/bug-hunting.rst):
not applicable
[7.] A small shell script or example program which triggers the
problem (if possible):
not applicable, please see description in [2.]
[8.] Environment
[8.1.] Software (add the output of the ver_linux script here):
not applicable
[8.2.] Processor information (from /proc/cpuinfo):
not applicable
[8.3.] Module information (from /proc/modules):
not applicable
[8.4.] Loaded driver and hardware information (/proc/ioports,
/proc/iomem):
not applicable
[8.5.] PCI information ('lspci -vvv' as root):
not applicable
[8.6.] SCSI information (from /proc/scsi/scsi):
not applicable
[8.7.] Other information that might be relevant to the problem
(please look in /proc and include all information that you
think to be relevant):
not applicable
[X.] Other notes, patches, fixes, workarounds:
I found that the attached patch is a very hacky workaround to
keep menuconfig from crashing, but I am pretty sure the jump
keys should not have be activated for unaccessable entries in the
first place. I found it quite hard to find the corresponding part
in mconf, which is why I decided to send this bugreport instead
of sending a patch. Maybe someone on this list either knows mconf
really well and can just fix it, or guide me to where I can dig
around (though in that case I could really use some help on how
to debug menuconfig, since I found it challenging to get it
working with gdb)
Best regards
Johannes
---
scripts/kconfig/mconf.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/scripts/kconfig/mconf.c b/scripts/kconfig/mconf.c
index 9d3cf510562f..60a82f701bd3 100644
--- a/scripts/kconfig/mconf.c
+++ b/scripts/kconfig/mconf.c
@@ -447,7 +447,8 @@ static void search_conf(void)
again = false;
for (i = 0; i < JUMP_NB && keys[i]; i++)
if (dres == keys[i]) {
- conf(targets[i]->parent, targets[i]);
+ if (targets[i]->parent)
+ conf(targets[i]->parent,
targets[i]);
again = true;
}
str_free(&res);
--
Pengutronix e.K. | Johannes Zink |
Steuerwalder Str. 21 | https://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686| Fax: +49-5121-206917-5555 |
Powered by blists - more mailing lists