lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <Y8VrhNe/g6OGMEUg@casper.infradead.org>
Date:   Mon, 16 Jan 2023 15:21:40 +0000
From:   Matthew Wilcox <willy@...radead.org>
To:     David Hildenbrand <david@...hat.com>
Cc:     Екатерина Есина 
        <eesina@...ralinux.ru>, Mike Kravetz <mike.kravetz@...cle.com>,
        Andrew Morton <akpm@...ux-foundation.org>, linux-mm@...ck.org,
        linux-kernel@...r.kernel.org, lvc-project@...uxtesting.org
Subject: Re: [PATCH mm] mm: hugetlb: Add checks for NULL for vma returned
 from find_vma. find_vma may return NULL, that's why its return value is
 usually checked for NULL.

On Mon, Jan 16, 2023 at 04:12:48PM +0100, David Hildenbrand wrote:
> On 16.01.23 16:10, Екатерина Есина wrote:
> > Sorry, I've noticed that I'd sent the patch without description and sent
> > version 2.
> > Function find_vma may return NULL, that's why its return value is
> > usually checked for NULL. In this case vma and its fields also should be
> > checked before dereferencing to avoid NULL pointer dereference
> 
> Thanks, but again
> 
> What are the symptoms? How exactly does this BUG manifest?
> 
> For example, does the kernel crash, and if so, how can it be triggered?

SVACE is a static analyser.  It's not very good, but the people who run
it are extremely persistent about submitting patches based solely on the
output of the tool and doing no human checks of their own.  Probably best
to just ignore them, or NACK them.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ