lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAJZ5v0jSyE5chyVFFCaqOtE-huf8YH0mD6_udj2w4oA8KoN9qw@mail.gmail.com>
Date:   Wed, 26 Jul 2023 16:35:35 +0200
From:   "Rafael J. Wysocki" <rafael@...nel.org>
To:     Kiwamu Okabe <okabe@...inux.co.jp>
Cc:     "Rafael J. Wysocki" <rafael@...nel.org>,
        Len Brown <lenb@...nel.org>, linux-acpi@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] ACPI: tables: Fix NULL dereference by acpi_os_map_memory()

On Wed, Jul 26, 2023 at 6:53 AM Kiwamu Okabe <okabe@...inux.co.jp> wrote:
>
> The Infer static analyzer https://fbinfer.com/ reports following
> NULL poinster dereference by the acpi_os_map_memory() function.
> I believe this patch does fix the issue without any panic.

Please demonstrate to me that the NULL pointer dereference can
actually happen in this code.

Thanks!

> Signed-off-by: Kiwamu Okabe <okabe@...inux.co.jp>
> ---
>  drivers/acpi/tables.c | 6 ++++++
>  1 file changed, 6 insertions(+)
>
> diff --git a/drivers/acpi/tables.c b/drivers/acpi/tables.c
> index 8ab0a82b4da4..ae7b7343bacf 100644
> --- a/drivers/acpi/tables.c
> +++ b/drivers/acpi/tables.c
> @@ -717,6 +717,9 @@ acpi_table_initrd_override(struct acpi_table_header *existing_table,
>         while (table_offset + ACPI_HEADER_SIZE <= all_tables_size) {
>                 table = acpi_os_map_memory(acpi_tables_addr + table_offset,
>                                            ACPI_HEADER_SIZE);
> +               if (WARN_ON(!table)) {
> +                       return AE_OK;
> +               }
>                 if (table_offset + table->length > all_tables_size) {
>                         acpi_os_unmap_memory(table, ACPI_HEADER_SIZE);
>                         WARN_ON(1);
> @@ -772,6 +775,9 @@ static void __init acpi_table_initrd_scan(void)
>         while (table_offset + ACPI_HEADER_SIZE <= all_tables_size) {
>                 table = acpi_os_map_memory(acpi_tables_addr + table_offset,
>                                            ACPI_HEADER_SIZE);
> +               if (WARN_ON(!table)) {
> +                       return;
> +               }
>                 if (table_offset + table->length > all_tables_size) {
>                         acpi_os_unmap_memory(table, ACPI_HEADER_SIZE);
>                         WARN_ON(1);
> --
> 2.39.2
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ