| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <tencent_11194B111B6F25CEBA5FBB71336B9E9D1B08@qq.com>
Date: Tue, 5 Mar 2024 19:38:16 +0800
From: Edward Adam Davis <eadavis@...com>
To: syzbot+02e64be5307d72e9c309@...kaller.appspotmail.com
Cc: linux-fsdevel@...r.kernel.org,
linux-kernel@...r.kernel.org,
syzkaller-bugs@...glegroups.com
Subject: [PATCH] mm/pagemap: fix null ptr deref in do_pagemap_cmd
When pagemap_open() runs in the kernel thread context, task->mm is NULL, it will
causes the pagemap file object's file->private_date to be NULL when the pagemap
file is opened, this will ultimately result in do_pagemap_cmd() referencing a
null pointer.
So, before PAGEMAP_SCAN ioctl() call do_pagemap_scan(), need check mm first.
Fixes: 52526ca7fdb9 ("fs/proc/task_mmu: implement IOCTL to get and optionally clear info about PTEs")
Reported-and-tested-by: syzbot+02e64be5307d72e9c309@...kaller.appspotmail.com
Signed-off-by: Edward Adam Davis <eadavis@...com>
---
fs/proc/task_mmu.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c
index 3f78ebbb795f..ab28666956d0 100644
--- a/fs/proc/task_mmu.c
+++ b/fs/proc/task_mmu.c
@@ -2510,6 +2510,8 @@ static long do_pagemap_cmd(struct file *file, unsigned int cmd,
switch (cmd) {
case PAGEMAP_SCAN:
+ if (!mm)
+ return -EINVAL;
return do_pagemap_scan(mm, arg);
default:
--
2.43.0
Powered by blists - more mailing lists