lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20240426024149.21176-1-hailong.liu@oppo.com>
Date: Fri, 26 Apr 2024 10:41:49 +0800
From: <hailong.liu@...o.com>
To: <akpm@...ux-foundation.org>
CC: <urezki@...il.com>, <hch@...radead.org>, <lstoakes@...il.com>,
	<21cnbao@...il.com>, <linux-mm@...ck.org>, <linux-kernel@...r.kernel.org>,
	Hailong.Liu <hailong.liu@...o.com>, Barry Song <baohua@...nel.org>
Subject: [PATCH v3] mm/vmalloc: fix return value of vb_alloc if size is 0

From: "Hailong.Liu" <hailong.liu@...o.com>

The function vm_map_ram() uses IS_ERR() to validate the return value of
vb_alloc(). If vm_map_ram(page, 0, 0) is executed, vb_alloc(0, GFP_KERNEL)
would return NULL. In such a case, IS_ERR() cannot handle the return value
and lead to kernel panic by vmap_pages_range_noflush() at last. To resolve
this issue, return ERR_PTR(-EINVAL) if the size is 0.

Reviewed-by: Barry Song <baohua@...nel.org>
Reviewed-by: Uladzislau Rezki (Sony) <urezki@...il.com>
Signed-off-by: Hailong.Liu <hailong.liu@...o.com>
---
Changes since v2 [2]:
- Remove RFC tag
- Modify commit msg, per Barry
Changes since v1 [1]:
- Return ERR_PTR(-EINVAL) or not check IS_ERR_OR_NULL

[1] https://lore.kernel.org/all/84d7cd03-1cf8-401a-8edf-2524db0bd6d5@oppo.com/
[2] https://lore.kernel.org/all/20240419101643.11534-1-hailong.liu@oppo.com/

 mm/vmalloc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mm/vmalloc.c b/mm/vmalloc.c
index d12a17fc0c17..44be3edb3f42 100644
--- a/mm/vmalloc.c
+++ b/mm/vmalloc.c
@@ -2173,7 +2173,7 @@ static void *vb_alloc(unsigned long size, gfp_t gfp_mask)
 		 * get_order(0) returns funny result. Just warn and terminate
 		 * early.
 		 */
-		return NULL;
+		return ERR_PTR(-EINVAL);
 	}
 	order = get_order(size);

--
2.34.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ