| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ZwPhLFIk4gvhn10d@x1n> Date: Mon, 7 Oct 2024 09:25:00 -0400 From: Peter Xu <peterx@...hat.com> To: manas18244@...td.ac.in Cc: Andrew Morton <akpm@...ux-foundation.org>, Shuah Khan <skhan@...uxfoundation.org>, Anup Sharma <anupnewsmail@...il.com>, linux-mm@...ck.org, linux-kernel@...r.kernel.org, syzbot+093d096417e7038a689b@...kaller.appspotmail.com Subject: Re: [PATCH v4] Fixes: null pointer dereference in pfnmap_lockdep_assert On Fri, Oct 04, 2024 at 11:12:16PM +0530, Manas via B4 Relay wrote: > From: Manas <manas18244@...td.ac.in> > > syzbot has pointed to a possible null pointer dereference in > pfnmap_lockdep_assert. vm_file member of vm_area_struct is being > dereferenced without any checks. > > This fix assigns mapping only if vm_file is not NULL. > > Reported-by: syzbot+093d096417e7038a689b@...kaller.appspotmail.com > Closes: https://syzkaller.appspot.com/bug?extid=093d096417e7038a689b > --- > This bug[1] triggers a general protection fault in follow_pfnmap_start > function. An assertion pfnmap_lockdep_assert inside this function > dereferences vm_file member of vm_area_struct. And panic gets triggered > when vm_file is NULL. > > This patch assigns mapping only if vm_file is not NULL. > > [1] https://syzkaller.appspot.com/bug?extid=093d096417e7038a689b > > Signed-off-by: Manas <manas18244@...td.ac.in> Reviewed-by: Peter Xu <peterx@...hat.com> -- Peter Xu
Powered by blists - more mailing lists