lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <ZwPhLFIk4gvhn10d@x1n>
Date: Mon, 7 Oct 2024 09:25:00 -0400
From: Peter Xu <peterx@...hat.com>
To: manas18244@...td.ac.in
Cc: Andrew Morton <akpm@...ux-foundation.org>,
	Shuah Khan <skhan@...uxfoundation.org>,
	Anup Sharma <anupnewsmail@...il.com>, linux-mm@...ck.org,
	linux-kernel@...r.kernel.org,
	syzbot+093d096417e7038a689b@...kaller.appspotmail.com
Subject: Re: [PATCH v4] Fixes: null pointer dereference in
 pfnmap_lockdep_assert

On Fri, Oct 04, 2024 at 11:12:16PM +0530, Manas via B4 Relay wrote:
> From: Manas <manas18244@...td.ac.in>
> 
> syzbot has pointed to a possible null pointer dereference in
> pfnmap_lockdep_assert. vm_file member of vm_area_struct is being
> dereferenced without any checks.
> 
> This fix assigns mapping only if vm_file is not NULL.
> 
> Reported-by: syzbot+093d096417e7038a689b@...kaller.appspotmail.com
> Closes: https://syzkaller.appspot.com/bug?extid=093d096417e7038a689b
> ---
> This bug[1] triggers a general protection fault in follow_pfnmap_start
> function. An assertion pfnmap_lockdep_assert inside this function
> dereferences vm_file member of vm_area_struct. And panic gets triggered
> when vm_file is NULL.
> 
> This patch assigns mapping only if vm_file is not NULL.
> 
> [1] https://syzkaller.appspot.com/bug?extid=093d096417e7038a689b
> 
> Signed-off-by: Manas <manas18244@...td.ac.in>

Reviewed-by: Peter Xu <peterx@...hat.com>

-- 
Peter Xu


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ