lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAE8VWiKQ4fdeBeoWbGf55QXaqHrEdSCxo5qTJ=S2vKVd5W1scw@mail.gmail.com>
Date: Wed, 20 Nov 2024 18:23:09 +0530
From: Shresth Prasad <shresthprasad7@...il.com>
To: Borislav Petkov <bp@...en8.de>
Cc: Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, 
	Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org, 
	"H. Peter Anvin" <hpa@...or.com>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] x86/sev: Fix dereference NULL return value

On Wed, Nov 20, 2024 at 2:33 AM Borislav Petkov <bp@...en8.de> wrote:
>
> On Wed, Nov 20, 2024 at 02:21:13AM +0530, Shresth Prasad wrote:
> > Prevent a NULL pointer dereference in snp_kexec_finish() by checking the
> > value returned by lookup_address() call.
>
> Can this really happen?

lookup_address() does return NULL in some paths so I do assume that it
can happen, unless there's a logical reason why it can't (please let me know if
that's the case). I've also seen it be checked this way in a couple
other places.

>
> > This issue was reported by Coverity scan:
> > https://scan7.scan.coverity.com/#/project-view/52279/11354?selectedIssue=1601527
>
> I can't open this page - all coverity folks: you either describe what the
> issue is or don't bother sending patches.

I'm not sure why you can't open the page but would it help if I was more
descriptive in the commit message?

>
> > Fixes: 3074152e56c9 ("x86/sev: Convert shared memory back to private on kexec")
>
> So I'd hope if you report a bug against some patch, the least you could do is
> CC its author...

Really sorry about that, I completely overlooked it. I'll CC them
when I resend the patch.

Best Regards,
Shresth

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ