lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <20250111175808.48744-1-tanyaagarwal25699@gmail.com>
Date: Sat, 11 Jan 2025 23:28:08 +0530
From: Tanya Agarwal <tanyaagarwal25699@...il.com>
To: dave.hansen@...ux.intel.com,
	luto@...nel.org,
	peterz@...radead.org,
	tglx@...utronix.de,
	mingo@...hat.com,
	bp@...en8.de
Cc: x86@...nel.org,
	hpa@...or.com,
	kirill.shutemov@...ux.intel.com,
	rick.p.edgecombe@...el.com,
	akpm@...ux-foundation.org,
	tanyaagarwal25699@...il.com,
	skhan@...uxfoundation.org,
	anupnewsmail@...il.com,
	linux-kernel@...r.kernel.org
Subject: [PATCH V2] x86/mm: Fix NULL pointer dereference in kernel_page_present()

From: Tanya Agarwal <tanyaagarwal25699@...il.com>

The static code analysis tool "Coverity Scan" pointed the following
details out for further development considerations:
CID 1271215: Dereference null return value (NULL_RETURNS)
dereference: Dereferencing pte, which is known to be NULL.

Conclusion:
Add WARN_ON_ONCE() and NULL check for pte before dereferencing it.

Fixes: 8a235efad548 ("Hibernation: Handle DEBUG_PAGEALLOC on x86")
Signed-off-by: Tanya Agarwal <tanyaagarwal25699@...il.com>
---
V2: add WARN_ON_ONCE() as suggested by Dave

Coverity Link:
https://scan5.scan.coverity.com/#/project-view/63683/10063?selectedIssue=1271215

 arch/x86/mm/pat/set_memory.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/arch/x86/mm/pat/set_memory.c b/arch/x86/mm/pat/set_memory.c
index 95bc50a8541c..8f9d418e6a8c 100644
--- a/arch/x86/mm/pat/set_memory.c
+++ b/arch/x86/mm/pat/set_memory.c
@@ -2495,6 +2495,9 @@ bool kernel_page_present(struct page *page)
 		return false;
 
 	pte = lookup_address((unsigned long)page_address(page), &level);
+	if (WARN_ON_ONCE(!pte))
+		return false;
+
 	return (pte_val(*pte) & _PAGE_PRESENT);
 }
 
-- 
2.39.5

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ