| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4704cbab-de5a-4c0b-ac71-4fba0fe8b5c3@intel.com> Date: Fri, 24 Jan 2025 09:10:34 -0800 From: Dave Hansen <dave.hansen@...el.com> To: Tanya Agarwal <tanyaagarwal25699@...il.com>, dave.hansen@...ux.intel.com, luto@...nel.org, peterz@...radead.org, tglx@...utronix.de, mingo@...hat.com, bp@...en8.de Cc: x86@...nel.org, hpa@...or.com, kirill.shutemov@...ux.intel.com, rick.p.edgecombe@...el.com, akpm@...ux-foundation.org, skhan@...uxfoundation.org, anupnewsmail@...il.com, linux-kernel@...r.kernel.org Subject: Re: [PATCH V2] x86/mm: Fix NULL pointer dereference in kernel_page_present() On 1/11/25 09:58, Tanya Agarwal wrote: > From: Tanya Agarwal <tanyaagarwal25699@...il.com> > > The static code analysis tool "Coverity Scan" pointed the following > details out for further development considerations: > CID 1271215: Dereference null return value (NULL_RETURNS) > dereference: Dereferencing pte, which is known to be NULL. I think we need an actual changelog for this, as opposed to just blindly trusting Coverity. You can say that Coverity helped identify this as an issue, but we don't need the "CID" or other Coverity gunk in our changelogs. We don't care. Could you please elaborate on where this issue might affect people? It's also entirely theoretical as far as I can tell. I can't even conjure up a contrived case where it could be triggered. We won't do _anything_ with this patch until the merge window closes, so you've got at least a week to spruce up the changelog.
Powered by blists - more mailing lists