lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250221151157.11661C33-hca@linux.ibm.com>
Date: Fri, 21 Feb 2025 16:11:57 +0100
From: Heiko Carstens <hca@...ux.ibm.com>
To: Haoxiang Li <haoxiang_li2024@....com>
Cc: gor@...ux.ibm.com, agordeev@...ux.ibm.com, borntraeger@...ux.ibm.com,
        svens@...ux.ibm.com, schwidefsky@...ibm.com,
        linux-s390@...r.kernel.org, linux-kernel@...r.kernel.org,
        stable@...r.kernel.org
Subject: Re: [PATCH v2] s390/sclp: Add check for get_zeroed_page()

On Tue, Feb 18, 2025 at 10:52:16AM +0800, Haoxiang Li wrote:
> Add check for the return value of get_zeroed_page() in
> sclp_console_init() to prevent null pointer dereference.
> Furthermore, to solve the memory leak caused by the loop
> allocation, add a free helper to do the free job.
> 
> Fixes: 4c8f4794b61e ("[S390] sclp console: convert from bootmem to slab")
> Cc: stable@...r.kernel.org
> Signed-off-by: Haoxiang Li <haoxiang_li2024@....com>
> ---
> Changes in v2:
> - Add a free helper to solve the memory leak caused by loop allocation.
> - Thanks Heiko! I realized that v1 patch overlooked a potential memory leak.
> After consideration, I choose to do the full exercise. I noticed a similar
> handling in [1], following that handling I submit this v2 patch. Thanks again!
> 
> Reference link:
> [1]https://github.com/torvalds/linux/blob/master/drivers/s390/char/sclp_vt220.c#L699
> ---
>  drivers/s390/char/sclp_con.c | 17 +++++++++++++++++
>  1 file changed, 17 insertions(+)

Ok, but this should come without Fixes and Cc stable, since in real life this
code will never be executed. It is just to make the code look saner, and to
avoid that more people look into this in the future.

Acked-by: Heiko Carstens <hca@...ux.ibm.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ