lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Z-wLSic0zBiCDrkC@slm.duckdns.org>
Date: Tue, 1 Apr 2025 05:50:34 -1000
From: Tejun Heo <tj@...nel.org>
To: Wentao Liang <vulab@...as.ac.cn>
Cc: gregkh@...uxfoundation.org, linux-kernel@...r.kernel.org,
	stable@...r.kernel.org
Subject: Re: [PATCH] kernfs: fix potential NULL dereference in mmap handler

On Tue, Apr 01, 2025 at 11:18:59PM +0800, Wentao Liang wrote:
> The kernfs_fop_mmap() invokes the '->mmap' callback without verifying its
> existence. This leads to a NULL pointer dereference when the kernfs node
> does not define the operation, resulting in an invalid memory access.
> 
> Add a check to ensure the '->mmap' callback is present before invocation.
> Return -EINVAL when uninitialized to prevent the invalid access.

I think that's already checked through KERNFS_HAS_MMAP.

Thanks.

-- 
tejun

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ