| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAOi1vP_8tkj+JmDJMA6PdDHzpbOyBxBeZ=yD-jmu14Fp6sfiBA@mail.gmail.com>
Date: Mon, 9 Jun 2025 22:51:55 +0200
From: Ilya Dryomov <idryomov@...il.com>
To: Ye Chey <yechey@...sast.com>
Cc: xiubli@...hat.com, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] ceph: fix potential NULL pointer dereference in ceph_msgpool_get
On Wed, May 21, 2025 at 4:38 PM Ye Chey <yechey@...sast.com> wrote:
>
> Add NULL check for mempool_alloc return value in ceph_msgpool_get to prevent
> potential NULL pointer dereference when memory allocation fails.
Hi Ye,
I don't see any dereference after the call to mempool_alloc() in this
function -- the pointer that is returned by mempool_alloc() is simply
propagated. The dout may log it but it's not dereferenced there.
Thanks,
Ilya
>
> Signed-off-by: Ye Chey <yechey@...sast.com>
> ---
> net/ceph/msgpool.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/net/ceph/msgpool.c b/net/ceph/msgpool.c
> index e3ecb80cd..e9d81c76d 100644
> --- a/net/ceph/msgpool.c
> +++ b/net/ceph/msgpool.c
> @@ -74,6 +74,10 @@ struct ceph_msg *ceph_msgpool_get(struct ceph_msgpool *pool, int front_len,
> }
>
> msg = mempool_alloc(pool->pool, GFP_NOFS);
> + if (!msg) {
> + dout("msgpool_get %s failed\n", pool->name);
> + return NULL;
> + }
> dout("msgpool_get %s %p\n", pool->name, msg);
> return msg;
> }
> --
> 2.44.0
>
Powered by blists - more mailing lists