| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aEtAtLu6IIv_0QHs@tardis.local> Date: Thu, 12 Jun 2025 14:03:48 -0700 From: Boqun Feng <boqun.feng@...il.com> To: Uladzislau Rezki <urezki@...il.com> Cc: Boqun Feng <boqun@...me.name>, "Paul E. McKenney" <paulmck@...nel.org>, Joel Fernandes <joelagnelf@...dia.com>, Joel Fernandes <joel@...lfernandes.org>, Neeraj Upadhyay <Neeraj.Upadhyay@....com>, RCU <rcu@...r.kernel.org>, LKML <linux-kernel@...r.kernel.org>, Frederic Weisbecker <frederic@...nel.org>, Oleksiy Avramchenko <oleksiy.avramchenko@...y.com> Subject: Re: [PATCH 1/3] rcu: Return early if callback is not specified On Thu, Jun 12, 2025 at 07:46:12PM +0200, Uladzislau Rezki wrote: > On Thu, Jun 12, 2025 at 10:30:38AM -0700, Boqun Feng wrote: > > > > > > On Tue, Jun 10, 2025, at 12:33 PM, Joel Fernandes wrote: > > > On 6/10/2025 1:34 PM, Uladzislau Rezki (Sony) wrote: > > >> Currently the call_rcu() API does not check whether a callback > > >> pointer is NULL. If NULL is passed, rcu_core() will try to invoke > > >> it, resulting in NULL pointer dereference and a kernel crash. > > >> > > >> To prevent this and improve debuggability, this patch adds a check > > >> for NULL and emits a kernel stack trace to help identify a faulty > > >> caller. > > >> > > >> Signed-off-by: Uladzislau Rezki (Sony) <urezki@...il.com> > > > > > > Reviewed-by: Joel Fernandes <joelagnelf@...dia.com> > > > > > > > Reviewed-by: Boqun Feng <boqun.feng@...il.com> > > > Thank you for review, Boqun! > > > > I will add this first one (only this one since we're discussing the others) to a > > > new rcu/fixes-for-6.16 branch, but let me know if any objections. > > > > > > > Not sure it´s urgent enough given the current evidence. > > > Let me clarify it a bit. My point is that, we get a kernel crash in a > subsystem we are responsible for, i.e. no matter if there are faulty > users of it(third party applications), the point is users can crash it. > Fair enough. > The kernel robot reports it and it is already a strong indication that > the subsystem is not hardened against invalid inputs: > > "BUG: unable to handle kernel NULL pointer dereference in rcu_core (3)" > > so this in the rcu_core() which is part of RCU. > > But, anyway Joel should decide. I shared my opinion :) > Of course, my point is that the urgency is not high enough so we have to put it in rcu/fixes, but it's a fix, and if Joel had the time to do it, feel free. Joel's decision. Regards, Boqun > -- > Uladzislau Rezki
Powered by blists - more mailing lists