lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20251022184230.124113-1-i.shihao.999@gmail.com>
Date: Thu, 23 Oct 2025 00:12:30 +0530
From: Shi Hao <i.shihao.999@...il.com>
To: peterz@...radead.org
Cc: mingo@...hat.com,
	acme@...nel.org,
	namhyung@...nel.org,
	x86@...nel.org,
	linux-perf-users@...r.kernel.org,
	linux-kernel@...r.kernel.org,
	hpa@...or.com,
	Shi Hao <i.shihao.999@...il.com>,
	Smatch static checker <smatch@...nel.org>
Subject: [PATCH] _x86: intel: pt: fix potential null dereferences

Add checks to prevent potential null dereferences of buf->stop_te
and buf->intr_te in pt_buffer_reset_markers function.

Smatch reported possible null dereferences of buf->stop_te and
buf->intr_te in the pt_buffer_reset_markers() and when i checked
both pointers were checked for null dereferences in earlier lines
however,after calling pt_topa_entry_for_page() where its return
value is NULL in certain conditions there were no checks for further
buf->stop_te and buf->intr_te uses which could potentially be null
dereferenced.

To avoid null dereference add checks after each pt_topa_entry_for_page()
call to safely handle null returns and also add checks where there was
direct dereference of the pointers.

Reported-by: Smatch static checker <smatch@...nel.org>
Signed-off-by: Shi Hao <i.shihao.999@...il.com>
---
 arch/x86/events/intel/pt.c | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/arch/x86/events/intel/pt.c b/arch/x86/events/intel/pt.c
index e8cf29d2b10c..2b7d5d118b48 100644
--- a/arch/x86/events/intel/pt.c
+++ b/arch/x86/events/intel/pt.c
@@ -1148,7 +1148,8 @@ static int pt_buffer_reset_markers(struct pt_buffer *buf,
 	if (idx != buf->stop_pos) {
 		buf->stop_pos = idx;
 		buf->stop_te = pt_topa_entry_for_page(buf, idx);
-		buf->stop_te = pt_topa_prev_entry(buf, buf->stop_te);
+		if (buf->stop_te)
+			buf->stop_te = pt_topa_prev_entry(buf, buf->stop_te);
 	}

 	wakeup = handle->wakeup >> PAGE_SHIFT;
@@ -1162,12 +1163,16 @@ static int pt_buffer_reset_markers(struct pt_buffer *buf,
 	if (idx != buf->intr_pos) {
 		buf->intr_pos = idx;
 		buf->intr_te = pt_topa_entry_for_page(buf, idx);
-		buf->intr_te = pt_topa_prev_entry(buf, buf->intr_te);
+		if (buf->intr_te)
+			buf->intr_te = pt_topa_prev_entry(buf, buf->intr_te);
 	}

-	buf->stop_te->stop = 1;
-	buf->stop_te->intr = 1;
-	buf->intr_te->intr = 1;
+	if (buf->stop_te) {
+		buf->stop_te->stop = 1;
+		buf->stop_te->intr = 1;
+	}
+	if (buf->intr_te)
+		buf->intr_te->intr = 1;

 	return 0;
 }
--
2.51.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ