lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20251114195730.1503879-2-steven@uplinklabs.net>
Date: Fri, 14 Nov 2025 19:57:46 +0000
From: Steven Noonan <steven@...inklabs.net>
To: linux-kernel@...r.kernel.org
Cc: Steven Noonan <steven@...inklabs.net>, Ariadne Conill <ariadne@...adne.space>, Yazen Ghannam <yazen.ghannam@....com>, x86@...r.kernel.org, stable@...r.kernel.org
Subject: [PATCH 2/2] x86/amd_node: fix null pointer dereference if amd_smn_init failed

We should be checking the `smn_exclusive` flag before anything else,
because that indicates whether we got through `amd_smn_init`
successfully.

Without this change, we dereference `amd_roots` even though it may not
be allocated.

Signed-off-by: Steven Noonan <steven@...inklabs.net>
Signed-off-by: Ariadne Conill <ariadne@...adne.space>
CC: Yazen Ghannam <yazen.ghannam@....com>
CC: x86@...r.kernel.org
CC: stable@...r.kernel.org
---
 arch/x86/kernel/amd_node.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/arch/x86/kernel/amd_node.c b/arch/x86/kernel/amd_node.c
index cdc6ba224d4ad..919932339f4a2 100644
--- a/arch/x86/kernel/amd_node.c
+++ b/arch/x86/kernel/amd_node.c
@@ -88,6 +88,9 @@ static int __amd_smn_rw(u8 i_off, u8 d_off, u16 node, u32 address, u32 *value, b
 	struct pci_dev *root;
 	int err = -ENODEV;
 
+	if (!smn_exclusive)
+		return err;
+
 	if (node >= amd_num_nodes())
 		return err;
 
@@ -95,9 +98,6 @@ static int __amd_s
mn_rw(u8 i_off, u8 d_off, u16 node, u32 address, u32 *value, b
 	if (!root)
 		return err;
 
-	if (!smn_exclusive)
-		return err;
-
 	guard(mutex)(&smn_mutex);
 
 	err = pci_write_config_dword(root, i_off, address);
-- 
2.51.2


Download attachment "signature.asc" of type "application/pgp-signature" (323 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ