| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aReUv1kVACh3UKv-@casper.infradead.org>
Date: Fri, 14 Nov 2025 20:44:47 +0000
From: Matthew Wilcox <willy@...radead.org>
To: ssrane_b23@...vjti.ac.in
Cc: akpm@...ux-foundation.org, shakeel.butt@...ux.dev, eddyz87@...il.com,
andrii@...nel.org, ast@...nel.org, linux-fsdevel@...r.kernel.org,
linux-mm@...ck.org, linux-kernel@...r.kernel.org,
linux-kernel-mentees@...ts.linux.dev, skhan@...uxfoundation.org,
david.hunter.linux@...il.com, khalid@...nel.org,
syzbot+09b7d050e4806540153d@...kaller.appspotmail.com
Subject: Re: [PATCH] mm/filemap: fix NULL pointer dereference in
do_read_cache_folio()
On Sat, Nov 15, 2025 at 01:07:29AM +0530, ssrane_b23@...vjti.ac.in wrote:
> When read_cache_folio() is called with a NULL filler function on a
> mapping that does not implement read_folio, a NULL pointer
> dereference occurs in filemap_read_folio().
>
> The crash occurs when:
>
> build_id_parse() is called on a VMA backed by a file from a
> filesystem that does not implement ->read_folio() (e.g. procfs,
> sysfs, or other virtual filesystems).
Not a fan of this approach, to be honest. This should be caught at
a higher level. In __build_id_parse(), there's already a check:
/* only works for page backed storage */
if (!vma->vm_file)
return -EINVAL;
which is funny because the comment is correct, but the code is not.
I suspect the right answer is to add right after it:
+ if (vma->vm_file->f_mapping->a_ops == &empty_aops)
+ return -EINVAL;
Want to test that out?
Powered by blists - more mailing lists