lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <aWKkI02I-zgf3h0W@google.com>
Date: Sun, 11 Jan 2026 03:10:27 +0800
From: Kuan-Wei Chiu <visitorckw@...il.com>
To: djakov@...nel.org
Cc: quic_mdtipton@...cinc.com, mike.tipton@....qualcomm.com,
	linux-pm@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] interconnect: debugfs: initialize src_node and dst_node
 to empty strings

Hi Georgi,

On Fri, Jan 09, 2026 at 02:25:23PM +0200, djakov@...nel.org wrote:
> From: Georgi Djakov <djakov@...nel.org>
> 
> The debugfs_create_str() API assumes that the string pointer is either NULL
> or points to valid kmalloc() memory. Leaving the pointer uninitialized can
> cause problems.
> 
> Initialize src_node and dst_node to empty strings before creating the
> debugfs entries to guarantee that reads and writes are safe.
> 
> Fixes: 770c69f037c1 ("interconnect: Add debugfs test client")
> Signed-off-by: Georgi Djakov <djakov@...nel.org>

I verified this patch on qemu.
Without this patch, reading the debugfs node triggers a NULL pointer
dereference [1].

# cat /sys/kernel/debug/interconnect/test_client/src_node

The patch resolves this issue. Thanks!

Reviewed-by: Kuan-Wei Chiu <visitorckw@...il.com>
Tested-by: Kuan-Wei Chiu <visitorckw@...il.com>

Regards,
Kuan-Wei

[1]:
[   53.134642] traps: skippy[737] trap invalid opcode ip:7f125b62e967 sp:7fff26f593c0 error:0 in ld-2.27.so[25967,7f125b609000+2b000]
[   53.171664] BUG: kernel NULL pointer dereference, address: 0000000000000000
[   53.172274] #PF: supervisor read access in kernel mode
[   53.172556] #PF: error_code(0x0000) - not-present page
[   53.173103] PGD 0 P4D 0 
[   53.173433] Oops: Oops: 0000 [#1] SMP NOPTI
[   53.176057] CPU: 51 UID: 0 PID: 738 Comm: cat Tainted: G                 N  6.19.0-rc4-virtme #2 PREEMPT(voluntary) 
[   53.176747] Tainted: [N]=TEST
[   53.176964] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   53.177493] RIP: 0010:strlen+0x4/0x30
[   53.178437] Code: f7 75 ec 31 c0 c3 cc cc cc cc 48 89 f8 c3 cc cc cc cc 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa <80> 3f 00 74 18 48 89 f8 0f 1f 40 00 48 83 c0 01 80 38 00 75 f7 48
[   53.179507] RSP: 0018:ffffb279018ffe10 EFLAGS: 00010246
[   53.179831] RAX: ffffffffba33cde0 RBX: 0000000000000000 RCX: 0000000000000002
[   53.180215] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000000
[   53.180563] RBP: 0000000000000001 R08: ffffffffb9061ec0 R09: 0000000000000000
[   53.181030] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000040000
[   53.181366] R13: ffffb279018ffee8 R14: ffff8dcec5c30540 R15: 0000000000000000
[   53.181803] FS:  00007f54fc097740(0000) GS:ffff8dcf4145f000(0000) knlGS:0000000000000000
[   53.182251] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   53.182541] CR2: 0000000000000000 CR3: 000000000838d000 CR4: 00000000000006f0
[   53.183078] Call Trace:
[   53.184925]  <TASK>
[   53.185202]  debugfs_read_file_str+0x49/0xf0
[   53.185961]  vfs_read+0xc2/0x3a0
[   53.186195]  ? __hrtimer_run_queues+0x160/0x2a0
[   53.186442]  ? __pfx_read_tsc+0x10/0x10
[   53.186634]  ? ktime_get+0x3b/0xd0
[   53.186974]  ? lapic_next_event+0x15/0x20
[   53.187147]  ? clockevents_program_event+0x99/0xf0
[   53.187374]  ksys_read+0x6b/0xe0
[   53.187563]  do_syscall_64+0xa4/0xf80
[   53.187867]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   53.188365] RIP: 0033:0x7f54fc129687
[   53.189177] Code: 48 89 fa 4c 89 df e8 58 b3 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[   53.190393] RSP: 002b:00007ffde7e25960 EFLAGS: 00000202 ORIG_RAX: 0000000000000000
[   53.190900] RAX: ffffffffffffffda RBX: 00007f54fc097740 RCX: 00007f54fc129687
[   53.191488] RDX: 0000000000040000 RSI: 00007f54fc056000 RDI: 0000000000000003
[   53.191963] RBP: 0000000000040000 R08: 0000000000000000 R09: 0000000000000000
[   53.192351] R10: 0000000000000000 R11: 0000000000000202 R12: 00007f54fc056000
[   53.192776] R13: 0000000000000003 R14: 0000000000000000 R15: 0000000000040000
[   53.193345]  </TASK>
[   53.193572] Modules linked in:
[   53.194157] CR2: 0000000000000000
[   53.195723] ---[ end trace 0000000000000000 ]---
[   53.196335] RIP: 0010:strlen+0x4/0x30
[   53.196556] Code: f7 75 ec 31 c0 c3 cc cc cc cc 48 89 f8 c3 cc cc cc cc 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa <80> 3f 00 74 18 48 89 f8 0f 1f 40 00 48 83 c0 01 80 38 00 75 f7 48
[   53.197634] RSP: 0018:ffffb279018ffe10 EFLAGS: 00010246
[   53.198037] RAX: ffffffffba33cde0 RBX: 0000000000000000 RCX: 0000000000000002
[   53.198388] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000000
[   53.198793] RBP: 0000000000000001 R08: ffffffffb9061ec0 R09: 0000000000000000
[   53.199193] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000040000
[   53.199544] R13: ffffb279018ffee8 R14: ffff8dcec5c30540 R15: 0000000000000000
[   53.199959] FS:  00007f54fc097740(0000) GS:ffff8dcf4145f000(0000) knlGS:0000000000000000
[   53.200322] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   53.200615] CR2: 0000000000000000 CR3: 000000000838d000 CR4: 00000000000006f0
Killed                     cat src_node

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ