lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <06ec01dc9578$fd562e50$f8028af0$@trustnetic.com>
Date: Wed, 4 Feb 2026 09:52:59 +0800
From: Jiawen Wu <jiawenwu@...stnetic.com>
To: "'Rafael J. Wysocki'" <rafael@...nel.org>
Cc: "'Tony Luck'" <tony.luck@...el.com>,
	"'Borislav Petkov'" <bp@...en8.de>,
	"'Hanjun Guo'" <guohanjun@...wei.com>,
	"'Mauro Carvalho Chehab'" <mchehab@...nel.org>,
	"'Shuai Xue'" <xueshuai@...ux.alibaba.com>,
	"'Len Brown'" <lenb@...nel.org>,
	"'Shiju Jose'" <shiju.jose@...wei.com>,
	"'Bjorn Helgaas'" <bhelgaas@...gle.com>,
	<linux-acpi@...r.kernel.org>,
	<linux-kernel@...r.kernel.org>,
	"'Tony Luck'" <tony.luck@...el.com>,
	"'Borislav Petkov'" <bp@...en8.de>,
	"'Hanjun Guo'" <guohanjun@...wei.com>,
	"'Mauro Carvalho Chehab'" <mchehab@...nel.org>,
	"'Shuai Xue'" <xueshuai@...ux.alibaba.com>,
	"'Len Brown'" <lenb@...nel.org>,
	"'Shiju Jose'" <shiju.jose@...wei.com>,
	"'Bjorn Helgaas'" <bhelgaas@...gle.com>,
	<linux-acpi@...r.kernel.org>,
	<linux-kernel@...r.kernel.org>
Subject: RE: [PATCH] ACPI: APEI: Avoid NULL pointer dereference in ghes_estatus_pool_region_free

On Tue, Feb 3, 2026 8:57 PM, Rafael J. Wysocki wrote:
> On Tue, Feb 3, 2026 at 3:14 AM Jiawen Wu <jiawenwu@...stnetic.com> wrote:
> >
> > The function ghes_estatus_pool_region_free() is exported and be called
> > by the PCIe AER recovery path, which unconditionally invokes it to free
> > aer_capability_regs memory.
> >
> > Although current AER usage assumes memory comes from the GHES pool,
> > robustness requires guarding against pool unavailability. Add a NULL check
> > before calling gen_pool_free() to prevent crashes when the pool is not
> > initialized. This also makes the API safer for potential future use by
> > non-GHES callers.
> 
> Are any such callers going to be added any time soon?

Yes, I want a ethernet driver to call aer_recover_queue().

> 
> > Fixes: e2abc47a5a1a ("ACPI: APEI: Fix AER info corruption when error status data has multiple sections")
> 
> It doesn't fix anything, the lack of the check is not an error
> currently, AFAICS.

So far, it seems.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ