lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <06ed01dc957a$7823c0b0$686b4210$@trustnetic.com>
Date: Wed, 4 Feb 2026 10:03:34 +0800
From: Jiawen Wu <jiawenwu@...stnetic.com>
To: "'Bjorn Helgaas'" <helgaas@...nel.org>
Cc: "'Rafael J. Wysocki'" <rafael@...nel.org>,
	"'Tony Luck'" <tony.luck@...el.com>,
	"'Borislav Petkov'" <bp@...en8.de>,
	"'Hanjun Guo'" <guohanjun@...wei.com>,
	"'Mauro Carvalho Chehab'" <mchehab@...nel.org>,
	"'Shuai Xue'" <xueshuai@...ux.alibaba.com>,
	"'Len Brown'" <lenb@...nel.org>,
	"'Shiju Jose'" <shiju.jose@...wei.com>,
	"'Bjorn Helgaas'" <bhelgaas@...gle.com>,
	<linux-acpi@...r.kernel.org>,
	<linux-kernel@...r.kernel.org>
Subject: RE: [PATCH] ACPI: APEI: Avoid NULL pointer dereference in ghes_estatus_pool_region_free

On Wed, Feb 4, 2026 6:55 AM, Bjorn Helgaas wrote:
> On Tue, Feb 03, 2026 at 10:12:32AM +0800, Jiawen Wu wrote:
> > The function ghes_estatus_pool_region_free() is exported and be called
> > by the PCIe AER recovery path, which unconditionally invokes it to free
> > aer_capability_regs memory.
> >
> > Although current AER usage assumes memory comes from the GHES pool,
> > robustness requires guarding against pool unavailability. Add a NULL check
> > before calling gen_pool_free() to prevent crashes when the pool is not
> > initialized. This also makes the API safer for potential future use by
> > non-GHES callers.
> 
> I'm not sure what you mean by "pool unavailability."  I think getting
> here with ghes_estatus_pool==NULL means we have a logic error
> somewhere, and I don't think we should silently hide that error.
> 
> I'm generally in favor of *not* checking so we find out if the caller
> forgot to keep track of the pointer correctly.

"pool unavailability" means that when I attempt to call
aer_recover_queue() in a ethernet driver, which does not create
ghes_estatus_pool, it leads to a NULL pointer dereference.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ