| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <5f85df65-0f2e-3533-9734-147b0734e254@intel.com>
Date: Tue, 24 Sep 2019 21:30:44 +0200
From: Björn Töpel <bjorn.topel@...el.com>
To: Jonathan Lemon <jonathan.lemon@...il.com>, daniel@...earbox.net,
netdev@...r.kernel.org, Alexei Starovoitov <ast@...nel.org>
Cc: kernel-team@...com, bpf <bpf@...r.kernel.org>,
"Karlsson, Magnus" <magnus.karlsson@...el.com>,
syzkaller-bugs@...glegroups.com,
syzbot+491c1b7565ba9069ecae@...kaller.appspotmail.com
Subject: Re: [PATCH net] bpf/xskmap: Return ERR_PTR for failure case instead
of NULL.
On 2019-09-24 18:25, Jonathan Lemon wrote:
> When kzalloc() failed, NULL was returned to the caller, which
> tested the pointer with IS_ERR(), which didn't match, so the
> pointer was used later, resulting in a NULL dereference.
>
> Return ERR_PTR(-ENOMEM) instead of NULL.
>
> Reported-by: syzbot+491c1b7565ba9069ecae@...kaller.appspotmail.com
> Fixes: 0402acd683c6 ("xsk: remove AF_XDP socket from map when the socket is released")
> Signed-off-by: Jonathan Lemon <jonathan.lemon@...il.com>
Thanks Jonathan! You beat me to it! :-P
Acked-by: Björn Töpel <bjorn.topel@...el.com>
> ---
> kernel/bpf/xskmap.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/kernel/bpf/xskmap.c b/kernel/bpf/xskmap.c
> index 942c662e2eed..82a1ffe15dfa 100644
> --- a/kernel/bpf/xskmap.c
> +++ b/kernel/bpf/xskmap.c
> @@ -37,7 +37,7 @@ static struct xsk_map_node *xsk_map_node_alloc(struct xsk_map *map,
>
> node = kzalloc(sizeof(*node), GFP_ATOMIC | __GFP_NOWARN);
> if (!node)
> - return NULL;
> + return ERR_PTR(-ENOMEM);
>
> err = xsk_map_inc(map);
> if (err) {
>
Powered by blists - more mailing lists