[ldv-project] [POSSIBLE BUG] Dereferencing of NULL pointer
Juergen Gross
jgross at suse.com
Wed Aug 24 17:00:54 MSK 2022
On 24.08.22 15:59, Jan Beulich wrote:
> On 20.08.2022 19:30, Rustam Subkhankulov wrote:
>> Version: 6.0-rc1
>>
>> Description:
>>
>> In function 'privcmd_ioctl_dm_op' (drivers/xen/privcmd.c: 615)return
>> value of 'kcalloc' with GFP_KERNEL flag is assigned to "pages"
>> variable. GFP_KERNEL flag does not guarantee, that the return value
>> will not be NULL. In that case, there is a jump to the "out" label.
>
> The problem is wider than that, because earlier errors would also
> lead to "out" (e.g. after copy_from_user() failed). Plus I guess
> unlock_pages() shouldn't be called at all (or with its 2nd arg set
> to zero) before lock_pages() was actually called. But I agree with
> the further analysis below. Would you mind sending a patch?
Just started writing it. :-)
Juergen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xB0DE9DD628BF132F.asc
Type: application/pgp-keys
Size: 3098 bytes
Desc: OpenPGP public key
URL: <http://linuxtesting.org/pipermail/ldv-project/attachments/20220824/15ab3822/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 495 bytes
Desc: OpenPGP digital signature
URL: <http://linuxtesting.org/pipermail/ldv-project/attachments/20220824/15ab3822/attachment.pgp>
More information about the ldv-project
mailing list