Re: 2.6.31-rc2: BUG: unable to handle kernel NULL pointer dereference

[Parag Warudkar]

On Sun, Jul 12, 2009 at 4:26 PM, Jiri Slaby<jirislaby@xxxxxxxxx> wrote:
> On 07/12/2009 07:30 PM, Parag Warudkar wrote:
>> static void selinux_write_opts(struct seq_file *m,
>> 1012 Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Âstruct security_mnt_opts *opts)
>> 1013 {
>> 1014 Â Â Â Â int i;
>> 1015 Â Â Â Â char *prefix;
>> 1016
>> 1017 Â Â Â Â for (i = 0; i < opts->num_mnt_opts; i++) {
>> 1018 Â Â Â Â Â Â Â Â char *has_comma;
>> 1019
>> 1020 Â Â Â Â Â Â Â Â if (opts->mnt_opts[i])
>> 1021 Â Â Â Â Â Â Â Â Â Â Â Â has_comma = strchr(opts->mnt_opts[i], ',');
>> Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â^^^^^^^^^^^^^^^^^^^^^^^^^
>> And that is a NULL pointer dereference - but we just checked for
>> opts->mnt_opts[i] for not NULL.
>
> Note, that there is not a NULL dereference. It dereferences 0x40 which
> came in as %rdi. Looks like somebody assigned garbage in there.

Ah right - anything < PAGE_SIZE is "NULL" dereference to the kernel.

Thanks
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/