Re: [RFC PATCH v2 3/8] slab: Introduce SLAB_SET_PKEY

Next message: Steven Price: "Re: [PATCH] drm/panthor: Prevent potential UAF in group creation"
Previous message: Andy Shevchenko: "[PATCH v1 1/1] serial: core: Restore sysfs fwnode information"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Yeoreum Yun

Date: Thu Nov 27 2025 - 11:37:38 EST

Hi Kevin,

[...]
> static __fastpath_inline
> @@ -4920,6 +4963,7 @@ __do_krealloc(const void *p, size_t new_size, gfp_t flags)
> /* Zero out spare memory. */
> if (want_init_on_alloc(flags)) {
> kasan_disable_current();
> + guard(kpkeys_slab_write)(s);
> if (orig_size && orig_size < new_size)
> memset(kasan_reset_tag(p) + orig_size, 0, new_size - orig_size);
> else

guard(kpkeys_slab_write)(s) will trigger NULL-pointer access
if *p* is allocated via kmalloc_large_noprof()
(no kmem_cache, allocated via page_alloc()).

IOW, "s" could be *NULL* in here.

[...]

Thanks.

--
Sincerely,
Yeoreum Yun