Re: [POSSIBLE BUG] Dereferencing of NULL pointer

From: Juergen Gross
Date: Wed Aug 24 2022 - 10:01:07 EST

Next message: Qiao Ma: "[PATCH bpf-next] selftests/bpf: fix incorrect fcntl call"
Previous message: Greg Kroah-Hartman: "[PATCH v2 6/6] soundwire: sysfs: remove unneeded ATTRIBUTE_GROUPS() comments"
In reply to: Jan Beulich: "Re: [POSSIBLE BUG] Dereferencing of NULL pointer"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 24.08.22 15:59, Jan Beulich wrote:

On 20.08.2022 19:30, Rustam Subkhankulov wrote:

Version: 6.0-rc1

Description:

In function 'privcmd_ioctl_dm_op' (drivers/xen/privcmd.c: 615)return
value of 'kcalloc' with GFP_KERNEL flag is assigned to "pages"
variable. GFP_KERNEL flag does not guarantee, that the return value
will not be NULL. In that case, there is a jump to the "out" label.

The problem is wider than that, because earlier errors would also
lead to "out" (e.g. after copy_from_user() failed). Plus I guess
unlock_pages() shouldn't be called at all (or with its 2nd arg set
to zero) before lock_pages() was actually called. But I agree with
the further analysis below. Would you mind sending a patch?

Just started writing it. :-)

Juergen

Attachment: OpenPGP_0xB0DE9DD628BF132F.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

Next message: Qiao Ma: "[PATCH bpf-next] selftests/bpf: fix incorrect fcntl call"
Previous message: Greg Kroah-Hartman: "[PATCH v2 6/6] soundwire: sysfs: remove unneeded ATTRIBUTE_GROUPS() comments"
In reply to: Jan Beulich: "Re: [POSSIBLE BUG] Dereferencing of NULL pointer"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]