Re: [PATCH] io_uring/rsrc: fix null ptr dereference in io_sqe_buffer_register

From: Jens Axboe
Date: Sun Nov 03 2024 - 22:58:13 EST

Next message: Daniel Yang: "[PATCH net] Drop packets with invalid headers to prevent KMSAN infoleak"
Previous message: Alexey Kardashevskiy: "Re: [PATCH RFC v2 1/2] tsm: Add TVM Measurement Register Support"
In reply to: Daniel Yang: "[PATCH] io_uring/rsrc: fix null ptr dereference in io_sqe_buffer_register"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 11/3/24 8:51 PM, Daniel Yang wrote:
> The call stack io_sqe_buffer_register -> io_buffer_account_pin ->
> headpage_already_acct results in a null ptr dereference in the for loop.
> There is no guarantee that ctx->buf_table.nodes[i] is an allocated node
> so add a check if null before dereferencing.

Assuming this is an older tree, it's fixed in the current tree.

--
Jens Axboe

Next message: Daniel Yang: "[PATCH net] Drop packets with invalid headers to prevent KMSAN infoleak"
Previous message: Alexey Kardashevskiy: "Re: [PATCH RFC v2 1/2] tsm: Add TVM Measurement Register Support"
In reply to: Daniel Yang: "[PATCH] io_uring/rsrc: fix null ptr dereference in io_sqe_buffer_register"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]