Re: [PATCH] lockdep: fix NULL pointer dereference in __lock_set_class()

Next message: Shuah Khan: "Re: [PATCH 5/6] selftests: Preserve subtarget failures in all/install"
Previous message: pr-tracker-bot: "Re: [GIT PULL] m68k updates for v7.1"
In reply to: Waiman Long: "Re: [PATCH] lockdep: fix NULL pointer dereference in __lock_set_class()"
Next in thread: Xiang Gao: "[PATCH] lockdep: fix NULL pointer dereference in __lock_set_class()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Dmitry Ilvokhin

Date: Thu Apr 16 2026 - 11:23:48 EST

On Thu, Apr 16, 2026 at 04:54:43PM +0800, Xiang Gao wrote:
> From: Xiang Gao <gaoxiang17@xxxxxxxxxx>
>
> register_lock_class() can return NULL on failure (e.g., exceeding
> MAX_LOCKDEP_KEYS or lock_keys_in_use overflow). __lock_set_class()
> uses the return value directly in pointer arithmetic without a NULL
> check:
>
> class = register_lock_class(lock, subclass, 0);
> hlock->class_idx = class - lock_classes;
>
> If class is NULL, this computes a garbage negative offset that corrupts
> hlock->class_idx (a bitfield). Any subsequent hlock_class() call on
> this hlock returns a garbage pointer, leading to memory corruption or
> a crash.
>
> The other call site in __lock_acquire() (line 5112) already handles
> this correctly with an explicit NULL check. Add the same guard here.
>
> Signed-off-by: Xiang Gao <gaoxiang17@xxxxxxxxxx>

Reviewed-by: Dmitry Ilvokhin <d@xxxxxxxxxxxx>