Re: [PATCH v5 1/3] mm/memfd_luo: validate serialized_data before conversion

Next message: Vinicius Costa Gomes: "Re: [PATCH v2 2/2] dmaengine: idxd: fix duplicate memory frees on initialization error path."
Previous message: Chuyi Zhou: "Re: [PATCH v8 04/14] smp: Use task-local IPI cpumask in smp_call_function_many_cond()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Pasha Tatashin

Date: Fri Jun 26 2026 - 20:53:11 EST

On Tue, 23 Jun 2026 10:51:59 +0000, Tarun Sahu <tarunsahu@xxxxxxxxxx> wrote:
> In memfd_luo_finish() and memfd_luo_retrieve(), phys_to_virt() was called
> on args->serialized_data before checking if the physical address is valid.
> Since physical address 0 does not map to virtual NULL (due to direct
> mapping offsets), the subsequent check 'if (!ser)' was ineffective at
> catching a missing serialized_data, leading to unsafe dereferences later.
>
> Validate that args->serialized_data is non-zero before calling
> phys_to_virt().
>
> [...]

Reviewed-by: Pasha Tatashin <pasha.tatashin@xxxxxxxxxx>

--
Pasha Tatashin <pasha.tatashin@xxxxxxxxxx>