Re: [PATCH v2] VMCI: Fix NULL pointer dereference on context ptr

From: Arnd Bergmann
Date: Mon Mar 23 2020 - 05:17:10 EST

Next message: Patrice CHOTARD: "Re: [PATCH] dts: arm: stih407-family: remove duplicated rng nodes"
Previous message: Patrice CHOTARD: "Re: [PATCH] dts: arm: stih418: Fix complain about IRQ_TYPE_NONE usage"
In reply to: Greg Kroah-Hartman: "Re: [PATCH v2] VMCI: Fix NULL pointer dereference on context ptr"
Next in thread: Jorgen Hansen: "RE: [PATCH v2] VMCI: Fix NULL pointer dereference on context ptr"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Mar 23, 2020 at 9:52 AM Greg Kroah-Hartman
<gregkh@xxxxxxxxxxxxxxxxxxx> wrote:
>
> On Mon, Mar 23, 2020 at 04:22:33PM +0800, Xiyu Yang wrote:
> > A NULL vmci_ctx object may pass to vmci_ctx_put() from its callers.
>
> Are you sure this can happen?
>
> > Add a NULL check to prevent NULL pointer dereference.

It looks like this could happen if vmci_ctx_get() returns NULL, which is
not checked for consistently. Maybe add better error handling to the
callers that currently don't check for that, to catch problems such as

void vmci_ctx_rcv_notifications_release(...)
{
struct vmci_ctx *context = vmci_ctx_get(context_id); /* may be NULL */
...
context->pending_doorbell_array = db_handle_array;
...
vmci_ctx_put(context);
}

Checking only in vmci_ctx_put() is too late.

Arnd

Next message: Patrice CHOTARD: "Re: [PATCH] dts: arm: stih407-family: remove duplicated rng nodes"
Previous message: Patrice CHOTARD: "Re: [PATCH] dts: arm: stih418: Fix complain about IRQ_TYPE_NONE usage"
In reply to: Greg Kroah-Hartman: "Re: [PATCH v2] VMCI: Fix NULL pointer dereference on context ptr"
Next in thread: Jorgen Hansen: "RE: [PATCH v2] VMCI: Fix NULL pointer dereference on context ptr"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]