2023-02-17 12:51:16

by Alexander Sapozhnikov

[permalink] [raw]
Subject: [PATCH] mm/vmalloc: fix unsafe dereference of potential null ptr in vmalloc_init()

Return value of a function 'kmem_cache_create' is dereferenced
at vmalloc.c:2444 without checking for null, but it is usually
checked for this function.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Signed-off-by: Alexander Sapozhnikov <[email protected]>
---
mm/vmalloc.c | 2 ++
1 file changed, 2 insertions(+)

diff --git a/mm/vmalloc.c b/mm/vmalloc.c
index ca71de7c9d77..ed75dfd44b85 100644
--- a/mm/vmalloc.c
+++ b/mm/vmalloc.c
@@ -2426,6 +2426,8 @@ void __init vmalloc_init(void)
* Create the cache for vmap_area objects.
*/
vmap_area_cachep = KMEM_CACHE(vmap_area, SLAB_PANIC);
+ if (!vmap_area_cachep)
+ return;

for_each_possible_cpu(i) {
struct vmap_block_queue *vbq;
--
2.34.1



2023-02-17 15:35:51

by Christoph Hellwig

[permalink] [raw]
Subject: Re: [PATCH] mm/vmalloc: fix unsafe dereference of potential null ptr in vmalloc_init()

On Fri, Feb 17, 2023 at 03:51:05PM +0300, Alexander Sapozhnikov wrote:
> Return value of a function 'kmem_cache_create' is dereferenced
> at vmalloc.c:2444 without checking for null, but it is usually
> checked for this function.
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE.

I think that checker needs to learn about SLAB_PANIC..