Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp3505385ybb; Mon, 23 Mar 2020 02:19:31 -0700 (PDT) X-Google-Smtp-Source: ADFU+vvwclZnpkGbYHP4u0rjw7IqKUNU825V+fG8RzcN+c6HV8NqBSo02QrmpZPFeNEc2cIzA/RW X-Received: by 2002:a4a:d1a5:: with SMTP id z5mr62516oor.63.1584955170800; Mon, 23 Mar 2020 02:19:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1584955170; cv=none; d=google.com; s=arc-20160816; b=RkiTXJyfol3MAxpxqPFffr//9XCg3Bp6InmfYnJuDCGvLaRsHSPzTu8B76b4MrsA// jlnz7G30YzgRQVc3Wk5TWMmlEqjXxCupIIE41oNr1/oPsIuPOjG8VM5QOWDuvPCetntM MBQioboFOqlg6zFtJP6xwIWom9nGpNcKcjXLV2oytHdoOR+VefAk/8Z/BzuajpUaTNwA XNusMgXQViFvjUAeft+SYxx9h/pPB6zrZuV5HI7SUKmZ7dl4vaHedLobmlaaNt71UfjQ wFn7676DshREMx+nyQTh5xed1TFKI7WjY72fmqaWCCpBVu5hJ3xPARJ/QzZhmJEghCfJ QOAg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version; bh=/l0do2+6U869bNSJXuvXYsN0JN0jHfEENaYhUtX5q08=; b=LDiRx8NQxWOUm6xjdk4kCAUogmZ8d2RjVZ7HrwyKHP7gv2l5jl+EbbzOgbcWZ7WAwh exN2BTZmgXha7Sl8wWJA4Qv+QDHup/DRUa15zd7qVx99TkuvaiHKiHVj7VF04ZvNtqRb mvKFkBd9D09y9f7pPUm++aOXv0hi1YHmRPl9lRO9L9xg396R9YFTzA7XLuyQ5KL/imn0 1wH8mHsl3gs/qhNlRWJUW/7Uf83ywLhMQgqksWhqfJKl8PHsPrneIHyimyiIaNLyPB0n V41DaixJ7b7RwqUM+yL5Un4cp3ABUhFSkOGSANvcSvbvoYWmmUnIUd0mLAe0DLpyXExJ 530g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r187si594529oig.168.2020.03.23.02.19.18; Mon, 23 Mar 2020 02:19:30 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727707AbgCWJRJ (ORCPT + 99 others); Mon, 23 Mar 2020 05:17:09 -0400 Received: from mout.kundenserver.de ([217.72.192.73]:57705 "EHLO mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726037AbgCWJRI (ORCPT ); Mon, 23 Mar 2020 05:17:08 -0400 Received: from mail-lj1-f180.google.com ([209.85.208.180]) by mrelayeu.kundenserver.de (mreue107 [212.227.15.145]) with ESMTPSA (Nemesis) id 1MbSTX-1jni9K2Owj-00boLm for ; Mon, 23 Mar 2020 10:17:07 +0100 Received: by mail-lj1-f180.google.com with SMTP id r22so6607802ljh.0 for ; Mon, 23 Mar 2020 02:17:07 -0700 (PDT) X-Gm-Message-State: ANhLgQ2LLqSSiCOKUikf2HzOk9li15WMoY5sz3UqzYY7+hlqd169B02W L1Fwhx4gRsh4g1arizGcXQhZXn1B5cOutpCgk9s= X-Received: by 2002:a2e:b446:: with SMTP id o6mr884610ljm.80.1584955027049; Mon, 23 Mar 2020 02:17:07 -0700 (PDT) MIME-Version: 1.0 References: <1584951832-120773-1-git-send-email-xiyuyang19@fudan.edu.cn> <20200323085241.GA342330@kroah.com> In-Reply-To: <20200323085241.GA342330@kroah.com> From: Arnd Bergmann Date: Mon, 23 Mar 2020 10:16:50 +0100 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v2] VMCI: Fix NULL pointer dereference on context ptr To: Greg Kroah-Hartman Cc: Xiyu Yang , Alexios Zavras , Allison Randal , Adit Ranadive , Jorgen Hansen , Thomas Gleixner , Vishnu DASA , "linux-kernel@vger.kernel.org" , yuanxzhang@fudan.edu.cn, kjlu@umn.edu, Xin Tan Content-Type: text/plain; charset="UTF-8" X-Provags-ID: V03:K1:p2CbdlkU9xltPiBuzaWO3iobYWXmv/5X0iVbX/5mbO8GQaJPxEe csVPp7iA5CKtudNfHCaeRPtpYX+Pa1qqSxpQtl3sK3oOia000jdBYnBH1QwWV5jEjxmLyc+ Y97n50Z/oQ5WSelnRWnJtfOGGKb/l1AEKycpwXcYiP7zpz6Ni0Zhuzm50ghywmAGFTIWBVx K8xMei5U6m/4+Lx3K2YdA== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1;V03:K0:o8OQ5dISASE=:j8RMKcp6xJ9zifV/7LnPrE uimb1RqS7PhFoyf4iAqqNKat2a0CZY5PbLDkwNI3UT/1KblxfwGnwCZCX6cUEUWx3lOCLga32 M1D4lb+XyCo5jG8FMiRnd5SVGDoLCxt1wqel1YNA0SEkgMICzFaaXiK3ZZcNBLcmMazXSLl3q Sgjr202c6a7RAukBqywe57Pyrxb7fZg70QC/dEtr6ZkL5NpvXasT3x6Q1XEngZa5Ye+AFPohW pfJjqpCJuyJuDKmB/qvnFAidsSc4EgfCEtUWiBq9pyqLJHvcfIDFJ0tu5tAvjshp7WcbFlaAp NThVLZXdE5Rpt6Cv3q6ltS5ymk3L1VnoWHOqF0w4FH8/QNYldRpt76qwQ/S2rYYT4gcyiJmLW D6LZIsze8EXWZf5XVIpaM/fwZN74vEY5XZe/NtzMxdAguesMZwgmfzgcrbjSLN3j/gvpSE0aB GJm3Hve8gnYGyF/0kwsXSHNayN9HCb57fIniX9WpHqQzL3HMu5V24bizj0N8/ts/SDCoezhoF oF7bQ5dU2iAEtPOekMbx071EmvnvpO7soIuA8AIOn9Yq/+hBkfl0vxYnjc1x0wriB0Yw4W1RN ifeqTnXqn3HzQe8BUf6NmhnjXOohsw1O3EEb4VyQQWjHASB1jW3nkCflDi8fzF9C72mltjC3l umQI6CjL67f+uUehVgnIw+o7bj+3zWOLMtYlx1bobHyXUrByeGI/VimQcnCWx9v2pTLtlMhzE BKSCS+JHR2l/amccSt629LU9CtLJ2jXMs/C1en+gmzwCxdC0Bd3oBcoohvpNeuKklHx0vzNjL GvV/OvJVFDHU+hsCEjD7JAjoaRVX9bhooYPi5GptAQk32L+hw0= Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Mar 23, 2020 at 9:52 AM Greg Kroah-Hartman wrote: > > On Mon, Mar 23, 2020 at 04:22:33PM +0800, Xiyu Yang wrote: > > A NULL vmci_ctx object may pass to vmci_ctx_put() from its callers. > > Are you sure this can happen? > > > Add a NULL check to prevent NULL pointer dereference. It looks like this could happen if vmci_ctx_get() returns NULL, which is not checked for consistently. Maybe add better error handling to the callers that currently don't check for that, to catch problems such as void vmci_ctx_rcv_notifications_release(...) { struct vmci_ctx *context = vmci_ctx_get(context_id); /* may be NULL */ ... context->pending_doorbell_array = db_handle_array; ... vmci_ctx_put(context); } Checking only in vmci_ctx_put() is too late. Arnd