Received: by 2002:a25:1985:0:0:0:0:0 with SMTP id 127csp2429766ybz; Sun, 3 May 2020 00:36:25 -0700 (PDT) X-Google-Smtp-Source: APiQypJtTY0qwJhPTpQaAOlJLrHZBApuc3NW+wRvf0adowteJoQob19rwkZwvItLEL02RTsUtETS X-Received: by 2002:a17:906:bce4:: with SMTP id op4mr9357302ejb.174.1588491384848; Sun, 03 May 2020 00:36:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1588491384; cv=none; d=google.com; s=arc-20160816; b=uuL+FU43jRrdXFrdOuAV2J8EjKDjZvXNgF5d39CA7RfEteZIcpAgX1lvHkAN+zca9G 4g+yQHkieQkwyOOGS20gjVoc9llzTVLEPwA7NyrCIMQ13Y+GxqPS93vb1lx47IRklnRh 4hvA8ZW0YkATZqJFLO9q/WxLOe4amWmLVNjK5xzSRrqXFVtP7x++K4tkSEANyxDJp4v+ SFEK39F98DPSX8T6mEfL0pTyhAqe6Ks/QQ1Ij+OLiscsoEPKL4EWYUYI6U7hStL4CpU+ 9O6eNibxoVVULtdEQAzKF/lP3Ztkckd4jL/KQBx6l/wU2AWiHomZjPvTZqSDjVVKthDd DY8g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:to:subject:message-id:date:from :mime-version:dkim-signature; bh=GQKJl+BbA3A9PxUBVN6rpDE+fiOpG/RQeVtlH/xyTOc=; b=gK4XXm31wYi1016ZiUl+xijiUJFhGo1OHWRjglqoEyJYdsJMJoHYhVEg/s/k5LDRRp Q9Xzr60SgSQ2sHzmrhwYU4549eMPG2WrKmIxLImC/T8QrWEWDenWj61MJ3Is5nvcU+// KBKRt1/6hWrR7WzKPDaKVOMHyZ+x2Lz4Uoz0tlCAwMfcoKFh/KCnnzfH+7AZtZAGujHj ZOvj0+bxVHnEwK25ESsw35XwHiF8NF+CFE2f2OVD8tVQzjBWyozpFxn+SzgoQqaR4jcc ImwhChf1Via7beRkbqh7NT+rAY7NzDlH202CTSqAxIp9KuQDeks7AxYjrDuzq+qTTHvz OSRA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=FDHDVCfM; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id d11si4321347edy.477.2020.05.03.00.36.02; Sun, 03 May 2020 00:36:24 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=FDHDVCfM; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727822AbgECHdd (ORCPT + 99 others); Sun, 3 May 2020 03:33:33 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47328 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S1726950AbgECHdd (ORCPT ); Sun, 3 May 2020 03:33:33 -0400 Received: from mail-il1-x144.google.com (mail-il1-x144.google.com [IPv6:2607:f8b0:4864:20::144]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2246DC061A0C for ; Sun, 3 May 2020 00:33:33 -0700 (PDT) Received: by mail-il1-x144.google.com with SMTP id i16so8342400ils.12 for ; Sun, 03 May 2020 00:33:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=GQKJl+BbA3A9PxUBVN6rpDE+fiOpG/RQeVtlH/xyTOc=; b=FDHDVCfMTYZ0cJrBCuZuXWVBcoGDitXwZreZgWVgqjRVHw5/iSLxrSQY1IbxAHOscf pPKzROVMvJUKw/Tx4hn1E2TrZ2/HQzSeMfXGMzm57ZidNFffxdQHhNaGC9XfRK9hOQPd u4CizrsxdHz11G9uqVkV+0cQp2nh5x0vIQ7idsq5ZlMT4Q7w9LESHrXQU320/kzXSE7S YVVeOQ7B14kufDY7pu3dWPAkrkpcN8VImrE7hyNIjoRqtLFzWgAXaXJouMt4nM1nmeAi vrxOEUCEPS31jzs78gFvYClfCJhhomj/M0YdSyJBzL/R27WIyGPSuxzpoasgSfA3QaIW D1LA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=GQKJl+BbA3A9PxUBVN6rpDE+fiOpG/RQeVtlH/xyTOc=; b=KFtsXevOVl6rM/LEfR9bfG7XHtl2fwpJWl6ck2qX5AQEieDWmfeMphjd3UZlWqXuSs 5SevkeJle5+HNRQeC0rTNy3ra0TDJ6ubLhBeTjUGkrVE9B45PCRSEI5cX9cQeG+sopzi TShbjwzrnVufNwku2fulR2Z4JWFG9Dk2YJ+IzdaEebwYHzyt3m4BC/FlnkXzDpFggYfV 1/tv4ckOkPciuZo1IpC3a1B82UoUDdHWWAW50+s0jlo+oQ4eblg/k6lBJGAJ60+4gbvs TGe36oZQ9/sHPBuuW0iGJbHXG0vAESYXT4wSufD5GFf3gSh4NpEGI9UORl83spd8WvK7 NjZg== X-Gm-Message-State: AGi0PuZAkfJ0ureQU6FK3/5NQHD6WolZpLjbCVF+7kjU73fMMaaZX+p6 W3z1bO9EMsf9PsSZYKBF80s3heZVBIH9wC0rv37THkMWLbk= X-Received: by 2002:a92:ba46:: with SMTP id o67mr10962681ili.66.1588491212147; Sun, 03 May 2020 00:33:32 -0700 (PDT) MIME-Version: 1.0 From: Dongyang Zhan Date: Sun, 3 May 2020 15:33:21 +0800 Message-ID: Subject: Possible null pointer dereference in smp_init_package_map() To: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi, I am a security researcher, my name is Dongyang Zhan. I found a potential bug. I hope you can help me to confirm it. Thank you. In Linux 4.10.17, smp_init_package_map() in /arch/x86/kernel/smpboot.c does not handle the failure of memory allocation, which may cause a null pointer dereference bug. Source code link: https://elixir.bootlin.com/linux/v4.10.17/source/arch/x86/kernel/smpboot.c#L326 Source code and comments: physical_to_logical_pkg = kmalloc(size, GFP_KERNEL); memset(physical_to_logical_pkg, 0xff, size); // does not check if kmalloc fails