Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp2887955pxb; Sat, 23 Oct 2021 10:23:01 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyU6eVCokXxYIIWW1LFLXWKnA95AmSNnLpTVsgI6P88lWwAyup/etF9Ju8YrnH/vlfKEoXP X-Received: by 2002:a17:907:7fa8:: with SMTP id qk40mr8654301ejc.445.1635009781118; Sat, 23 Oct 2021 10:23:01 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1635009781; cv=pass; d=google.com; s=arc-20160816; b=shatMWLptkZhJP5fuZfOtiZFcSuUy0cOaC+zTPYQEUimIRg+b8BsKmxS/yPBCaoWXt E9tL+qJ7hbWKqPwJgZWcc/LXJXYdy2QDkISn+P1aMvIkm9spAN61V8k7I8xlWojhtgJO sYFyUw0kjYvHUQwm7qQuLDszyoj52iyMNAIhyCZWNfhH6zrKugeL8H5FJ6QvXCpehE4c EisYrzJ5BLxnDnPXDM24CmAntF6d2CfyAooqD5JocF5rW/87+ti7OBYshJsO8IEwQX4H jz4kqyB3jkjrbvrG2YAsupU9fPMzmNzksbRCW975ulRgGMNDriLaYufo4Jxt7oLifJh5 o/CA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:message-id:date:subject:cc:to:from :dkim-signature; bh=Ewpc90BOJj4gY+d3uyYUqlpEWeNTrP3/D5ropDD5kIs=; b=VINsLNeo205h//tf8fLP5qHGtTt/i1Mnb37Gl09MRlFh6YBbzYU+dKbZkBXf6rnffK 3M8MArFvRzalhuzvCnhdU0NGwEc4xDOGv3SSep+60Ib1qYVEVRClQsVXkDSPPbX6YNml PwMf69mx8EgLg4Iki2urFO+fVK2UctJ4J+wF1C2aV5tq30EguUf9WcAnWBYHu6lsTtda 2S8c9gtl0/deX3b3hAryTcA2qKCC/+HBkDEW3idUpiTD+F9Bb8Y5fdiPlSwdVaEiQtNq VOhqDA9gE3htb1YUdViE4Ad/PMJz2XzFZJbg96xBf3Gt7fJYnY5dKWOkHMV3dD5si7S7 K3Gg== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@connect.ust.hk header.s=selector2 header.b=qZ3nn9bY; arc=pass (i=1 spf=pass spfdomain=connect.ust.hk dkim=pass dkdomain=connect.ust.hk dmarc=pass fromdomain=connect.ust.hk); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id mp15si24705836ejc.733.2021.10.23.10.22.36; Sat, 23 Oct 2021 10:23:01 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@connect.ust.hk header.s=selector2 header.b=qZ3nn9bY; arc=pass (i=1 spf=pass spfdomain=connect.ust.hk dkim=pass dkdomain=connect.ust.hk dmarc=pass fromdomain=connect.ust.hk); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230264AbhJWRWu (ORCPT + 99 others); Sat, 23 Oct 2021 13:22:50 -0400 Received: from mail-eopbgr1400115.outbound.protection.outlook.com ([40.107.140.115]:15679 "EHLO JPN01-TY1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S229901AbhJWRWu (ORCPT ); Sat, 23 Oct 2021 13:22:50 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Iq2db6RabtKb5DbaKJa9zIIHlvVGi8ZrnrvLXPs2K4EbEys0zNA99PTbcetkR3YAxTmI4Y8ihwbLnBE+4MSTzSkksLK6nZvxXa0yBL/9FWXN627HBaKko289JzAYQ7P8jx6MClXBFHinNUZnMp8jZTLI1ONQ1nwN8dzuV2LSYzQh9AzyQh8xDDd4nArejJVUqtMwf9Y9ule8xvrUtLtwWSwxYMo2biBg4vljPMhNObX5IrVy5gfGscDUZpr/CpdmM23GINgePH9o4gIhtqYS5uzBL6pannGB0FPpj6n2LIzGEgDJIfZ/24AhlAhpHSqxNxByhaYQ2/d596/arHbHFw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Ewpc90BOJj4gY+d3uyYUqlpEWeNTrP3/D5ropDD5kIs=; b=ZZgP72tacQ85O6Y9cQUHrl+5J5YoerIXjt31KolItoitU7iqtQVhf7jJWhgk8C3gioR6NlVNB0XDxPMCcIryLe1qitIlJ5ZzfkhMNSy1g/ykZGJlaq3762XqBBJu0lm1Vk6JyenAyPU9k9358RZMrTyTe/wPSwUKSMTt54BcMO8kQ9pHRszVs0zBkm0QHIbWVT19vJX1rLfSh4j4X/ri7uLxGddbfHj6dncJWajYiEwPTIrb/73PdbUOoDGxwDyDmZI2SXxczMfoXnZ1JNrmX/Yi3XCRTkdGkQKBmnImLFN/cgbhtwP7bGfcdRX698EehfyL1kqiXpM/M3dWuz111w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=connect.ust.hk; dmarc=pass action=none header.from=connect.ust.hk; dkim=pass header.d=connect.ust.hk; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=connect.ust.hk; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Ewpc90BOJj4gY+d3uyYUqlpEWeNTrP3/D5ropDD5kIs=; b=qZ3nn9bYfrUvdp8WkXrzgc1YswhjXmg+BSXjEL5DltMgbxdCmoI09trS0j+X5ALZl8G8QgsRhrGMyhjWyKnoGJ+vJGbUZgs+rNmbyCmeHgJ55rmuvrFUESe1z0Tk6kViJoH59eD5BTG9zNy9qhGzwYS1wc46gW4ao3WJw+N1uss= Received: from TYCP286MB1188.JPNP286.PROD.OUTLOOK.COM (2603:1096:400:b7::8) by TYYP286MB1098.JPNP286.PROD.OUTLOOK.COM (2603:1096:400:cd::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4628.18; Sat, 23 Oct 2021 17:20:26 +0000 Received: from TYCP286MB1188.JPNP286.PROD.OUTLOOK.COM ([fe80::c0af:a534:cead:3a04]) by TYCP286MB1188.JPNP286.PROD.OUTLOOK.COM ([fe80::c0af:a534:cead:3a04%7]) with mapi id 15.20.4628.020; Sat, 23 Oct 2021 17:20:26 +0000 From: Chengfeng Ye To: glider@google.com, elver@google.com, akpm@linux-foundation.org Cc: dvyukov@google.com, kasan-dev@googlegroups.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org, Chengfeng Ye Subject: [PATCH] mm/kfence: fix null pointer dereference on pointer meta Date: Sat, 23 Oct 2021 10:18:02 -0700 Message-Id: <20211023171802.4693-1-cyeaa@connect.ust.hk> X-Mailer: git-send-email 2.17.1 Content-Type: text/plain X-ClientProxiedBy: HK2PR0401CA0005.apcprd04.prod.outlook.com (2603:1096:202:2::15) To TYCP286MB1188.JPNP286.PROD.OUTLOOK.COM (2603:1096:400:b7::8) MIME-Version: 1.0 Received: from ubuntu.localdomain (175.159.121.169) by HK2PR0401CA0005.apcprd04.prod.outlook.com (2603:1096:202:2::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4628.15 via Frontend Transport; Sat, 23 Oct 2021 17:20:26 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 94891ae3-6029-4965-4b57-08d9964967a7 X-MS-TrafficTypeDiagnostic: TYYP286MB1098: X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:2958; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: VSu3iYCfDKzU3IVD24QIglLcDGgglIiXHXqCV1FrxSRMrtm7/QjHEZltnTcZuYEKpZHmDAakluAljUidOh+a+MADjr3rF+eHga74O6GfMDbUzDhAZg5RpalMTiF7U9IBBXS9BOYgLarqON+GtNpgKuUZzYBZKt/KetFYhFpV5IZJ7VfI0e5Tp+4RA+6HADNdquivMuzeT0id1y/AF+IASJ338eaIws1yhVYGiNLUeiIcEJBpQSBlB01B8Yo0T+/nPpYKAhigmr8zzlWDvXOe7jQqedoCwM+bEB2kniKwTIgcfgEEbvNRM5Glnz1t5j9uqCmi49jjw7Z4Mv/MW5OveyrOEaZ2p/e2/WY0MZeltZZQS1LMw0gIUEFIQomgAwKV3UGEvVqfPrcAc7n49pvgMRVHRnO+db5T0rPRS322E9ShWOt/AtWNRp5ZCNx5y9W5jatyQEYufqz+6euQZx61WgpaOtTtalhAOVNWXLXp8N5l4wgbTupRaF/fQZHw/4Js8HC6N9NGl2TzBgYhOFj7Tt1PccVLgkAARPEqITkJmleYH7fzU4vuw+z60kZ5FrjOW/jED2spoAsVEzsBpZgfsnGaXIIzvmHyXc/Be4qKhZ7y8QdbGOxZ2HSCOcZCNXytxU7p5asYYiIn+KFA8O/FQQTAfenMA9fXnHTQNJnF89tJRaFzMrc1tCCxIoCyV86Bd12rKGzbLPa2Y7Y0AAEZKw== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:TYCP286MB1188.JPNP286.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(4636009)(366004)(956004)(6486002)(8676002)(508600001)(66476007)(38100700002)(186003)(2616005)(36756003)(107886003)(2906002)(83380400001)(4744005)(1076003)(52116002)(4326008)(786003)(5660300002)(6512007)(316002)(86362001)(6666004)(6506007)(66946007)(8936002)(66556008)(38350700002)(26005);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?jXHBoMUhEAL9yw+XKuren0fCV2J4IvRuM8QX3i33Lk5qpJpD8kB/A8WHeA/K?= =?us-ascii?Q?EyK7YEmrcSmF17leJxYBoqR073hDsGCJbodcOfDHKXgJ+PjUFX/HoS96nsWR?= =?us-ascii?Q?f9AtAfyFU/oAwO3oy5PkYbVQ/zSeMIHNkHcKn+ZNjItZHPUYSjq1i1C+TBws?= =?us-ascii?Q?dnLpAzHtfC90iOxMGgJqLwreLJ25QOE+i0b8VVx93KJRp2FvCntCgbjRW2t6?= =?us-ascii?Q?NkObRAngWn8684KAsgzur5uq3f9dMyGmaFemmR6vzxNrKt8opxpe5uSMCX78?= =?us-ascii?Q?WhM6VquQCX16oVU2Kv1allM3TDQVFzgO2C2Ll7TFAcYA5M4bStc86+1Wy+Am?= =?us-ascii?Q?W48Ib+v5uTSp8HhOzgWyDEWtsMoipejkxGlexzRHqQGyWrN1tadMJsNKm8Bj?= =?us-ascii?Q?KybsEK42tKrHlMv/xzc+u/jvjmpoHLUCyIzm9PM2bVW9BxIUIV1/9KWjnUsf?= =?us-ascii?Q?zFt42sYzkjyBh5wTBom4c74Jx8XJQMc78KU9oF9jWF00YvKw1Jir55OnSBay?= =?us-ascii?Q?lsPh6I7lNZg81jlpqJsArGh8n/HRNWHc7IVPr2+87hBnq0TfJNDOYyuBjpzd?= =?us-ascii?Q?zZG3C0ScRMjf95Z+P0aNvv0Juu7X3oOE70wuJNmDyL3CYekxuRGhxzwX47es?= =?us-ascii?Q?yGnLDuVRXV6ZjtVK/+uH9OixzBdpSdlREwOGs5qdoGz6SiqiQivMlxEvA/LU?= =?us-ascii?Q?1LXPiPmUdZabbeNCE1BAQ4jvFu7yG1HO6TcTWFokegcJEjv4YOZdZvfVlWGE?= =?us-ascii?Q?JxVw1ESTQkAGoItsJHvncYWQddjaGhi+XBnNPDEvBMiRw3P7eGcM/t/oEsf6?= =?us-ascii?Q?3VY1yqmIyhOSKCrZ06gqOrSEs+SAO/LRMGg0Y0cJ4jfRPLrsADodXHIBPxhq?= =?us-ascii?Q?39xn5bI/B+Pmb1t3JSMVQKlJP0QVPiVcNWCmlAZ+deXl6J9r1M7vL9RrWuJc?= =?us-ascii?Q?2SwZp9PbdmVtydWERlVuT+nTr4dd6aSlpwgE/OBxUzlGm4rbpVm0E65sDNg3?= =?us-ascii?Q?x8ikWVuN7PV4Shy6xuoMABqxQcLvH6WXh0g5iXrXDRxGCvIY03fYeQY+iS7t?= =?us-ascii?Q?UQ1kEjcBCJr6C23LgaDdvJq4ludc8J0hwhdhoYNtcP6RDvzRZVZlSQQHxozq?= =?us-ascii?Q?Nj1lPWZkAbr1C/S5eXEUrHxCd01kuMgas7/MYR4L2fWftCZe2vGwgoW8xCaA?= =?us-ascii?Q?Fs7MMIGKCcwyXaZGk/NjuFa/xHu9sIHdkJenMFRh9Jd1ZLO7xfZo/pnt5HDS?= =?us-ascii?Q?KBjnnTBk1+hOb8CUceGskG2IEXz6HjJ4v05Pnl0pTFpABwpCOVAENySswnzS?= =?us-ascii?Q?T09rZf5aThrosBq4QHZJcUWqWULTAXVFM72bbKaARbii2PLbnCMgsEQ8AqcK?= =?us-ascii?Q?7xgAgmSP9lzaIT2XP6Vws3v+oBHSNJ8aNb71hzyoE+yqhIZvVAeUb+KXcMVy?= =?us-ascii?Q?ATj5eTyQT8nNpcfUwEqDBBFRlkZaAXo1QAB/6uBXrnYGkS6G4eLL4KmfadI2?= =?us-ascii?Q?+1pVgG8Q+jROnLhN2oMXvqfYI8NR0HgC3mLgJxYDzS/zmnTeG1h1MT6MFonF?= =?us-ascii?Q?+c0jo1sKXGoezpCmKF/3DOkB/iY2AMINyNbqDYIt3fDIor7FtE3GNUYddKlP?= =?us-ascii?Q?38G9TNgxMYFUoAxxdnVo5+8=3D?= X-OriginatorOrg: connect.ust.hk X-MS-Exchange-CrossTenant-Network-Message-Id: 94891ae3-6029-4965-4b57-08d9964967a7 X-MS-Exchange-CrossTenant-AuthSource: TYCP286MB1188.JPNP286.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Oct 2021 17:20:26.7682 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 6c1d4152-39d0-44ca-88d9-b8d6ddca0708 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: ckoXgvJMJo9z7sssEXMYA+rQn9AjiQHunOsXDDP3y2+Hfyy3Wz94ymFQrJg9PdYFUwCjpwCJdmy5udZPy/ofYQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: TYYP286MB1098 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The pointer meta return from addr_to_metadata could be null, so there is a potential null pointer dereference issue. Fix this by adding a null check before dereference. Fixes: 0ce20dd8 ("mm: add Kernel Electric-Fence infrastructure") Signed-off-by: Chengfeng Ye --- mm/kfence/core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mm/kfence/core.c b/mm/kfence/core.c index 7a97db8bc8e7..7d2ec787e921 100644 --- a/mm/kfence/core.c +++ b/mm/kfence/core.c @@ -811,7 +811,7 @@ void __kfence_free(void *addr) * objects once it has been freed. meta->cache may be NULL if the cache * was destroyed. */ - if (unlikely(meta->cache && (meta->cache->flags & SLAB_TYPESAFE_BY_RCU))) + if (unlikely(meta && meta->cache && (meta->cache->flags & SLAB_TYPESAFE_BY_RCU))) call_rcu(&meta->rcu_head, rcu_guarded_free); else kfence_guarded_free(addr, meta, false); -- 2.17.1