Received: by 2002:a05:6358:53a8:b0:117:f937:c515 with SMTP id z40csp4990242rwe;
        Mon, 17 Apr 2023 23:54:09 -0700 (PDT)
X-Google-Smtp-Source: AKy350aa4QyPdr9xMgdA9pS4vESYwLwM7z1zD2yf+yLGvBy3utB7BBas8RUWLC20cWQnwhrIIx/5
X-Received: by 2002:a05:6a00:140c:b0:63b:5501:6795 with SMTP id l12-20020a056a00140c00b0063b55016795mr23177894pfu.24.1681800849258;
        Mon, 17 Apr 2023 23:54:09 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1681800849; cv=none;
        d=google.com; s=arc-20160816;
        b=o5SBVVPIqZGa5FoWgDqiyOcT5rchCltPCxEAqEUoXTTCEQq9x1h36ADITpVcl9E+Ti
         j2Wyo2UAzA6Z4Hri0htW9nIEDwfcc2fRTIh1+4pI8GZ8dqQOwWD2GLrlVpTgtsw+AI6G
         cVhsHFeNhmWOrtqs+8DWImmFJIIaeBWI+Wm6KFI243mw6FGGJ/11Q/OrOl12g7soVG3+
         medOYYMWMmpO0apweQ5fGMrQkG2fb44gNgYWWTk5doiXlN6iupN5trKFEt7apDartTc7
         LSBD+xg/KOtnUcGNE3BHjAim3cKVyqZS41zknVvAPyM6oeJvvIATs+Am0PJv/mSulirY
         QBNQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from;
        bh=wnb4SvcChbc0Njx/lCxBk1KI+fDz0Lj42VTjnWrrFWk=;
        b=liex6oW+U86sHpYE0IeZ07qK27tdNHFq02LFn42SfGJDcIz/rAviP0/6odQzQ75z3N
         /LmWiKNmbBGPqvJ+lhm1CD5Ddq/xMJkVZKuQSZBwuTZJzaTztTMhsQ43pes/wgnSNUqe
         HkTMxu6P6NqDqOEafA7u/GAqbr8gir+H8AKEqG2qtnrsj3PYMHzgXGd5AEwPVIX74P8r
         LbbXFOHB6y+Afs61sBjmu4RQP29eRBw0b+JMhp0HiwmgDlk2H3iP7cTCzazrmLRw3Lve
         Gu91MSOCfOLnsIs7yMrYWGoiI/Rrf/GQUBBMohau9Yue1PCjauwi+vKl18F6KaLzBPDN
         z/YQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aladdin.ru
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id r13-20020aa7962d000000b0063b8dce6141si5015055pfg.353.2023.04.17.23.53.55;
        Mon, 17 Apr 2023 23:54:09 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aladdin.ru
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230464AbjDRGxj (ORCPT <rfc822;asglitc12@gmail.com> + 99 others);
        Tue, 18 Apr 2023 02:53:39 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47378 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S230371AbjDRGxf (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 18 Apr 2023 02:53:35 -0400
Received: from mail-out.aladdin-rd.ru (mail-out.aladdin-rd.ru [91.199.251.16])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2104EC4
        for <linux-kernel@vger.kernel.org>; Mon, 17 Apr 2023 23:53:31 -0700 (PDT)
From:   Daniil Dulov <d.dulov@aladdin.ru>
To:     Thomas Gleixner <tglx@linutronix.de>
CC:     Daniil Dulov <d.dulov@aladdin.ru>, Ingo Molnar <mingo@redhat.com>,
        Borislav Petkov <bp@alien8.de>, <x86@kernel.org>,
        "H. Peter Anvin" <hpa@zytor.com>, Baoquan He <bhe@redhat.com>,
        Kees Cook <keescook@chromium.org>,
        <linux-kernel@vger.kernel.org>, <lvc-project@linuxtesting.org>
Subject: [PATCH] x86/kaslr: Fix potential dereference of NULL pointer.
Date:   Mon, 17 Apr 2023 23:53:08 -0700
Message-ID: <20230418065308.452462-1-d.dulov@aladdin.ru>
X-Mailer: git-send-email 2.25.1
MIME-Version: 1.0
Content-Transfer-Encoding: 7BIT
Content-Type:   text/plain; charset=US-ASCII
X-Originating-IP: [10.0.20.32]
X-ClientProxiedBy: EXCH-2016-02.aladdin.ru (192.168.1.102) To
 EXCH-2016-01.aladdin.ru (192.168.1.101)
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE,
        SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no
        version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Pointer val can have NULL value. Then its value is assigned to the pointer p.
p is dereferenced by calling strcmp().

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Fixes: 4cdba14f84c9 ("x86/KASLR: Handle the memory limit specified by the 'memmap=' and 'mem=' boot options")
Signed-off-by: Daniil Dulov <d.dulov@aladdin.ru>
---
 arch/x86/boot/compressed/kaslr.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/x86/boot/compressed/kaslr.c b/arch/x86/boot/compressed/kaslr.c
index b92fffbe761f..51b3925d4d2d 100644
--- a/arch/x86/boot/compressed/kaslr.c
+++ b/arch/x86/boot/compressed/kaslr.c
@@ -291,7 +291,7 @@ static void handle_mem_options(void)
 		} else if (!strcmp(param, "mem")) {
 			char *p = val;
 
-			if (!strcmp(p, "nopentium"))
+			if (!p || !strcmp(p, "nopentium"))
 				continue;
 			mem_size = memparse(p, &p);
 			if (mem_size == 0)
-- 
2.25.1