From: ebiederm@xmission.com (Eric W. Biederman)
To: Alakesh Haloi <alakesh.haloi@gmail.com>
Cc: linux-kernel@vger.kernel.org,
Christian Brauner <christian.brauner@ubuntu.com>,
Oleg Nesterov <oleg@redhat.com>,
Kees Cook <keescook@chromium.org>,
Sargun Dhillon <sargun@sargun.me>,
Minchan Kim <minchan@kernel.org>,
Bernd Edlinger <bernd.edlinger@hotmail.de>
Subject: Re: [PATCH] pid: add null pointer check in pid_nr_ns()
Date: Mon, 30 Nov 2020 23:33:40 -0600 [thread overview]
Message-ID: <87wny2f5u3.fsf@x220.int.ebiederm.org> (raw)
In-Reply-To: <20201201024811.GA72235@ip-172-31-62-0.us-west-2.compute.internal> (Alakesh Haloi's message of "Mon, 30 Nov 2020 18:48:11 -0800")
Alakesh Haloi <alakesh.haloi@gmail.com> writes:
> There has been at least one occurrence where a null pointer derefernce
> panic was seen with following stack trace.
>
> #0 [ffffff800bcd3800] machine_kexec at ffffff8008095fb4
> #1 [ffffff800bcd3860] __crash_kexec at ffffff8008122a30
> #2 [ffffff800bcd39f0] panic at ffffff80080aa054
> #3 [ffffff800bcd3ae0] die at ffffff800808aee8
> #4 [ffffff800bcd3b20] die_kernel_fault at ffffff8008099520
> #5 [ffffff800bcd3b50] __do_kernel_fault at ffffff8008098e50
> #6 [ffffff800bcd3b80] do_translation_fault at ffffff800809929c
> #7 [ffffff800bcd3b90] do_mem_abort at ffffff8008081204
> #8 [ffffff800bcd3d90] el1_ia at ffffff800808304c
> PC: ffffff80080c20ec [pid_nr_ns+4]
> LR: ffffff80080c231c [__task_pid_nr_ns+72]
> SP: ffffff800bcd3da0 PSTATE: 60000005
> X29: ffffff800bcd3da0 X28: ffffffc00691c380 X27: 0000000000000001
> X26: 00000000004ce8e8 X25: 00000000004ce8d0 X24: ffffffc00691c3e0
> X23: ffffffc004e8c000 X22: 0000000000000000 X21: ffffffc00b042ed2
> X20: ffffff800876a4f0 X19: 0000000000000000 X18: 0000000000000000
> X17: 0000000000000001 X16: 0000000000000000 X15: 0000000000000000
> X14: 0000000400000003 X13: 0000000000000008 X12: fefefefefefefeff
> X11: 0000000000000000 X10: 0000007fffffffff X9: 00000000004ce8b0
> X8: 00000000004ce8b0 X7: 0000000000000000 X6: ffffffc00b042ed2
> X5: ffffffc00b042ed2 X4: 0000000000020008 X3: 53206e69616c702f
> X2: ffffff800876a4f0 X1: ffffff800876a4f0 X0: 53206e69616c702f
> #9 [ffffff800bcd3da0] pid_nr_ns at ffffff80080c20e8
I am still thinking this through. What called pid_nr_ns with
a NULL pid namespace? That was not apparent from the backtrace you
provided.
Maybe it is sane to check for NULL but it may be preferable to fix the
caller.
Eric
> Signed-off-by: Alakesh Haloi <alakesh.haloi@gmail.com>
> Cc: stable@vger.kernel.org
> ---
> kernel/pid.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/kernel/pid.c b/kernel/pid.c
> index a96bc4bf4f86..3767b9e1431d 100644
> --- a/kernel/pid.c
> +++ b/kernel/pid.c
> @@ -474,7 +474,7 @@ pid_t pid_nr_ns(struct pid *pid, struct pid_namespace *ns)
> struct upid *upid;
> pid_t nr = 0;
>
> - if (pid && ns->level <= pid->level) {
> + if (pid && ns && ns->level <= pid->level) {
> upid = &pid->numbers[ns->level];
> if (upid->ns == ns)
> nr = upid->nr;
next prev parent reply other threads:[~2020-12-01 5:36 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-01 2:48 [PATCH] pid: add null pointer check in pid_nr_ns() Alakesh Haloi
2020-12-01 5:33 ` Eric W. Biederman [this message]
2020-12-02 17:19 ` Eric W. Biederman
2020-12-04 18:32 ` Alakesh Haloi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87wny2f5u3.fsf@x220.int.ebiederm.org \
--to=ebiederm@xmission.com \
--cc=alakesh.haloi@gmail.com \
--cc=bernd.edlinger@hotmail.de \
--cc=christian.brauner@ubuntu.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=minchan@kernel.org \
--cc=oleg@redhat.com \
--cc=sargun@sargun.me \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.