[PATCH] mm/kasan: Fix null pointer dereference warning in qlink_to_cache()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

The function virt_to_slab() declared in slab.h can return NULL if the
address does not belong to a slab. This case is not handled in the
function qlink_to_cache() in the file quarantine.c, which can cause a
NULL pointer dereference in "virt_to_slab(qlink)->slab_cache". 
This issue was discovered by fanalyzer (my gcc version: 12.1.1 20220507)

Signed-off-by: Gautam Menghani <gautammenghani201@xxxxxxxxx>
---
 mm/kasan/quarantine.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/mm/kasan/quarantine.c b/mm/kasan/quarantine.c
index 75585077eb6d..c7554f5b9fb6 100644
--- a/mm/kasan/quarantine.c
+++ b/mm/kasan/quarantine.c
@@ -128,7 +128,13 @@ static unsigned long quarantine_batch_size;
 
 static struct kmem_cache *qlink_to_cache(struct qlist_node *qlink)
 {
-	return virt_to_slab(qlink)->slab_cache;
+	struct slab *folio_slab = virt_to_slab(qlink);
+
+	if (!folio_slab) {
+		pr_warn("The address %p does not belong to a slab", qlink);
+		return NULL;
+	}
+	return folio_slab->slab_cache;
 }
 
 static void *qlink_to_object(struct qlist_node *qlink, struct kmem_cache *cache)
-- 
2.36.1
[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux