From: Anton Vorontsov <cbouatmailru@gmail.com>
To: Colin King <colin.king@canonical.com>
Cc: Colin Cross <ccross@android.com>, Tony Luck <tony.luck@intel.com>,
Linus Torvalds <torvalds@linux-foundation.org>,
Kees Cook <keescook@chromium.org>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH RESEND] pstore: fix NULL pointer dereference in console writes
Date: Wed, 14 Nov 2012 18:49:46 -0800 [thread overview]
Message-ID: <20121115024946.GA12232@lizard> (raw)
In-Reply-To: <1352893793-25260-1-git-send-email-colin.king@canonical.com>
On Wed, Nov 14, 2012 at 11:49:53AM +0000, Colin King wrote:
> From: Colin Ian King <colin.king@canonical.com>
>
> Passing a NULL id causes a NULL pointer deference in writers
> such as erst_writer and efi_pstore_write because they expect
> to update this id. Pass a dummy id instead.
>
> This avoids a cascade of oopses caused when the initial
> pstore_console_write passes a null which in turn causes
> writes to the console causing further oopses in subsequent
> pstore_console_write calls.
>
> Signed-off-by: Colin Ian King <colin.king@canonical.com>
> Acked-by: Kees Cook <keescook@chromium.org>
> ---
Ugh. Thanks for the reminder, I completely forgot that I had this bit for
v3.7.
Applied, thanks! (I also added Cc: stable.)
> fs/pstore/platform.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/fs/pstore/platform.c b/fs/pstore/platform.c
> index a40da07..947fbe0 100644
> --- a/fs/pstore/platform.c
> +++ b/fs/pstore/platform.c
> @@ -161,6 +161,7 @@ static void pstore_console_write(struct console *con, const char *s, unsigned c)
>
> while (s < e) {
> unsigned long flags;
> + u64 id;
>
> if (c > psinfo->bufsize)
> c = psinfo->bufsize;
> @@ -172,7 +173,7 @@ static void pstore_console_write(struct console *con, const char *s, unsigned c)
> spin_lock_irqsave(&psinfo->buf_lock, flags);
> }
> memcpy(psinfo->buf, s, c);
> - psinfo->write(PSTORE_TYPE_CONSOLE, 0, NULL, 0, c, psinfo);
> + psinfo->write(PSTORE_TYPE_CONSOLE, 0, &id, 0, c, psinfo);
> spin_unlock_irqrestore(&psinfo->buf_lock, flags);
> s += c;
> c = e - s;
> --
> 1.7.10.4
prev parent reply other threads:[~2012-11-15 2:53 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-11-14 11:49 [PATCH RESEND] pstore: fix NULL pointer dereference in console writes Colin King
2012-11-15 2:49 ` Anton Vorontsov [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20121115024946.GA12232@lizard \
--to=cbouatmailru@gmail.com \
--cc=ccross@android.com \
--cc=colin.king@canonical.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=tony.luck@intel.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.