From: Kees Cook <keescook@chromium.org>
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Ingo Molnar <mingo@kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
"Jason A. Donenfeld" <Jason@zx2c4.com>,
Thomas Hellstrom <thellstrom@vmware.com>,
Andi Kleen <ak@linux.intel.com>,
Daniel Micay <danielmicay@gmail.com>,
linux-kernel@vger.kernel.org
Subject: [PATCH] kref: Avoid null pointer dereference after WARN
Date: Mon, 26 Jun 2017 20:52:15 -0700 [thread overview]
Message-ID: <20170627035215.GA132342@beast> (raw)
From: Daniel Micay <danielmicay@gmail.com>
The WARN_ON() checking for a NULL release pointer should be a BUG()
since continuing with a NULL release pointer will lead to a NULL
pointer dereference anyway.
The kref_put() case is extracted from PaX, and Kees Cook noted it should
be extended to the other two cases.
Signed-off-by: Daniel Micay <danielmicay@gmail.com>
[kees: clarify commit log]
Signed-off-by: Kees Cook <keescook@chromium.org>
---
include/linux/kref.h | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/include/linux/kref.h b/include/linux/kref.h
index f4156f88f557..82a2c225eae3 100644
--- a/include/linux/kref.h
+++ b/include/linux/kref.h
@@ -66,7 +66,7 @@ static inline void kref_get(struct kref *kref)
*/
static inline int kref_put(struct kref *kref, void (*release)(struct kref *kref))
{
- WARN_ON(release == NULL);
+ BUG_ON(release == NULL);
if (refcount_dec_and_test(&kref->refcount)) {
release(kref);
@@ -79,7 +79,7 @@ static inline int kref_put_mutex(struct kref *kref,
void (*release)(struct kref *kref),
struct mutex *lock)
{
- WARN_ON(release == NULL);
+ BUG_ON(release == NULL);
if (refcount_dec_and_mutex_lock(&kref->refcount, lock)) {
release(kref);
@@ -92,7 +92,7 @@ static inline int kref_put_lock(struct kref *kref,
void (*release)(struct kref *kref),
spinlock_t *lock)
{
- WARN_ON(release == NULL);
+ BUG_ON(release == NULL);
if (refcount_dec_and_lock(&kref->refcount, lock)) {
release(kref);
--
Kees Cook
Pixel Security
next reply other threads:[~2017-06-27 3:52 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-27 3:52 Kees Cook [this message]
2017-06-27 7:06 ` [PATCH] kref: Avoid null pointer dereference after WARN Greg Kroah-Hartman
2017-06-27 11:00 ` Jason A. Donenfeld
2017-06-27 14:49 ` Andi Kleen
2017-06-27 19:11 ` Jason A. Donenfeld
2017-06-27 19:29 ` Andi Kleen
2017-06-28 11:26 ` Michal Hocko
2017-06-27 18:34 ` Kees Cook
2017-07-05 15:37 ` Peter Zijlstra
2017-06-28 11:57 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170627035215.GA132342@beast \
--to=keescook@chromium.org \
--cc=Jason@zx2c4.com \
--cc=ak@linux.intel.com \
--cc=danielmicay@gmail.com \
--cc=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=peterz@infradead.org \
--cc=thellstrom@vmware.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.