From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752545AbcGAIo3 (ORCPT ); Fri, 1 Jul 2016 04:44:29 -0400 Received: from mail-db5eur01on0108.outbound.protection.outlook.com ([104.47.2.108]:63211 "EHLO EUR01-DB5-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751218AbcGAIoY (ORCPT ); Fri, 1 Jul 2016 04:44:24 -0400 Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=aryabinin@virtuozzo.com; Subject: Re: [PATCH] kasan/quarantine: fix NULL pointer dereference bug To: , Andrew Morton References: <1467359628-8493-1-git-send-email-iamjoonsoo.kim@lge.com> CC: Alexander Potapenko , Dmitry Vyukov , , , , Joonsoo Kim From: Andrey Ryabinin Message-ID: <577625CC.8080907@virtuozzo.com> Date: Fri, 1 Jul 2016 11:11:56 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.8.0 MIME-Version: 1.0 In-Reply-To: <1467359628-8493-1-git-send-email-iamjoonsoo.kim@lge.com> Content-Type: text/plain; charset="windows-1252" Content-Transfer-Encoding: 7bit X-Originating-IP: [195.214.232.10] X-ClientProxiedBy: AM5PR0901CA0008.eurprd09.prod.outlook.com (10.164.186.146) To DB6PR0801MB1303.eurprd08.prod.outlook.com (10.168.11.21) X-MS-Office365-Filtering-Correlation-Id: b36f5639-c2f5-41a2-5d0f-08d3a1873b29 X-Microsoft-Exchange-Diagnostics: 1;DB6PR0801MB1303;2:Pnn1SII+xIegaGNtKn+0unQu1AbmFJbVTSawIOv0s9/SEEbUy+bZ3SbvOdk1l8aNlHHeIVCYOnvTfTwSz/iizSX/QQKba0mkWkG6mDCHa13xyRUyiAxvhgp+hNntLwPxM6NXFITKdqauShQDg2by2C/HX7RVl9dKgpkITlDeW853h7KtUqjoDJgT8nPlchRi;3:fyLDqfZ9xdrOV0fb7tsVc4+X8JRo1e582u+iA9+B1m+axnuffMgXwuL/A8IgBygjF84DwadQFwD7Ao1SYpSk+9uLYwR0JO2snqZS/wRtlyLfXuuRFlbvrLj5NqXGeTB8;25:/0XGoOMU1HHpwA5NSWl6LipY6aZefoPTaY8NOJeaTphtxlmy5R4UOt0ndo+71e0EWR4UAt3BI+0a7k9XI2nk6/QiUZtyTVjXNeOE8sG/9z77zid5tyV/b92b/S1k66FckSzn/SQWVt+xsgaFxs9hG1eAn9BKVgoK0omZwx1Giekv3Lh0Knd/B7i9p5u/LdMRg0skXW6OMGAhef60eEsCUNxOy4npD1Zrai3MCl8xbWaokH5Gb2o+O78NlkYb55qJHpuTOLZP15CA7ug+PDw1jJKXi7+RfSxg85rjNGIlwDTxe2riPfD1HZPckhPjdfCoHzimiRCTnH848p+T2Y4oQRKlzH7TAtt+MjAIKXSZNfqWKgRp43S/r2SNf5f0Xd6AFygMZ2Jbzq61KS4iYzwkLgbnKWTSZpUTHbC2RygkkXY= X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:DB6PR0801MB1303; X-Microsoft-Exchange-Diagnostics: 1;DB6PR0801MB1303;31:BLrvIls6aB9zf1hMDO+cCKe+Ru2plGbXxOzdJ1bveJh5VjEK3YOvFA2alHzfxJusLywQfQP7LH7w6MBydcxQuZI1CxvG1GVkTrsXP3CqKpA+Q1/O3rP1u2uQ3TPyQBVUe0HoeHF/QHXE3GIsFGOzszzrX8NszuUa2guThArVkX/GW/j2mymCkmIyZqXSpNemshB+qnPfs3W9rpTismLpew==;4:L5+JFssU1PvVlkUWrTfu/ut7NE0vL0S47RAIQaXtkqV84nMJXSb+8oxGxxBPwOqCCzPWdzN+k5ljQ4tfsueOslPDoRzC5UAGP66F+EHf698NIL801b3QhJYJTd4I2gJKOBIjnMlCUyFrkVThSrmZpThwUfy9huLa0GKytChYk12xtRwHcuw+5e28FrbAoRVI8ghHBPyAkdgvNAOKLdZ8NEorTAg466jglHbKC/pC7OBf8jHGvd230RqP+Uby+mpSvuiDU8Pjbfhg5yIC0SE20Qm9jP/GvhX4+0dLS5vZySaTRiMnsGbJl48/LlP551YxTklOHzTFUapWGN8M3FksA1t5Xb1yjJ5FXsmOBGyR9RQSSiiKhluOjYHYucXyjA8xtZPse98vna37BkVKEoUW7HBuOTboMPx+BMNkpvBOt1s= X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(6040130)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(6041072)(6043046);SRVR:DB6PR0801MB1303;BCL:0;PCL:0;RULEID:;SRVR:DB6PR0801MB1303; X-Forefront-PRVS: 0990C54589 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10019020)(4630300001)(6049001)(6009001)(7916002)(189002)(199003)(24454002)(377454003)(50986999)(5001770100001)(54356999)(76176999)(97736004)(92566002)(64126003)(50466002)(59896002)(4001350100001)(65816999)(87266999)(106356001)(2950100001)(305945005)(83506001)(7736002)(47776003)(66066001)(65806001)(33656002)(65956001)(7846002)(2906002)(23746002)(230700001)(6116002)(4326007)(19580405001)(19580395003)(80316001)(586003)(77096005)(68736007)(189998001)(105586002)(81166006)(81156014)(86362001)(101416001)(99136001)(36756003)(3846002)(42186005)(8676002)(5890100001);DIR:OUT;SFP:1102;SCL:1;SRVR:DB6PR0801MB1303;H:[10.30.19.223];FPR:;SPF:None;PTR:InfoNoRecords;MX:1;A:1;LANG:en; X-Microsoft-Exchange-Diagnostics: =?Windows-1252?Q?1;DB6PR0801MB1303;23:LK3BH9qtQf4rXZ3kAxku0Q7LHlcTQfwj5Qe?= =?Windows-1252?Q?S8HXg2Wj5XjCQDF8fC64dAX0OISm00VL0Luia2pKXOK5eXRPdEvu5D13?= =?Windows-1252?Q?l/rrO3mwWKbIDFIDyxGUAcNg3+alUg8Y1mUg8TuHtl7+/CxCbBNpEg7E?= =?Windows-1252?Q?BlCMe8LVvL02G5+R3MpPgBJOcYmnHM61ZMkuj1ocV84W1TdH8/yGC+cm?= =?Windows-1252?Q?VduWYY5xkzmMD+dlDiE3b7yxsbvnGtQsT7CrmPMcAmi3hzrp2uHHv8Bj?= =?Windows-1252?Q?8UAb4UkuSCD1NDejXx1fxkVuKwp2LedqQkCYrzo+bz6g6eXNVcH5VtcC?= =?Windows-1252?Q?oLBa7yGIUFmrLiYx951m98CJb2neBpVSyU6sJ2A/hAXh8cXjMeQfsTUD?= =?Windows-1252?Q?f4Y97DfXfHL5SgYKqh3ygOHgFCY5mz4KPhERV9Qkn07vyoU1oodK3o8K?= =?Windows-1252?Q?BMByCQazrgbCUpJCGYMeshipPloZjdccv3/9gvquwTzwD0axqgwVWAFW?= =?Windows-1252?Q?qAqps4B/Vb5LbugltIJi7vlGPmv/WJc3KgRB2vkqjLngImJXn1++HfxB?= =?Windows-1252?Q?jvu1zpEJEwrrmzKMhJPRoGzQkie04TbfByzzgQdGPp4EdpNjFrGrRmVk?= =?Windows-1252?Q?O0fVSp3fUyj0IaFod5ZLoyBD29KOqJlwep6ej/aPpTO40cwVyWW5D36a?= =?Windows-1252?Q?99eDFtefGcf6yNIqVfrPNuob3fnyyGYwIDt0SBenmvy2TVOZmBfJnvK6?= =?Windows-1252?Q?XCy0MaSN4SCMJsqgajLnZiLJ9U2jbryT2cFsubtIBIDZQcQc4UcShWar?= =?Windows-1252?Q?fCQ4k86eHtmy9ygmJ5YcTKnPt4AxFNdQhdzjojYp4ZJu+aX5J7YetEvC?= =?Windows-1252?Q?MmcS/zqpawIobHPzG4vF56oMMQBNYN8IVkFGp3vyxp+xeMDC3gZxh2KP?= =?Windows-1252?Q?sW/j2bCOYbU4GZzo7aCZ8Yt0uCZN/Sb0jMyR9z0nZYEpD0dKS5H6JY/j?= =?Windows-1252?Q?iRSfXoxA5kt6w6GeDw22EWtaucXxiKNRvFyoAHzdEQhpbcuA9zdDAN/C?= =?Windows-1252?Q?JUKm5LYKEXDaJ2vHKHEmnUzjD3FTpcvL+HFzPFvZN2a4T7MhmqKN/k4J?= =?Windows-1252?Q?r9nUdvSaFD6fjWaYvezmEFTMXMoak5SoyocCkM+s0slq2sdLFFNkYn8j?= =?Windows-1252?Q?+aJztzks6BvHIaYSUyCGeOryoCaEcJI+WCzE+RcqwMKQhIixyhlsPRDi?= =?Windows-1252?Q?fX74iTXYpTmPHabbenrDRUiiZ8U0vGIUkegi9usfeacEelZx2g7/HRbo?= =?Windows-1252?Q?CnStuqvQETYroWZpmtLtA/X3cK5uCfQ/uX1Xaj3TaOp72+T8ZA3rFndu?= =?Windows-1252?Q?26E/SLlMRR7Vt379YoVzVubbQJ8O9AqqBbyKqEaZmU6DTn8Uj61e5NZd?= =?Windows-1252?Q?HpLruhtf74XCm+FB0e2o5DAF4r/miduhgk6OsP/aNxw=3D=3D?= X-Microsoft-Exchange-Diagnostics: 1;DB6PR0801MB1303;6:KHIhUUBVdMnSydHRBJx3fM7V3G1bFCtiuuKOCiys9db8uPsu292S7+X6f9KYIOUKBr2yohwF0HCWHKDGAexe2qWLFAWZCcY+W5LCBzpDmMZSWpfhoOhvGB3g7NpamdpvcAQFLdkhv9wL9A5hV41lnESzhgYuQaYfjIMOK8Hk4XhFAMwwSmOtLkfmYVNGqsvadDiI7RC9JDBw3Jy4VFSU8vVjO/e2urmR8LTtvUnd8bmDd31H85+G5XgmKn4QueENeHvLEgzqBVyeNYhKqc4XE47T0B79c94OQsRFqJNpt3mQFsWlE8aTyoaX24ZLtym1;5:LtbyhJOiJxPKbF/LLf5FU/xDICTtFYgzkkJkzsVz3rxK/CaFrgJA9FO0sJzgGpSsy0FAgQghJz1ZnwdrN88wD/cPrVWKtbeCiAzkcAUt46L3zrvglYLgrUl/BEFKr6anaKDJuDQwwF5xme9+JXPhow==;24:7kOK6JwXM8vhZmBGrqJRPYnfX9QGIeVNmf2aMmB+RSN0cqiZ57bxYHQT6FNV+tHLMRtdMIoMF/OPsdLEpbMw7Au1Cr++4swNrVyOYHID6MU=;7:lbEs8r9FFqI3seCxlg5jLaiAjATV2QGiaCjaVih/jGjI4lb5UlirEGEID9Q3KMo7B+HQCAhn4mjLX3loJi7BmzQFdFeAxo/5VrNqiRnSeDFFlPzTngF4XxWPWLMb0xHgOxpGw23NRUwGC2OWNxuSdRoNQjGUZ6+/PsG71wGX7ENh9FPFHGoQYj2uQPPgZr6WqEdUlgRihTbEt9uUFGtdA+XVlkaLAIvcUR64inoYMa8Ccy0cj/biaENOg7ipx8ot SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;DB6PR0801MB1303;20:bSykYlq/GC/3MQsQSXA6wC6IaVfd0zXmEvJywz67p2wZx1RWxLyM3h05EJK8iSu9pmhaka1guq+8hsiBeflBxE1tMRp3+jDDfWDD+aMyy71yDh/pbBvXuctOv4wuAqDLxrDZ6q/CutYKHO/U9NKCaGA4j3pxXkS+xpKuG6P9t88= X-OriginatorOrg: virtuozzo.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Jul 2016 08:10:56.7499 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR0801MB1303 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 07/01/2016 10:53 AM, js1304@gmail.com wrote: > From: Joonsoo Kim > > If we move an item on qlist's tail, we need to update qlist's tail > properly. curr->next can be NULL since it is singly linked list > so it is invalid for tail. curr is scheduled to be moved so > using prev would be correct. Hmm.. prev may be the element that moved in 'to' list. We need to assign the last element from which is in ther 'from' list. > > Unfortunately, I got this bug sometime ago and lose oops message. > But, the bug looks trivial and no need to attach oops. > > Signed-off-by: Joonsoo Kim > --- > mm/kasan/quarantine.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/mm/kasan/quarantine.c b/mm/kasan/quarantine.c > index 4973505..9a132fd 100644 > --- a/mm/kasan/quarantine.c > +++ b/mm/kasan/quarantine.c > @@ -255,7 +255,7 @@ static void qlist_move_cache(struct qlist_head *from, > } else > prev->next = curr->next; > if (unlikely(from->tail == qlink)) > - from->tail = curr->next; > + from->tail = prev; > from->bytes -= cache->size; > qlist_put(to, qlink, cache->size); > } else { >