From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752514AbcGALwj (ORCPT ); Fri, 1 Jul 2016 07:52:39 -0400 Received: from mail-db5eur01on0113.outbound.protection.outlook.com ([104.47.2.113]:21581 "EHLO EUR01-DB5-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751879AbcGALwg (ORCPT ); Fri, 1 Jul 2016 07:52:36 -0400 Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=aryabinin@virtuozzo.com; Subject: Re: [PATCH] kasan/quarantine: fix NULL pointer dereference bug To: Kuthonuzo Luruo References: <1467359628-8493-1-git-send-email-iamjoonsoo.kim@lge.com> <577625CC.8080907@virtuozzo.com> CC: , Andrew Morton , "Alexander Potapenko" , Dmitry Vyukov , , , , Joonsoo Kim From: Andrey Ryabinin Message-ID: <57765157.8020909@virtuozzo.com> Date: Fri, 1 Jul 2016 14:17:43 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.8.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Originating-IP: [195.214.232.10] X-ClientProxiedBy: HE1PR02CA0045.eurprd02.prod.outlook.com (10.163.170.13) To DB6PR0801MB1304.eurprd08.prod.outlook.com (10.168.11.22) X-MS-Office365-Filtering-Correlation-Id: 6f0beeab-04f4-446a-ba0e-08d3a1a1304f X-Microsoft-Exchange-Diagnostics: 1;DB6PR0801MB1304;2:FFfo7A4SyekqzPeg68qajw/FSdZVzE0RLVPdrD0CCtDMCcXImjgHH78uQoze9IKFNAYXPPMh1WmuwP9e7hNWFIJIFQTDD6ZLJv4Ur+cr9GRh3iuUZPjv1RIV9lP+b5J26iZrBMclnEDNUxBXgLRJoCzw3rNWUEaq/oxQB4xwozJAOEDZ6IMKYz51sR/PLXGF;3:r498pIMcQ88Hyq/6RlcTdCZ/0Me8LG2Y9SLWWlUtN559qynmencFfcZ8WSCQCUfRZhVMOtzSccByoUPSGxqda+LzEaobBGrcuLTklZ0wkq82/7VAzn0UMr9cWE9+T/cq;25:FvWgQwbvw48AxPnQGTHEKQ/UQ5VUSs3Ug54mzNchcq9kQeLnBdqVXbvTaNEAcYJxbHU4Dhl7HCtIGJhjecsr37Krm0SmEZfxNz0LjUNS+3jyu+Ta3aJCbboV+cNbMnHJQi697QYpM2HHJLkGD60/Qk8RgYxbgUHh0aAOddPLcz8WfHp98Apxc/z5MAv2fxtapy5R51K2A8618N+TT6qziSLzQOXCz45pQiYeUtadfo0hWgY/kLhHeI7Tu1PuCaKLEJqQYcMhEtMLphMRN0RRuA+Jz8u5It2CHFh/T4yGaPye6gE3xcftIrJILyoP2toM7HT2RC2PDMxk/IMsY8Q70nBkoFSLuaAhVzPAFy0DyhJELMxMlxI03yIYKHjXAjZqRRyr7N+QTFNybsIEdez+JZFq+AgeUWacuXdlakJBWeI= X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:DB6PR0801MB1304; X-Microsoft-Exchange-Diagnostics: 1;DB6PR0801MB1304;31:HyaN5Jt28rM4zz2gRGrnfiuLeEQ/uW7yYjP2iI3LyPtIA0a9A5iWwsCsyKC3DS/J0vV/q+9w0hS/JF4uFVjmC+9GaDwz8K0kWFNd+VEQPubCvV0zWSouxuGyW3i9Q3f47K8O8xnBofZXuTjVeZbOw0gngZ6VOCEE9EeTjeQjwOzoO3pdYzZwVaXkaEjHN3aVnqj4mgZcZGT9GlsYnWWMzA==;4:+vNdD2XnMecpUZ/4brmZESj7jeROQCmuvX+e6t2gEPnNq3iFHexBUI7SdsxTJGDQDcG9qsuk/9Zv0FrZlWd+bY7grtFMs7KoxiBre124O//OGDMofow9D/tcvd5E8x0M6/AmWjg6iQZow1oWUqqJIydmqRv9ox3XDMXBFyiJ3rqlhcela+mkr2OSuUwvSsZ/I4xxlyQG2TM7ykxPUCMatxaDTcyuLBp29sDaRurglYvDynY0CPjWR2aurSBqmMWMJrDYpbiObsUhApM88JzLDo4QSe87KetwVeHSdyM6MP5jYTGfVBZt9FoeaBVYaVFq5EjohbM3iuteesY0LTCQ59Z2lwcNEGKtvOWb2ITYjfevw5FQocses8Wjg77yUH2ApsSpKcqjykbexml7BzxJlV5RJ54cRGYvQCq7T0d7lPk= X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(6040130)(601004)(2401047)(5005006)(8121501046)(10201501046)(3002001)(6041072)(6043046);SRVR:DB6PR0801MB1304;BCL:0;PCL:0;RULEID:;SRVR:DB6PR0801MB1304; X-Forefront-PRVS: 0990C54589 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10019020)(4630300001)(6009001)(6049001)(7916002)(189002)(24454002)(377454003)(199003)(76176999)(65816999)(230700001)(189998001)(99136001)(110136002)(586003)(19580405001)(19580395003)(3846002)(6116002)(77096005)(122286003)(2906002)(50466002)(87266999)(81166006)(4326007)(54356999)(8676002)(4001350100001)(106356001)(83506001)(50986999)(97736004)(305945005)(65806001)(86362001)(105586002)(66066001)(65956001)(81156014)(42186005)(64126003)(117636001)(101416001)(92566002)(7736002)(7846002)(47776003)(36756003)(68736007)(23676002)(59896002)(2950100001)(62816006);DIR:OUT;SFP:1102;SCL:1;SRVR:DB6PR0801MB1304;H:[10.30.19.223];FPR:;SPF:None;PTR:InfoNoRecords;MX:1;A:1;LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtEQjZQUjA4MDFNQjEzMDQ7MjM6bVI3L01aTWFyRVVSMkJhUkRVTTNsTGNr?= =?utf-8?B?RDNFN3ROYUpLNkd2WjhhZG5rR2EzMmdQLzFpejNheW5KV1dZOEpnLytkTnI3?= =?utf-8?B?Tmg1MkFTRm9iZk1ZQ2VjbnVCWXhsU1JhbndEbWdBc2hzazVjWmErUkRNcStq?= =?utf-8?B?dmNWTklpdFpOOUIxQXU3RE5HVG1lRjQ0ZExrMXBsVWl2QVVucE1NQi83anJM?= =?utf-8?B?S2luc3VHU01aRXFIdHc1WGQwQmcyRFlOdTZ1cGxPMFFWem1MRXhMc3Z0bGlE?= =?utf-8?B?bVN1dVVFeTQ0VUoxZXVIcVduRVdEYmQ3K29rVWx1a2ZWY2J3ZUdiWEN0U2Jq?= =?utf-8?B?RGVPRzJCWXRtWVZHL0NXRllLcU8rRFVVMkZGMElua2wxK2tQVTljNlBpOGZq?= =?utf-8?B?WHdoN09KcTQ5WDJUbXdKendwMVllRkxJaUluaTJkSElOMkRLK2pXZlRNTmgy?= =?utf-8?B?R1FxS21PSVBVRkZidnNHc0VLUldTWks3WktYRlBCNlRIVnpjeEVMekExeFNP?= =?utf-8?B?YWNHcGZhN29WY0Foc0N5QjMzSTVVcTQzbG1DL2lzT2tqUHpEcld3cll4RlVq?= =?utf-8?B?RUNGZUJlSFNTRGZGQjd6ZWFzRVkxbU93VFNtN1dWTFZMeGZ6cVh0cG05N3c4?= =?utf-8?B?VXJIRExLejJabkdTaFQwRXZqT1g2WkVjekRPTTFCbDREdmJsSDIwUW9IUlk1?= =?utf-8?B?SXpKeHJzTFB3Nzk2WnB2M0c5WjEwd29xSFRiTmM4Y3o5M0tDaHlNM0o4b0Nh?= =?utf-8?B?cEF0SmJCVEp5MkF6NENKdXpaQXdSTmdmL3NxRnVqQmFtSzFBTlVwMzR2NmNO?= =?utf-8?B?elo0YTFpQUtnSkpMR3d0VVlVamhDaDRqQjZIWGRKQ0FMTTVZbnVFd0dBMGdw?= =?utf-8?B?djR1WG1GT2RxbytXZk83ZFFHbStlaTQrU3NjbVBGUTRndEhac1JNQmw1VE9k?= =?utf-8?B?VCtuK2c0aWFyWXhad3BweDJIMXBlemN3TkUxVFcvWmdWeTlNL0xlYVo0LzlQ?= =?utf-8?B?aVpDR1F6cHZvcUJ2V3o0blc4Um9uSXJBSnJpeHUrMlp1cUcwMzlvUjNZZjBW?= =?utf-8?B?N29XQlJWckZhQnlFTTVLYXF0VjRPY2hVekVEb3lYbHJDbzFRNDIvaVB4eUZ4?= =?utf-8?B?VEdieUxWemw0cnNwUDlRcDVLOHA1VHpUOTNiV1IwUkJDVGNsM2lXbkpCdzlO?= =?utf-8?B?WGdVRE9VRzVjYUdBVWNZZW9MWndqbmFpbjY0bUlLd1JQcEdMSkpzdE5PcTJq?= =?utf-8?B?RjZ6MjNNOXg4M2IrSXdNNXdYSGNMSmZ1NDJsWmcwODdESUMxUHlUd2ZRckMr?= =?utf-8?B?TVpTeGw3b3BaTCtkRWtoem11VlpzRVpVdm52ZkhEVmZpMk1jOXpDNWN6by9M?= =?utf-8?B?SVFSV0t6aVk4L0FsOEFOaHFnUUlpOWVmUkNXazg1M2tnUzEvSUFBN2o2UllO?= =?utf-8?B?bGR0OFBWZlRoOGRneHYrYlplTnJYd2tIK0V5bXVQUXVETTF6SVVFU3hLQTVp?= =?utf-8?B?ZjZqQmdvNThqNHdEVlJuSTJJbW5uNmxzb0ROTVZ3ZDRxVUlyTkhzY05VWVZo?= =?utf-8?B?aFR6WWdLaGtjVjJiYlBRUm04YjM1SE9OUUY1OENIa2tQTEdxNE9qVmJKakpE?= =?utf-8?B?bHFjRXNCWFl4NTB2M0xMbEZkT093ZlgvLytFQXRpU2kzYW9rY0hHVW9yMmc1?= =?utf-8?B?aTd0b0E3Z2c0b2VxSC80NE1ObEs0Ump2NDBvSjJXbTFrY3pNQURWN2hLSmMr?= =?utf-8?B?WTZVZkoxbk1WQ3NnRmpvOXorUENrcXVJSlFDOGVuTnE3b3JkUWtJSS9UcTR3?= =?utf-8?Q?P1+3i2hnd5AEo5q?= X-Microsoft-Exchange-Diagnostics: 1;DB6PR0801MB1304;6:uBFbAqKLS3/rxykOhkTb0RwfFVGZ9hv70eQxFueyPFuyJeaVraPHyEgZ8XFyM5/vRmXJefZkmFMANoZ8yUbqFf+A2IB3RxL3dBUwpxnYGARl8RAzXCDvYPuChM+NXvlZlYbk75GX85ecKSUB8Pjpj34jdEgDd62vKMFEBEj22W4D6EQC2rOPCYHAx6BUwKaLpfQ3kG7sQw2VHN/WJibQYxonJEpAylmqjooZHgLIg9NlJdG+ZD2/LCuypp2B/H5SF/Aq2AlMbItwDv5tUMpsPPRmGXCLQL9AeaGxR5I7PZUeKBU+d2dSS6b+0mo3smJp;5:0BUQEpPnwcJIyHw/ONtKdRyhTxaOJyZo3dODrLFAYf82u85yEEdY6YenBvOb3FlcbzEdazEfgG9AMpCk4Se7lLvl/Mw5A6Dqwa21rj1cB8vKOr21i5JGdZp6vnaSZ37q9zvJmZGhZ/QAstADRRDTkg==;24:kXc7pqwRNercvhTZ8pOefAa8YLosFLp6QxoMbqXbz4jo0B/YyOydDiBjvdTs7LxhgFA2olSuKQxV5kPtZURhs4z8MIbQ4l8BJh/K7Eisnqk=;7:uff/FRuC8FBBad0Hci7WBtmE49QgVvdUzUj6YIzxZzUg4MrhaJQ6unCIu5W3bBhWSVIRu1oOiPY5PkJqQAC5vLgNSdUl8KWqnsS7/ANemoAZgb6ts7ED56If1XK4vJtKowN4rm0if8x+qFpLCjNV3B3PfF2Avb0bFUIo6SWNsU/29vlkp3uZT4kef7pv2642VbutMwr71TxxTfSn0+hBEEWMX9z7JxxELIZvEfcdyq7nPGZB1E7OHgRzquBXLy4J SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;DB6PR0801MB1304;20:uJ7uBbVQFLGwtpfXOmE/ryoTNi6nkVzLOtPJPMe91vfy5YcbaC+Jsn/81tuMe2tXZ1mDjLSw3SZtmZsfq5f1hlsNjqPhnPm7nPuKiU6RnMkzb2nxXoefUf2KAwEq0JsjIKqeyA85WcvfncA2V66VYKqW1+/Uc3i39BpNj9oemCA= X-OriginatorOrg: virtuozzo.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Jul 2016 11:16:44.7558 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR0801MB1304 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 07/01/2016 01:55 PM, Kuthonuzo Luruo wrote: > On Fri, Jul 1, 2016 at 1:41 PM, Andrey Ryabinin wrote: >> >> >> On 07/01/2016 10:53 AM, js1304@gmail.com wrote: >>> From: Joonsoo Kim >>> >>> If we move an item on qlist's tail, we need to update qlist's tail >>> properly. curr->next can be NULL since it is singly linked list >>> so it is invalid for tail. curr is scheduled to be moved so >>> using prev would be correct. >> >> Hmm.. prev may be the element that moved in 'to' list. We need to assign the last element >> from which is in ther 'from' list. > > something like this should handle qlink == head == tail: > > --- a/mm/kasan/quarantine.c > +++ b/mm/kasan/quarantine.c > @@ -251,11 +251,11 @@ static void qlist_move_cache(struct qlist_head *from, > if (obj_cache == cache) { > if (unlikely(from->head == qlink)) { > from->head = curr->next; > - prev = curr; > + prev = from->head; This will break 'to' list. > } else > prev->next = curr->next; > if (unlikely(from->tail == qlink)) > - from->tail = curr->next; > + from->tail = prev; > from->bytes -= cache->size; > qlist_put(to, qlink, cache->size); > } else { > >