From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id AEE11C6FA99 for ; Tue, 7 Mar 2023 12:11:31 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 160CB6B0071; Tue, 7 Mar 2023 07:11:31 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 1104E6B0072; Tue, 7 Mar 2023 07:11:31 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id F40B46B0073; Tue, 7 Mar 2023 07:11:30 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id E65586B0071 for ; Tue, 7 Mar 2023 07:11:30 -0500 (EST) Received: from smtpin19.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id A97D1AB22B for ; Tue, 7 Mar 2023 12:11:30 +0000 (UTC) X-FDA: 80541987540.19.128D32B Received: from m126.mail.126.com (m126.mail.126.com [220.181.12.26]) by imf25.hostedemail.com (Postfix) with ESMTP id D1D66A0024 for ; Tue, 7 Mar 2023 12:11:26 +0000 (UTC) Authentication-Results: imf25.hostedemail.com; dkim=pass header.d=126.com header.s=s110527 header.b=RhIFI3vK; spf=pass (imf25.hostedemail.com: domain of lengxujun2007@126.com designates 220.181.12.26 as permitted sender) smtp.mailfrom=lengxujun2007@126.com; dmarc=pass (policy=none) header.from=126.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1678191088; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:references:dkim-signature; bh=KImqK5nEPPgYeY4hktI2AGPAI+mlkHUTNmsY0A04dxQ=; b=8hgsa1wqLCMuf8ByGmErXLl7VWtIIrUk2pD6hHw40OuVMnxwtPA24nnJ21+Z39txBi1pmo DdGaOf5mRqNoZiOYtbiDO22uw8Y8B0UO7qjRkoyCbEnYbZ8EtsIg71cA+UDJqAtrCBlttz L/6COx8yHKhRUry5L0nr0j5ZS4pRO08= ARC-Authentication-Results: i=1; imf25.hostedemail.com; dkim=pass header.d=126.com header.s=s110527 header.b=RhIFI3vK; spf=pass (imf25.hostedemail.com: domain of lengxujun2007@126.com designates 220.181.12.26 as permitted sender) smtp.mailfrom=lengxujun2007@126.com; dmarc=pass (policy=none) header.from=126.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1678191088; a=rsa-sha256; cv=none; b=1XqHUUc0pQ2U76GLiI1quqPf8tvq99lMHhEZcefRyuA37fS5dqEsgQfhPqc9CwSKTr2b5s 0ZBZKyYpoR6lsaUpidMgx4L4X8VGUi2UYfaJD/MMYyXph7eNgFq4U+QtizNYC1O1B8qzjq 5UiZhs8nu3oJTwphnC6uMN7A0rAXeVI= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=126.com; s=s110527; h=From:Subject:Date:Message-Id:MIME-Version; bh=KImqK 5nEPPgYeY4hktI2AGPAI+mlkHUTNmsY0A04dxQ=; b=RhIFI3vKCAvpoUObTXnXZ iecpcNGNoguAdVVLYvIrR8ErIb8xAVB6yDoZcAjdW+ASG3IP7LfnxbKwgj2cJkxY Q590jlBcsbxOa19RugU4wA09sah43pEdBJmJhr+ItccD6nIDCts2vhrjj5sHQoLo ZxQwRMuXHnpqtJM+VG589o= Received: from localhost.localdomain (unknown [113.91.40.179]) by zwqz-smtp-mta-g4-1 (Coremail) with SMTP id _____wBXNNkC_wZkgKzZAg--.44696S2; Tue, 07 Mar 2023 17:08:20 +0800 (CST) From: Xujun Leng To: akpm@linux-foundation.org Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org, Xujun Leng Subject: [PATCH] mm: fix potential invalid pointer dereference in kmemdup() Date: Tue, 7 Mar 2023 17:03:58 +0800 Message-Id: <20230307090358.21346-1-lengxujun2007@126.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-CM-TRANSID:_____wBXNNkC_wZkgKzZAg--.44696S2 X-Coremail-Antispam: 1Uf129KBjvdXoWruw1rur47Ar1DXrWxuFyUZFb_yoWxKrg_X3 yrKryqvr45CFs7JayYvr47WrnIg3ykurW0ga4aqas3Ar98Cw40gayvvFZ8X39xCr18Wrs2 k39Fvw1DGrnFkjkaLaAFLSUrUUUUUb8apTn2vfkv8UJUUUU8Yxn0WfASr-VFAUDa7-sFnT 9fnUUvcSsGvfC2KfnxnUUI43ZEXa7xR_NeOPUUUUU== X-Originating-IP: [113.91.40.179] X-CM-SenderInfo: pohqw5hxmx0jqqqxqiyswou0bp/1tbiaQUrd1pEIwjs8gAAsb X-Rspamd-Queue-Id: D1D66A0024 X-Stat-Signature: okxzj6798f3wryz3akji9i5smtee5fh1 X-Rspam-User: X-Rspamd-Server: rspam08 X-HE-Tag: 1678191086-964107 X-HE-Meta: U2FsdGVkX19H1D76UEvrbf00FGyk/CHom5BoEkhlIfhlCMSrwdn3YFARU70BhTSeqiPk+nHH8JLx0o2Tt9YQjCVj5LcCvWrPUZtm9DX9g5IEnM5i7SBGwrXuGkVs6i5h6F67pwviqmwDxFj5mzbBIi+ACrW0BFvYZYvnwu6wpF/pWNOhdnhQfTHazNO7bttV6TP+vX0iEJw7G/pXkjpHxBgtGaVSPCNE72kMuO0smgQWh75Sbsyx2lQwqbMxa8XmSFcdmdOl3j5ZcMCc8Jp3gv4dAnATVUCh6mnm4nC1K+fIljTdCCfEQYlRx8vg36oOOgiNDhgLKMFeSp0qv3JfjbVX6fpWFvjgXhoLq5j22wKTceR3WluQTmluw4sOifa6bki434k7HhAA7umVK6qEpSmIWFkXL8ulSYWdrY3pRR0JDnsmnN7Yi9mZ+85Q4z0GDs501KU1t++I4Ehwj1x2zZTfVxzJ8fvB+4dkxAnTIKtgw8jQRQjHkszVJk7ez2/enuj1LT1/obfTTH1EQcWWtJ4JdUdz2NRvzGSln60BIFnZNDGzngIG1bBGR2UrYlKxWbZ7GI3vDWuEhXG45BENxp2nh5x/xv6axuBAB3ttMpdm2LXeUXtgGo7N9e0B3ruY4vzsp7Dj/Zk+5vDlgCvW/LoQ5fBKiPbeRxCsoo29O3j29Mb0cnDRpk9AYr4KK18ake4UFpkpo40JIhzhqwPRAX5f6rFR7RFb4QNwHUsrjCVKXaN20eDEZnsQHg6Y/5AlYVeiI4CiLx8+hi8tib2jvaQM2ZE5LVxPS3hvjQpHuvfLrwPWtWNz7dyGSJUKG55VvF09GUKkQ32Qh7P2v5Cv0M3k0CDBZHK2B2cybfcW6SJi91OIBhydo2JEo0695TxR0P5sutkWFhxG4iy+ZTA4gP9EcTjyfHj46vAmw35ifCJvpOAD4hKcPeL/vCgQPlIaaq+0Pk6j3hUiQSL4txj YwgVbP8m xwUZko6j8SGcLRb7Wc/JmZXx3qQ+ao/nbDNQf91N0KuVzmrsIl0yOU1fGqoQz2gBRwepS+Et/EXpdVPBY0rhBE0tDAwzBzkaenWeRSSDbg7x5Ki1Ekxd5HQoQfaZM0RbsSa+MmdtOYtz9O10NxXi/4goGGDd60y9Wv/oiH1rXz7TRGvlcMveg+SDS4p60eeMkqn6s34U9vLcHIPpWhtjLV++9u4+6oE9Lt8RoqE1yoc96hPWns7sn4B9uas3tvTDLN1kG5BYhSXENChXEkcO33eSg6aUSranf26BjRQpif7MpjerbKc7oCVz3zz9gZU+Pi+3UV0Pa2nOFXnWrvPLYNdLWxxI3hlodsmKm8xokwXvMDHdayWL0qai26xT2NXFftN8yd6hj7DRaxc/5UsscAaOl+h2xs4yfqBTRX7tgR+dcVb/C05EkJF4x0muY73/sHVVzhrrYrNgBJCI= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: If kmemdup() was called with src == NULL, then memcpy() source address is fatal, and if kmemdup() was called with len == 0, kmalloc_track_caller() will return ZERO_SIZE_PTR to variable p, then memcpy() destination address is fatal. Both 2 cases will cause an invalid pointer dereference. Signed-off-by: Xujun Leng --- mm/util.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/mm/util.c b/mm/util.c index dd12b9531ac4..d1a3b3d2988e 100644 --- a/mm/util.c +++ b/mm/util.c @@ -128,6 +128,9 @@ void *kmemdup(const void *src, size_t len, gfp_t gfp) { void *p; + if (!src || len == 0) + return NULL; + p = kmalloc_track_caller(len, gfp); if (p) memcpy(p, src, len); -- 2.25.1