diff mbox series

scripts/mod/modpost: fix null pointer dereference

Message ID 20240215141321.899675-1-max.kellermann@ionos.com (mailing list archive)
State New, archived
Headers show
Series scripts/mod/modpost: fix null pointer dereference | expand

Commit Message

Max Kellermann Feb. 15, 2024, 2:13 p.m. UTC
If the find_fromsym() call fails and returns NULL, the warn() call
will dereference this NULL pointer and cause the program to crash.

This happened when I tried to build with "test_user_copy" module.
With this fix, it prints lots of warnings like this:

 WARNING: modpost: lib/test_user_copy: section mismatch in reference: (unknown)+0x4 (section: .text.fixup) -> (unknown) (section: .init.text)

Signed-off-by: Max Kellermann <max.kellermann@ionos.com>
---
 scripts/mod/modpost.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

Comments

Masahiro Yamada Feb. 17, 2024, 12:24 p.m. UTC | #1
On Thu, Feb 15, 2024 at 11:13 PM Max Kellermann
<max.kellermann@ionos.com> wrote:
>
> If the find_fromsym() call fails and returns NULL, the warn() call
> will dereference this NULL pointer and cause the program to crash.
>
> This happened when I tried to build with "test_user_copy" module.


Can you describe the steps to reproduce it?


I set CONFIG_TEST_USER_COPY=m, but I could not
reproduce it.




> With this fix, it prints lots of warnings like this:
>
>  WARNING: modpost: lib/test_user_copy: section mismatch in reference: (unknown)+0x4 (section: .text.fixup) -> (unknown) (section: .init.text)
>
> Signed-off-by: Max Kellermann <max.kellermann@ionos.com>
> ---
>  scripts/mod/modpost.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c
> index bf7c4b4b5ff4..6b37039c9e92 100644
> --- a/scripts/mod/modpost.c
> +++ b/scripts/mod/modpost.c
> @@ -1050,7 +1050,9 @@ static void default_mismatch_handler(const char *modname, struct elf_info *elf,
>         sec_mismatch_count++;
>
>         warn("%s: section mismatch in reference: %s+0x%x (section: %s) -> %s (section: %s)\n",
> -            modname, fromsym, (unsigned int)(faddr - from->st_value), fromsec, tosym, tosec);
> +            modname, fromsym,
> +            (unsigned int)(faddr - (from ? from->st_value : 0)),
> +            fromsec, tosym, tosec);
>
>         if (mismatch->mismatch == EXTABLE_TO_NON_TEXT) {
>                 if (match(tosec, mismatch->bad_tosec))
> --
> 2.39.2
>
Max Kellermann Feb. 17, 2024, 3:02 p.m. UTC | #2
On Sat, Feb 17, 2024 at 1:24 PM Masahiro Yamada <masahiroy@kernel.org> wrote:
> Can you describe the steps to reproduce it?

This crash occurred while I was testing an (unrelated) patch set with
"randconfig" in a loop. Unfortunately, I don't have that config
anymore, sorry.
Max Kellermann March 12, 2024, 9:51 a.m. UTC | #3
On Sat, Feb 17, 2024 at 1:24 PM Masahiro Yamada <masahiroy@kernel.org> wrote:
> Can you describe the steps to reproduce it?
>
> I set CONFIG_TEST_USER_COPY=m, but I could not
> reproduce it.

I have just reproduced (and logged) it - with "ARCH=arm randconfig
KCONFIG_SEED=0xDD5A884F". Config file attached.
Masahiro Yamada March 18, 2024, 5:31 p.m. UTC | #4
On Tue, Mar 12, 2024 at 6:51 PM Max Kellermann <max.kellermann@ionos.com> wrote:
>
> On Sat, Feb 17, 2024 at 1:24 PM Masahiro Yamada <masahiroy@kernel.org> wrote:
> > Can you describe the steps to reproduce it?
> >
> > I set CONFIG_TEST_USER_COPY=m, but I could not
> > reproduce it.
>
> I have just reproduced (and logged) it - with "ARCH=arm randconfig
> KCONFIG_SEED=0xDD5A884F". Config file attached.


Thanks for the test case. I confirmed that.

Applied to linux-kbuild.
diff mbox series

Patch

diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c
index bf7c4b4b5ff4..6b37039c9e92 100644
--- a/scripts/mod/modpost.c
+++ b/scripts/mod/modpost.c
@@ -1050,7 +1050,9 @@  static void default_mismatch_handler(const char *modname, struct elf_info *elf,
 	sec_mismatch_count++;
 
 	warn("%s: section mismatch in reference: %s+0x%x (section: %s) -> %s (section: %s)\n",
-	     modname, fromsym, (unsigned int)(faddr - from->st_value), fromsec, tosym, tosec);
+	     modname, fromsym,
+	     (unsigned int)(faddr - (from ? from->st_value : 0)),
+	     fromsec, tosym, tosec);
 
 	if (mismatch->mismatch == EXTABLE_TO_NON_TEXT) {
 		if (match(tosec, mismatch->bad_tosec))