| Message ID | 20240215141321.899675-1-max.kellermann@ionos.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | scripts/mod/modpost: fix null pointer dereference | expand |
On Thu, Feb 15, 2024 at 11:13 PM Max Kellermann <max.kellermann@ionos.com> wrote: > > If the find_fromsym() call fails and returns NULL, the warn() call > will dereference this NULL pointer and cause the program to crash. > > This happened when I tried to build with "test_user_copy" module. Can you describe the steps to reproduce it? I set CONFIG_TEST_USER_COPY=m, but I could not reproduce it. > With this fix, it prints lots of warnings like this: > > WARNING: modpost: lib/test_user_copy: section mismatch in reference: (unknown)+0x4 (section: .text.fixup) -> (unknown) (section: .init.text) > > Signed-off-by: Max Kellermann <max.kellermann@ionos.com> > --- > scripts/mod/modpost.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c > index bf7c4b4b5ff4..6b37039c9e92 100644 > --- a/scripts/mod/modpost.c > +++ b/scripts/mod/modpost.c > @@ -1050,7 +1050,9 @@ static void default_mismatch_handler(const char *modname, struct elf_info *elf, > sec_mismatch_count++; > > warn("%s: section mismatch in reference: %s+0x%x (section: %s) -> %s (section: %s)\n", > - modname, fromsym, (unsigned int)(faddr - from->st_value), fromsec, tosym, tosec); > + modname, fromsym, > + (unsigned int)(faddr - (from ? from->st_value : 0)), > + fromsec, tosym, tosec); > > if (mismatch->mismatch == EXTABLE_TO_NON_TEXT) { > if (match(tosec, mismatch->bad_tosec)) > -- > 2.39.2 >
On Sat, Feb 17, 2024 at 1:24 PM Masahiro Yamada <masahiroy@kernel.org> wrote:
> Can you describe the steps to reproduce it?
This crash occurred while I was testing an (unrelated) patch set with
"randconfig" in a loop. Unfortunately, I don't have that config
anymore, sorry.
On Sat, Feb 17, 2024 at 1:24 PM Masahiro Yamada <masahiroy@kernel.org> wrote: > Can you describe the steps to reproduce it? > > I set CONFIG_TEST_USER_COPY=m, but I could not > reproduce it. I have just reproduced (and logged) it - with "ARCH=arm randconfig KCONFIG_SEED=0xDD5A884F". Config file attached.
On Tue, Mar 12, 2024 at 6:51 PM Max Kellermann <max.kellermann@ionos.com> wrote: > > On Sat, Feb 17, 2024 at 1:24 PM Masahiro Yamada <masahiroy@kernel.org> wrote: > > Can you describe the steps to reproduce it? > > > > I set CONFIG_TEST_USER_COPY=m, but I could not > > reproduce it. > > I have just reproduced (and logged) it - with "ARCH=arm randconfig > KCONFIG_SEED=0xDD5A884F". Config file attached. Thanks for the test case. I confirmed that. Applied to linux-kbuild.
diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c index bf7c4b4b5ff4..6b37039c9e92 100644 --- a/scripts/mod/modpost.c +++ b/scripts/mod/modpost.c @@ -1050,7 +1050,9 @@ static void default_mismatch_handler(const char *modname, struct elf_info *elf, sec_mismatch_count++; warn("%s: section mismatch in reference: %s+0x%x (section: %s) -> %s (section: %s)\n", - modname, fromsym, (unsigned int)(faddr - from->st_value), fromsec, tosym, tosec); + modname, fromsym, + (unsigned int)(faddr - (from ? from->st_value : 0)), + fromsec, tosym, tosec); if (mismatch->mismatch == EXTABLE_TO_NON_TEXT) { if (match(tosec, mismatch->bad_tosec))
If the find_fromsym() call fails and returns NULL, the warn() call will dereference this NULL pointer and cause the program to crash. This happened when I tried to build with "test_user_copy" module. With this fix, it prints lots of warnings like this: WARNING: modpost: lib/test_user_copy: section mismatch in reference: (unknown)+0x4 (section: .text.fixup) -> (unknown) (section: .init.text) Signed-off-by: Max Kellermann <max.kellermann@ionos.com> --- scripts/mod/modpost.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)