Commit 053b5f8d authored Mar 14, 2024 by Kunwu Chan Committed by Peng Zhang Mar 14, 2024

powerpc/mm: Fix null-pointer dereference in pgtable_cache_add

mainline inclusion
from mainline-v6.8-rc1
commit f46c8a75263f97bda13c739ba1c90aced0d3b071
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I96GP1
CVE: CVE-2023-52607

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f46c8a75263f97bda13c739ba1c90aced0d3b071



------------------------------------------------------

kasprintf() returns a pointer to dynamically allocated memory
which can be NULL upon failure. Ensure the allocation was successful
by checking the pointer validity.

Suggested-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Suggested-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Kunwu Chan <chentao@kylinos.cn>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://msgid.link/20231204023223.2447523-1-chentao@kylinos.cn


Signed-off-by: ZhangPeng <zhangpeng362@huawei.com>

parent caa1ae20

arch/powerpc/mm/init-common.c

+3 −2

Original line number	Diff line number	Diff line
		@@ -111,7 +111,7 @@ void pgtable_cache_add(unsigned int shift)
		* as to leave enough 0 bits in the address to contain it. */
		unsigned long minalign = max(MAX_PGTABLE_INDEX_SIZE + 1,
		HUGEPD_SHIFT_MASK + 1);
		struct kmem_cache *new;
		struct kmem_cache *new = NULL;

		/* It would be nice if this was a BUILD_BUG_ON(), but at the
		* moment, gcc doesn't seem to recognize is_power_of_2 as a
		@@ -124,6 +124,7 @@ void pgtable_cache_add(unsigned int shift)

		align = max_t(unsigned long, align, minalign);
		name = kasprintf(GFP_KERNEL, "pgtable-2^%d", shift);
		if (name)
		new = kmem_cache_create(name, table_size, align, 0, ctor(shift));
		if (!new)
		panic("Could not allocate pgtable cache for order %d", shift);