NULL-pointer dereference in ELF core dump, and proposed fix

public inbox for linuxppc-dev@ozlabs.org 
 help / color / mirror / Atom feed

From: John Whitney <john.whitney@timesys•com>
To: "Mailing List: linuxppc-dev" <linuxppc-dev@lists•linuxppc.org>
Subject: NULL-pointer dereference in ELF core dump, and proposed fix
Date: Tue, 23 Dec 2003 09:46:19 -0500	[thread overview]
Message-ID: <BC0DBF6B.3126%john.whitney@timesys.com> (raw)

Hello,

As stated in the subject, I've found a NULL-pointer dereference in the ELF
core dump code path, and wanted comments on my proposed solution.

In fs/binfmt_elf.c, elf_core_dump() calls elf_dump_thread_status().
elf_dump_thread_status calls elf_core_copy_task_fpregs() (elfcore.h), with a
second parameter (struct pt_regs *regs) of NULL.

This inlined routine in turn calls dump_fpu() (arch/ppc/kernel/process.c),
again with a NULL "regs" parameter.

dump_fpu immediately dereferences the regs parameter with the line:

if (regs->msr & MSR_FP)
    giveup_fpu (current);

This, obviously, causes a kernel oops.  My proposed solution to this problem
is to change the above line of code to

if (last_task_used_math == current)
    giveup_fpu (current);

Anyone see any problems with this change?

Thanks,
John Whitney

** Sent via the linuxppc-dev mail list. See http://lists.linuxppc.org/

next             reply	other threads:[~2003-12-23 14:46 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-12-23 14:46 John Whitney [this message]
2003-12-24  3:51 ` NULL-pointer dereference in ELF core dump, and proposed fix Benjamin Herrenschmidt
2003-12-30  6:34   ` A question on kernel clock: John Zhou
2003-12-30 10:22     ` Wolfgang Denk
2003-12-30 10:45       ` John Zhou
2003-12-30 18:49         ` Wolfgang Denk
2003-12-30 21:07           ` Dale Harris
2003-12-30 21:40             ` Wolfgang Denk
2003-12-31  4:15               ` John Zhou
2003-12-31  2:44           ` John Zhou
2003-12-31  2:44           ` about small dhcp client/server and http client/server John Zhou

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=BC0DBF6B.3126%john.whitney@timesys.com \
    --to=john.whitney@timesys$(echo .)com \
    --cc=linuxppc-dev@lists$(echo .)linuxppc.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox