From nobody Sun Feb 8 00:12:01 2026 Received: from mail-pf1-f175.google.com (mail-pf1-f175.google.com [209.85.210.175]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6EA0E7260F for ; Tue, 3 Feb 2026 02:04:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.175 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1770084248; cv=none; b=h0iMYDUGxx9crUMLQdcsfR+UTSHBhwbLDIlNVHGoYT3LVIUW0gnWIZsTZ2rodMIAqdb4qNkOMq3GBi0cw4a3w77Jov7saUVZHVwfOVrE9xXVx8IBeOPJ+h6QeALYGJW08AeUKXKYRX3JgPO2cq3Bu45wdTywG+8RLoBts0qvxvw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1770084248; c=relaxed/simple; bh=6C1SR84yN6FqnhvKGEelh/3b2JiW/+3WB3x48bWYaUs=; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version; b=WHvYBFK/SjN5wyuPj1JK/rTzD1FfeUSDLOsWqB33qFtt24kfXjNvX7+M5hqVbEQsACkDuEEeFZQdx8wyCNnQGh5ZL7aKD1RCfSCpKU7uViTRAxlsZak1Wwj2B7ugWqPDT070hU4llN21+W65JZ8V+bLcpZ3Y8pB5Dd4SYMlypmE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=IOIPMoCj; arc=none smtp.client-ip=209.85.210.175 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="IOIPMoCj" Received: by mail-pf1-f175.google.com with SMTP id d2e1a72fcca58-8220bd582ddso2960305b3a.2 for ; Mon, 02 Feb 2026 18:04:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1770084247; x=1770689047; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=RXoNt3OMv0JZ1pvXPN5KfReeelCsaduQQtB03taw4dE=; b=IOIPMoCjlV3fYg8G+22PPmuNk4bNnHO9yE9F80q34UbUWhnqUUuBBcSEk5x1toSbP2 Vl4XyP1yvZ3gQ5OxoM54SDZcfQySNjVpXZtBqA9FJhQrt9c0xbjfqcuyqYFwKI7stcIU icDzt/bm2tQbNa6DEilKYplxYE/hqAlxCdOLdhTJ06WFER5+e1EYh6jSzITS5yikAImK 2XpkEOUFTKPoLg6nnqPdb5yTW5c2okFkXzcCHtMzRwTNlF2vEC6JjUYnnOx3zovM7UnT x75aSB4E6lkehb8ZE7NXUuntQ+md0oKMDq5d1By0fMyKaxOkmCguULdke9pedE4dygLP R+4A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770084247; x=1770689047; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=RXoNt3OMv0JZ1pvXPN5KfReeelCsaduQQtB03taw4dE=; b=lSQZbP3rD6wxXz7Cftsz5gSn64dzlDpvcDZxV3UwLURg+F5lNh1BGgVRtVvuPvnkBK Cox/PrOlIYLEdHQ4Fnljo8//X7hCbHX5EwFKuzf/6n/p888vms0WwZOiZNhpp0yLQkdb vCvK2ue8NpJcU4fcg0u1tJ3ts0H9+e5UMsrvtBm5SiVKxjVwIleva44661ISZMjYKua0 yLDQxCDtKNSJeHYLjiCfWEB7CKYJSQA0ggaBEN5mGEpCYNX3ZOolsHrLQQgeHjf4Tr2B kFbnIg+DPOOUV8xnrBlGTrUq1GMPfVTXWQYWedfOPnUqDSSwRSh6gOxcaHSdH8uxm6UT Bbkw== X-Forwarded-Encrypted: i=1; AJvYcCVicSdloQZdWJe0O999cRwFQLnfEBlxG3Tc8NyXjnF2wL4Sd9ayzB8YhmLoRCsPOq72y3tQmb5n22A7XUE=@vger.kernel.org X-Gm-Message-State: AOJu0Yx2jPGUduiF/bK2xd7zFi9FLDOIPxEskBHCCsa6wpaDg1Z1eY8B k39PswPftt3z+klcxP126oP9npPNOtiZjEtlqEFeEUgT2frKHi0hrXzO X-Gm-Gg: AZuq6aKwGJh7IBFW2gli4YAPydX3JfLvHsuiaRcTPa2Lns43R5gRHT4sm2JxyqmTsaY lx1wQCfS5ErSRtPOW1AIG7waHUjz2lV9wiJX85ZCdirqENPM77lH6GjfiF7kNenR1ILFzPA0NvX 7npdu4Dogekt/YXAqEUXXpbqau6mpJtRg7stZqeDdZlG+oJlOoIcPO/i5yZv+u7GPxq+AgWlZaq r3GVtVnKTynOPC6X2n4wbwGeAZX26UFJjlZLas3Pfh/dzz4xyZmZZAYRjYaFK1BlOyNRrsv+jyK opsXXHU5fOWQjrKuW0t9DrV3CO49FrPqocxSXFHUnBM9X3dXAUB1q9IuNCTLKzhbnaYAX3HgQlz ni5E41ttz0GPLEJOhoeIRgrEQFjOZ8JcXr7Ba05kqWtrOIRyxqULxk0PzLnkDTRUAY4ob1fGp69 2zo45IXNkUMws/bnFdp9KInw6s/D2I8BRH/GGeSj/I6ABt6UlpZ4RkboM= X-Received: by 2002:a05:6a00:8d96:b0:81f:be3c:9c9e with SMTP id d2e1a72fcca58-823aa959df6mr12562945b3a.33.1770084246793; Mon, 02 Feb 2026 18:04:06 -0800 (PST) Received: from lixiang-ThinkCentre-M755e-N000.company.local ([210.184.73.204]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-82379c521cdsm15950496b3a.62.2026.02.02.18.04.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 02 Feb 2026 18:04:06 -0800 (PST) From: ruipengqi To: kees@kernel.org Cc: tony.luck@intel.com, gpiccoli@igalia.com, linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org, Ruipeng Qi Subject: [PATCH] pstore: ram_core: fix incorrect success return when vmap() fails Date: Tue, 3 Feb 2026 10:03:58 +0800 Message-Id: <20260203020358.3315299-1-ruipengqi3@gmail.com> X-Mailer: git-send-email 2.25.1 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ruipeng Qi In persistent_ram_vmap(), vmap() may return NULL on failure. If offset is non-zero, adding offset_in_page(start) causes the function to return a non-NULL pointer even though the mapping failed. persistent_ram_buffer_map() therefore incorrectly returns success. Subsequent access to prz->buffer may dereference an invalid address and cause crashes. Add proper NULL checking for vmap() failures. Signed-off-by: Ruipeng Qi --- fs/pstore/ram_core.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/fs/pstore/ram_core.c b/fs/pstore/ram_core.c index f1848cdd6d34..f8b9b47e8b24 100644 --- a/fs/pstore/ram_core.c +++ b/fs/pstore/ram_core.c @@ -446,6 +446,13 @@ static void *persistent_ram_vmap(phys_addr_t start, si= ze_t size, vaddr =3D vmap(pages, page_count, VM_MAP | VM_IOREMAP, prot); kfree(pages); =20 + /* + * vmap() may fail and return NULL. Do not add the offset in this + * case, otherwise a NULL mapping would appear successful. + */ + if (!vaddr) + return NULL; + /* * Since vmap() uses page granularity, we must add the offset * into the page here, to get the byte granularity address --=20 2.25.1