On Wed, 7 Jun 2023 15:24:27 +0200 Roberto Sassu roberto.sassu@huaweicloud.com wrote:
From: Roberto Sassu roberto.sassu@huawei.com
Ensure that file_seals is non-NULL before using it in the memfd_create() syscall. One situation in which memfd_file_seals_ptr() could return a NULL pointer is when CONFIG_SHMEM=n.
Thanks. Has thie crash actually been demonstrated?
--- a/mm/memfd.c +++ b/mm/memfd.c @@ -371,12 +371,15 @@ SYSCALL_DEFINE2(memfd_create, inode->i_mode &= ~0111; file_seals = memfd_file_seals_ptr(file);
*file_seals &= ~F_SEAL_SEAL;
*file_seals |= F_SEAL_EXEC;
if (file_seals) {
*file_seals &= ~F_SEAL_SEAL;
*file_seals |= F_SEAL_EXEC;
} else if (flags & MFD_ALLOW_SEALING) { /* MFD_EXEC and MFD_ALLOW_SEALING are set */ file_seals = memfd_file_seals_ptr(file);}
*file_seals &= ~F_SEAL_SEAL;
if (file_seals)
}*file_seals &= ~F_SEAL_SEAL;
fd_install(fd, file);