From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Pavel Skripkin <paskripkin@gmail.com>,
"David S. Miller" <davem@davemloft.net>
Subject: [PATCH 5.4 41/78] net: caif: add proper error handling
Date: Tue, 8 Jun 2021 20:27:10 +0200 [thread overview]
Message-ID: <20210608175936.646526509@linuxfoundation.org> (raw)
In-Reply-To: <20210608175935.254388043@linuxfoundation.org>
From: Pavel Skripkin <paskripkin@gmail.com>
commit a2805dca5107d5603f4bbc027e81e20d93476e96 upstream.
caif_enroll_dev() can fail in some cases. Ingnoring
these cases can lead to memory leak due to not assigning
link_support pointer to anywhere.
Fixes: 7c18d2205ea7 ("caif: Restructure how link caif link layer enroll")
Cc: stable@vger.kernel.org
Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/net/caif/caif_dev.h | 2 +-
include/net/caif/cfcnfg.h | 2 +-
net/caif/caif_dev.c | 8 +++++---
net/caif/cfcnfg.c | 16 +++++++++++-----
4 files changed, 18 insertions(+), 10 deletions(-)
--- a/include/net/caif/caif_dev.h
+++ b/include/net/caif/caif_dev.h
@@ -119,7 +119,7 @@ void caif_free_client(struct cflayer *ad
* The link_support layer is used to add any Link Layer specific
* framing.
*/
-void caif_enroll_dev(struct net_device *dev, struct caif_dev_common *caifdev,
+int caif_enroll_dev(struct net_device *dev, struct caif_dev_common *caifdev,
struct cflayer *link_support, int head_room,
struct cflayer **layer, int (**rcv_func)(
struct sk_buff *, struct net_device *,
--- a/include/net/caif/cfcnfg.h
+++ b/include/net/caif/cfcnfg.h
@@ -62,7 +62,7 @@ void cfcnfg_remove(struct cfcnfg *cfg);
* @fcs: Specify if checksum is used in CAIF Framing Layer.
* @head_room: Head space needed by link specific protocol.
*/
-void
+int
cfcnfg_add_phy_layer(struct cfcnfg *cnfg,
struct net_device *dev, struct cflayer *phy_layer,
enum cfcnfg_phy_preference pref,
--- a/net/caif/caif_dev.c
+++ b/net/caif/caif_dev.c
@@ -307,7 +307,7 @@ static void dev_flowctrl(struct net_devi
caifd_put(caifd);
}
-void caif_enroll_dev(struct net_device *dev, struct caif_dev_common *caifdev,
+int caif_enroll_dev(struct net_device *dev, struct caif_dev_common *caifdev,
struct cflayer *link_support, int head_room,
struct cflayer **layer,
int (**rcv_func)(struct sk_buff *, struct net_device *,
@@ -318,11 +318,12 @@ void caif_enroll_dev(struct net_device *
enum cfcnfg_phy_preference pref;
struct cfcnfg *cfg = get_cfcnfg(dev_net(dev));
struct caif_device_entry_list *caifdevs;
+ int res;
caifdevs = caif_device_list(dev_net(dev));
caifd = caif_device_alloc(dev);
if (!caifd)
- return;
+ return -ENOMEM;
*layer = &caifd->layer;
spin_lock_init(&caifd->flow_lock);
@@ -343,7 +344,7 @@ void caif_enroll_dev(struct net_device *
strlcpy(caifd->layer.name, dev->name,
sizeof(caifd->layer.name));
caifd->layer.transmit = transmit;
- cfcnfg_add_phy_layer(cfg,
+ res = cfcnfg_add_phy_layer(cfg,
dev,
&caifd->layer,
pref,
@@ -353,6 +354,7 @@ void caif_enroll_dev(struct net_device *
mutex_unlock(&caifdevs->lock);
if (rcv_func)
*rcv_func = receive;
+ return res;
}
EXPORT_SYMBOL(caif_enroll_dev);
--- a/net/caif/cfcnfg.c
+++ b/net/caif/cfcnfg.c
@@ -450,7 +450,7 @@ unlock:
rcu_read_unlock();
}
-void
+int
cfcnfg_add_phy_layer(struct cfcnfg *cnfg,
struct net_device *dev, struct cflayer *phy_layer,
enum cfcnfg_phy_preference pref,
@@ -459,7 +459,7 @@ cfcnfg_add_phy_layer(struct cfcnfg *cnfg
{
struct cflayer *frml;
struct cfcnfg_phyinfo *phyinfo = NULL;
- int i;
+ int i, res = 0;
u8 phyid;
mutex_lock(&cnfg->lock);
@@ -473,12 +473,15 @@ cfcnfg_add_phy_layer(struct cfcnfg *cnfg
goto got_phyid;
}
pr_warn("Too many CAIF Link Layers (max 6)\n");
+ res = -EEXIST;
goto out;
got_phyid:
phyinfo = kzalloc(sizeof(struct cfcnfg_phyinfo), GFP_ATOMIC);
- if (!phyinfo)
+ if (!phyinfo) {
+ res = -ENOMEM;
goto out_err;
+ }
phy_layer->id = phyid;
phyinfo->pref = pref;
@@ -492,8 +495,10 @@ got_phyid:
frml = cffrml_create(phyid, fcs);
- if (!frml)
+ if (!frml) {
+ res = -ENOMEM;
goto out_err;
+ }
phyinfo->frm_layer = frml;
layer_set_up(frml, cnfg->mux);
@@ -511,11 +516,12 @@ got_phyid:
list_add_rcu(&phyinfo->node, &cnfg->phys);
out:
mutex_unlock(&cnfg->lock);
- return;
+ return res;
out_err:
kfree(phyinfo);
mutex_unlock(&cnfg->lock);
+ return res;
}
EXPORT_SYMBOL(cfcnfg_add_phy_layer);
next prev parent reply other threads:[~2021-06-08 18:49 UTC|newest]
Thread overview: 87+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-08 18:26 [PATCH 5.4 00/78] 5.4.125-rc1 review Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 5.4 01/78] btrfs: tree-checker: do not error out if extent ref hash doesnt match Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 5.4 02/78] net: usb: cdc_ncm: dont spew notifications Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 5.4 03/78] ALSA: usb: update old-style static const declaration Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 5.4 04/78] nl80211: validate key indexes for cfg80211_registered_device Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 5.4 05/78] hwmon: (dell-smm-hwmon) Fix index values Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 5.4 06/78] netfilter: conntrack: unregister ipv4 sockopts on error unwind Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 5.4 07/78] efi: Allow EFI_MEMORY_XP and EFI_MEMORY_RO both to be cleared Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 5.4 08/78] efi: cper: fix snprintf() use in cper_dimm_err_location() Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 5.4 09/78] vfio/pci: Fix error return code in vfio_ecap_init() Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 5.4 10/78] vfio/pci: zap_vma_ptes() needs MMU Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 5.4 11/78] samples: vfio-mdev: fix error handing in mdpy_fb_probe() Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 5.4 12/78] vfio/platform: fix module_put call in error flow Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 5.4 13/78] ipvs: ignore IP_VS_SVC_F_HASHED flag when adding service Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 5.4 14/78] HID: pidff: fix error return code in hid_pidff_init() Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 5.4 15/78] HID: i2c-hid: fix format string mismatch Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 5.4 16/78] net/sched: act_ct: Fix ct template allocation for zone 0 Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 5.4 17/78] ACPICA: Clean up context mutex during object deletion Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 5.4 18/78] netfilter: nft_ct: skip expectations for confirmed conntrack Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 5.4 19/78] netfilter: nfnetlink_cthelper: hit EBUSY on updates if size mismatches Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 5.4 20/78] ieee802154: fix error return code in ieee802154_add_iface() Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 5.4 21/78] ieee802154: fix error return code in ieee802154_llsec_getparams() Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 5.4 22/78] ixgbevf: add correct exception tracing for XDP Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 5.4 23/78] ipv6: Fix KASAN: slab-out-of-bounds Read in fib6_nh_flush_exceptions Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 5.4 24/78] ice: write register with correct offset Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 5.4 25/78] ice: Fix VFR issues for AVF drivers that expect ATQLEN cleared Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 5.4 26/78] ice: Allow all LLDP packets from PF to Tx Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 5.4 27/78] i2c: qcom-geni: Add shutdown callback for i2c Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 5.4 28/78] i40e: optimize for XDP_REDIRECT in xsk path Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 5.4 29/78] i40e: add correct exception tracing for XDP Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 5.4 30/78] arm64: dts: ls1028a: fix memory node Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 5.4 31/78] arm64: dts: zii-ultra: fix 12V_MAIN voltage Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 5.4 32/78] ARM: dts: imx7d-meerkat96: Fix the tuning-step property Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 5.4 33/78] ARM: dts: imx7d-pico: " Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 5.4 34/78] ARM: dts: imx: emcon-avari: Fix nxp,pca8574 #gpio-cells Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 5.4 35/78] bus: ti-sysc: Fix flakey idling of uarts and stop using swsup_sidle_act Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 5.4 36/78] tipc: add extack messages for bearer/media failure Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 5.4 37/78] tipc: fix unique bearer names sanity check Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 5.4 38/78] Bluetooth: fix the erroneous flush_work() order Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 5.4 39/78] Bluetooth: use correct lock to prevent UAF of hdev object Greg Kroah-Hartman
2021-06-14 14:15 ` Eric Dumazet
2021-06-16 15:01 ` Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 5.4 40/78] net: caif: added cfserl_release function Greg Kroah-Hartman
2021-06-08 18:27 ` Greg Kroah-Hartman [this message]
2021-06-08 18:27 ` [PATCH 5.4 42/78] net: caif: fix memory leak in caif_device_notify Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 5.4 43/78] net: caif: fix memory leak in cfusbl_device_notify Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 5.4 44/78] HID: i2c-hid: Skip ELAN power-on command after reset Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 5.4 45/78] HID: magicmouse: fix NULL-deref on disconnect Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 5.4 46/78] HID: multitouch: require Finger field to mark Win8 reports as MT Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 5.4 47/78] ALSA: timer: Fix master timer notification Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 5.4 48/78] ALSA: hda: Fix for mute key LED for HP Pavilion 15-CK0xx Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 5.4 49/78] ARM: dts: imx6dl-yapp4: Fix RGMII connection to QCA8334 switch Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 5.4 50/78] ARM: dts: imx6q-dhcom: Add PU,VDD1P1,VDD2P5 regulators Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 5.4 51/78] ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 5.4 52/78] usb: dwc2: Fix build in periphal-only mode Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 5.4 53/78] pid: take a reference when initializing `cad_pid` Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 5.4 54/78] ocfs2: fix data corruption by fallocate Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 5.4 55/78] nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 5.4 56/78] drm/amdgpu: Dont query CE and UE errors Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 5.4 57/78] drm/amdgpu: make sure we unpin the UVD BO Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 5.4 58/78] x86/apic: Mark _all_ legacy interrupts when IO/APIC is missing Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 5.4 59/78] btrfs: mark ordered extent and inode with error if we fail to finish Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 5.4 60/78] btrfs: fix error handling in btrfs_del_csums Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 5.4 61/78] btrfs: return errors from btrfs_del_csums in cleanup_ref_head Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 5.4 62/78] btrfs: fixup error handling in fixup_inode_link_counts Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 5.4 63/78] mm, hugetlb: fix simple resv_huge_pages underflow on UFFDIO_COPY Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 5.4 64/78] bnxt_en: Remove the setting of dev_port Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 5.4 65/78] mm: add thp_order Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 5.4 66/78] XArray: add xa_get_order Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 5.4 67/78] XArray: add xas_split Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 5.4 68/78] mm/filemap: fix storing to a THP shadow entry Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 5.4 69/78] btrfs: fix unmountable seed device after fstrim Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 5.4 70/78] KVM: SVM: Truncate GPR value for DR and CR accesses in !64-bit mode Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 5.4 71/78] KVM: arm64: Fix debug register indexing Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 5.4 72/78] x86/kvm: Teardown PV features on boot CPU as well Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 5.4 73/78] x86/kvm: Disable kvmclock on all CPUs on shutdown Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 5.4 74/78] x86/kvm: Disable all PV features on crash Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 5.4 75/78] lib/lz4: explicitly support in-place decompression Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 5.4 76/78] xen-pciback: redo VF placement in the virtual topology Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 5.4 77/78] i2c: qcom-geni: Suspend and resume the bus during SYSTEM_SLEEP_PM ops Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 5.4 78/78] neighbour: allow NUD_NOARP entries to be forced GCed Greg Kroah-Hartman
2021-06-09 2:55 ` [PATCH 5.4 00/78] 5.4.125-rc1 review Shuah Khan
2021-06-09 9:33 ` Jon Hunter
2021-06-09 10:15 ` Naresh Kamboju
2021-06-09 18:40 ` Florian Fainelli
2021-06-09 18:49 ` Guenter Roeck
2021-06-10 9:01 ` Sudip Mukherjee
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210608175936.646526509@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=davem@davemloft.net \
--cc=linux-kernel@vger.kernel.org \
--cc=paskripkin@gmail.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).