All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] dm-region-hash: fix a missing-check bug in __rh_alloc()
@ 2019-05-27  0:50 Gen Zhang
  2019-05-27  1:49 ` Mike Snitzer
  0 siblings, 1 reply; 5+ messages in thread
From: Gen Zhang @ 2019-05-27  0:50 UTC (permalink / raw)
  To: agk, snitzer; +Cc: dm-devel, linux-kernel

In function __rh_alloc(), the pointer nreg is allocated a memory space
via kmalloc(). And it is used in the following codes. However, when 
there is a memory allocation error, kmalloc() fails. Thus null pointer
dereference may happen. And it will cause the kernel to crash. Therefore,
we should check the return value and handle the error.
Further, in __rh_find(), we should also check the return value and
handle the error.

Signed-off-by: Gen Zhang <blackgod016574@gmail.com>
---
diff --git a/drivers/md/dm-region-hash.c b/drivers/md/dm-region-hash.c
index 1f76045..2fa1641 100644
--- a/drivers/md/dm-region-hash.c
+++ b/drivers/md/dm-region-hash.c
@@ -290,8 +290,11 @@ static struct dm_region *__rh_alloc(struct dm_region_hash *rh, region_t region)
 	struct dm_region *reg, *nreg;
 
 	nreg = mempool_alloc(&rh->region_pool, GFP_ATOMIC);
-	if (unlikely(!nreg))
+	if (unlikely(!nreg)) {
 		nreg = kmalloc(sizeof(*nreg), GFP_NOIO | __GFP_NOFAIL);
+		if (!nreg)
+			return NULL;
+	}
 
 	nreg->state = rh->log->type->in_sync(rh->log, region, 1) ?
 		      DM_RH_CLEAN : DM_RH_NOSYNC;
@@ -329,6 +332,8 @@ static struct dm_region *__rh_find(struct dm_region_hash *rh, region_t region)
 	if (!reg) {
 		read_unlock(&rh->hash_lock);
 		reg = __rh_alloc(rh, region);
+		if (!reg)
+			return NULL;
 		read_lock(&rh->hash_lock);
 	}
 
---

^ permalink raw reply related	[flat|nested] 5+ messages in thread
* Re: dm-region-hash: fix a missing-check bug in __rh_alloc()
  2019-05-27  0:50 [PATCH] dm-region-hash: fix a missing-check bug in __rh_alloc() Gen Zhang
@ 2019-05-27  1:49 ` Mike Snitzer
  2019-05-27  3:12   ` Gen Zhang
  0 siblings, 1 reply; 5+ messages in thread
From: Mike Snitzer @ 2019-05-27  1:49 UTC (permalink / raw)
  To: Gen Zhang; +Cc: agk, dm-devel, linux-kernel

On Sun, May 26 2019 at  8:50pm -0400,
Gen Zhang <blackgod016574@gmail.com> wrote:

> In function __rh_alloc(), the pointer nreg is allocated a memory space
> via kmalloc(). And it is used in the following codes. However, when 
> there is a memory allocation error, kmalloc() fails. Thus null pointer
> dereference may happen. And it will cause the kernel to crash. Therefore,
> we should check the return value and handle the error.
> Further, in __rh_find(), we should also check the return value and
> handle the error.
> 
> Signed-off-by: Gen Zhang <blackgod016574@gmail.com>
> ---
> diff --git a/drivers/md/dm-region-hash.c b/drivers/md/dm-region-hash.c
> index 1f76045..2fa1641 100644
> --- a/drivers/md/dm-region-hash.c
> +++ b/drivers/md/dm-region-hash.c
> @@ -290,8 +290,11 @@ static struct dm_region *__rh_alloc(struct dm_region_hash *rh, region_t region)
>  	struct dm_region *reg, *nreg;
>  
>  	nreg = mempool_alloc(&rh->region_pool, GFP_ATOMIC);
> -	if (unlikely(!nreg))
> +	if (unlikely(!nreg)) {
>  		nreg = kmalloc(sizeof(*nreg), GFP_NOIO | __GFP_NOFAIL);
> +		if (!nreg)
> +			return NULL;
> +	}
>  
>  	nreg->state = rh->log->type->in_sync(rh->log, region, 1) ?
>  		      DM_RH_CLEAN : DM_RH_NOSYNC;

This patch isn't needed.  __GFP_NOFAIL means the allocation won't fail.

And there are many other users of __GFP_NOFAIL that don't check for
failure.  

Mike

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: dm-region-hash: fix a missing-check bug in __rh_alloc()
  2019-05-27  1:49 ` Mike Snitzer
@ 2019-05-27  3:12   ` Gen Zhang
  0 siblings, 0 replies; 5+ messages in thread
From: Gen Zhang @ 2019-05-27  3:12 UTC (permalink / raw)
  To: Mike Snitzer; +Cc: agk, dm-devel, linux-kernel

On Sun, May 26, 2019 at 09:49:14PM -0400, Mike Snitzer wrote:
> On Sun, May 26 2019 at  8:50pm -0400,
> Gen Zhang <blackgod016574@gmail.com> wrote:
> 
> > In function __rh_alloc(), the pointer nreg is allocated a memory space
> > via kmalloc(). And it is used in the following codes. However, when 
> > there is a memory allocation error, kmalloc() fails. Thus null pointer
> > dereference may happen. And it will cause the kernel to crash. Therefore,
> > we should check the return value and handle the error.
> > Further, in __rh_find(), we should also check the return value and
> > handle the error.
> > 
> > Signed-off-by: Gen Zhang <blackgod016574@gmail.com>
> > ---
> > diff --git a/drivers/md/dm-region-hash.c b/drivers/md/dm-region-hash.c
> > index 1f76045..2fa1641 100644
> > --- a/drivers/md/dm-region-hash.c
> > +++ b/drivers/md/dm-region-hash.c
> > @@ -290,8 +290,11 @@ static struct dm_region *__rh_alloc(struct dm_region_hash *rh, region_t region)
> >  	struct dm_region *reg, *nreg;
> >  
> >  	nreg = mempool_alloc(&rh->region_pool, GFP_ATOMIC);
> > -	if (unlikely(!nreg))
> > +	if (unlikely(!nreg)) {
> >  		nreg = kmalloc(sizeof(*nreg), GFP_NOIO | __GFP_NOFAIL);
> > +		if (!nreg)
> > +			return NULL;
> > +	}
> >  
> >  	nreg->state = rh->log->type->in_sync(rh->log, region, 1) ?
> >  		      DM_RH_CLEAN : DM_RH_NOSYNC;
> 
> This patch isn't needed.  __GFP_NOFAIL means the allocation won't fail.
> 
> And there are many other users of __GFP_NOFAIL that don't check for
> failure.  
> 
> Mike
Appreciate your reply, Mike.

Thanks
Gen

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH] dm-region-hash: Fix a missing-check bug in __rh_alloc()
  2019-05-24  3:12 [PATCH] dm-region-hash: Fix " Gen Zhang
@ 2019-06-05  6:05 ` Jiri Slaby
  0 siblings, 0 replies; 5+ messages in thread
From: Jiri Slaby @ 2019-06-05  6:05 UTC (permalink / raw)
  To: Gen Zhang, agk, snitzer, dm-devel; +Cc: linux-kernel

On 24. 05. 19, 5:12, Gen Zhang wrote:
> In function __rh_alloc(), the pointer nreg is allocated a memory space
> via kmalloc(). And it is used in the following codes. However, when 
> there is a memory allocation error, kmalloc() fails. Thus null pointer
> dereference may happen. And it will cause the kernel to crash. Therefore,
> we should check the return value and handle the error.
> Further, in __rh_find(), we should also check the return value and
> handle the error.
> 
> Signed-off-by: Gen Zhang <blackgod016574@gmail.com>
> 
> ---
> diff --git a/drivers/md/dm-region-hash.c b/drivers/md/dm-region-hash.c
> index 1f76045..2fa1641 100644
> --- a/drivers/md/dm-region-hash.c
> +++ b/drivers/md/dm-region-hash.c
> @@ -290,8 +290,11 @@ static struct dm_region *__rh_alloc(struct dm_region_hash *rh, region_t region)
>  	struct dm_region *reg, *nreg;
>  
>  	nreg = mempool_alloc(&rh->region_pool, GFP_ATOMIC);
> -	if (unlikely(!nreg))
> +	if (unlikely(!nreg)) {
>  		nreg = kmalloc(sizeof(*nreg), GFP_NOIO | __GFP_NOFAIL);
> +		if (!nreg)
> +			return NULL;

What's the purpose of checking NO_FAIL allocations?

thanks,
-- 
js
suse labs

^ permalink raw reply	[flat|nested] 5+ messages in thread
* [PATCH] dm-region-hash: Fix a missing-check bug in __rh_alloc()
@ 2019-05-24  3:12 Gen Zhang
  2019-06-05  6:05 ` Jiri Slaby
  0 siblings, 1 reply; 5+ messages in thread
From: Gen Zhang @ 2019-05-24  3:12 UTC (permalink / raw)
  To: agk, snitzer, dm-devel; +Cc: linux-kernel

In function __rh_alloc(), the pointer nreg is allocated a memory space
via kmalloc(). And it is used in the following codes. However, when 
there is a memory allocation error, kmalloc() fails. Thus null pointer
dereference may happen. And it will cause the kernel to crash. Therefore,
we should check the return value and handle the error.
Further, in __rh_find(), we should also check the return value and
handle the error.

Signed-off-by: Gen Zhang <blackgod016574@gmail.com>

---
diff --git a/drivers/md/dm-region-hash.c b/drivers/md/dm-region-hash.c
index 1f76045..2fa1641 100644
--- a/drivers/md/dm-region-hash.c
+++ b/drivers/md/dm-region-hash.c
@@ -290,8 +290,11 @@ static struct dm_region *__rh_alloc(struct dm_region_hash *rh, region_t region)
 	struct dm_region *reg, *nreg;
 
 	nreg = mempool_alloc(&rh->region_pool, GFP_ATOMIC);
-	if (unlikely(!nreg))
+	if (unlikely(!nreg)) {
 		nreg = kmalloc(sizeof(*nreg), GFP_NOIO | __GFP_NOFAIL);
+		if (!nreg)
+			return NULL;
+	}
 
 	nreg->state = rh->log->type->in_sync(rh->log, region, 1) ?
 		      DM_RH_CLEAN : DM_RH_NOSYNC;
@@ -329,6 +332,8 @@ static struct dm_region *__rh_find(struct dm_region_hash *rh, region_t region)
 	if (!reg) {
 		read_unlock(&rh->hash_lock);
 		reg = __rh_alloc(rh, region);
+		if (!reg)
+			return NULL;
 		read_lock(&rh->hash_lock);
 	}
 
---

^ permalink raw reply related	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2019-06-05  6:05 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-05-27  0:50 [PATCH] dm-region-hash: fix a missing-check bug in __rh_alloc() Gen Zhang
2019-05-27  1:49 ` Mike Snitzer
2019-05-27  3:12   ` Gen Zhang
  -- strict thread matches above, loose matches on Subject: below --
2019-05-24  3:12 [PATCH] dm-region-hash: Fix " Gen Zhang
2019-06-05  6:05 ` Jiri Slaby

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.