From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1756808AbcDGQGb (ORCPT <rfc822;w@1wt.eu>);
	Thu, 7 Apr 2016 12:06:31 -0400
Received: from mx2.suse.de ([195.135.220.15]:40387 "EHLO mx2.suse.de"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1756546AbcDGQG1 (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Thu, 7 Apr 2016 12:06:27 -0400
Date: Thu, 7 Apr 2016 18:06:25 +0200 (CEST)
From: Jiri Kosina <jikos@kernel.org>
X-X-Sender: jkosina@pobox.suse.cz
To: Dan Carpenter <dan.carpenter@oracle.com>
cc: jeyu@redhat.com, Josh Poimboeuf <jpoimboe@redhat.com>,
        Miroslav Benes <mbenes@suse.cz>, Petr Mladek <pmladek@suse.com>,
        live-patching@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH] livepatch: robustify klp_register_patch() API error
 checking
In-Reply-To: <20160404203426.GA8200@mwanda>
Message-ID: <alpine.LNX.2.00.1604071804000.27368@cbobk.fhfr.pm>
References: <20160404203426.GA8200@mwanda>
User-Agent: Alpine 2.00 (LNX 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Jiri Kosina <jkosina@suse.cz>

Commit 425595a7fc20 ("livepatch: reuse module loader code to write 
relocations") adds a possibility of dereferncing pointers supplied by the 
consumer of the livepatch API before sanity (NULL) checking them (patch 
and patch->mod).

Spotted by smatch tool.

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
---
 kernel/livepatch/core.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/kernel/livepatch/core.c b/kernel/livepatch/core.c
index eb5db6e..28c37fa 100644
--- a/kernel/livepatch/core.c
+++ b/kernel/livepatch/core.c
@@ -876,6 +876,9 @@ int klp_register_patch(struct klp_patch *patch)
 {
 	int ret;
 
+	if (!patch || !patch->mod)
+		return -EINVAL;
+
 	if (!is_livepatch_module(patch->mod)) {
 		pr_err("module %s is not marked as a livepatch module",
 		       patch->mod->name);
@@ -885,9 +888,6 @@ int klp_register_patch(struct klp_patch *patch)
 	if (!klp_initialized())
 		return -ENODEV;
 
-	if (!patch || !patch->mod)
-		return -EINVAL;
-
 	/*
 	 * A reference is taken on the patch module to prevent it from being
 	 * unloaded.  Right now, we don't allow patch modules to unload since

-- 
Jiri Kosina
SUSE Labs