* [PATCH v2 0/2] Fix NULL pointer dereference and use struct_size
@ 2019-01-05 5:52 ` Gustavo A. R. Silva
0 siblings, 0 replies; 8+ messages in thread
From: Gustavo A. R. Silva @ 2019-01-05 5:52 UTC (permalink / raw)
To: Linus Walleij, Russell King
Cc: linux-kernel, linux-arm-kernel, Gustavo A. R. Silva
Hi,
The first patch in this series fixes a potential NULL pointer
dereference by adding a NULL check. A tag for stable has been
added for this patch.
The second patch promotes the use of struct_size() in devm_kzalloc().
Both issues were detected with the help of Coccinelle.
Thanks
Changes in v2:
- Fix bug in patch 2/2 reported by kbuild test robot.
Gustavo A. R. Silva (2):
ARM: integrator: impd1: fix NULL pointer dereference
ARM: integrator: impd1: use struct_size() in devm_kzalloc()
arch/arm/mach-integrator/impd1.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--
2.20.1
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH v2 1/2] ARM: integrator: impd1: fix NULL pointer dereference
2019-01-05 5:52 ` Gustavo A. R. Silva
@ 2019-01-05 5:54 ` Gustavo A. R. Silva
-1 siblings, 0 replies; 8+ messages in thread
From: Gustavo A. R. Silva @ 2019-01-05 5:54 UTC (permalink / raw)
To: Russell King, Linus Walleij
Cc: linux-arm-kernel, linux-kernel, Gustavo A. R. Silva
There is a potential NULL pointer dereference in case devm_kzalloc()
fails and returns NULL.
Fix this by adding a NULL check on lookup.
This issue was detected with the help of Coccinelle.
Fixes: 684284b64aae ("ARM: integrator: add MMCI device to IM-PD1")
Cc: stable@vger.kernel.org
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
---
Changes in v2:
- None.
arch/arm/mach-integrator/impd1.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/arch/arm/mach-integrator/impd1.c b/arch/arm/mach-integrator/impd1.c
index a109f6482413..eb0149561be2 100644
--- a/arch/arm/mach-integrator/impd1.c
+++ b/arch/arm/mach-integrator/impd1.c
@@ -392,6 +392,9 @@ static int __ref impd1_probe(struct lm_device *dev)
lookup = devm_kzalloc(&dev->dev,
sizeof(*lookup) + 3 * sizeof(struct gpiod_lookup),
GFP_KERNEL);
+ if (!lookup)
+ return -ENOMEM;
+
chipname = devm_kstrdup(&dev->dev, devname, GFP_KERNEL);
mmciname = kasprintf(GFP_KERNEL, "lm%x:00700", dev->id);
lookup->dev_id = mmciname;
--
2.20.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH v2 1/2] ARM: integrator: impd1: fix NULL pointer dereference
@ 2019-01-05 5:54 ` Gustavo A. R. Silva
0 siblings, 0 replies; 8+ messages in thread
From: Gustavo A. R. Silva @ 2019-01-05 5:54 UTC (permalink / raw)
To: Russell King, Linus Walleij
Cc: linux-kernel, linux-arm-kernel, Gustavo A. R. Silva
There is a potential NULL pointer dereference in case devm_kzalloc()
fails and returns NULL.
Fix this by adding a NULL check on lookup.
This issue was detected with the help of Coccinelle.
Fixes: 684284b64aae ("ARM: integrator: add MMCI device to IM-PD1")
Cc: stable@vger.kernel.org
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
---
Changes in v2:
- None.
arch/arm/mach-integrator/impd1.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/arch/arm/mach-integrator/impd1.c b/arch/arm/mach-integrator/impd1.c
index a109f6482413..eb0149561be2 100644
--- a/arch/arm/mach-integrator/impd1.c
+++ b/arch/arm/mach-integrator/impd1.c
@@ -392,6 +392,9 @@ static int __ref impd1_probe(struct lm_device *dev)
lookup = devm_kzalloc(&dev->dev,
sizeof(*lookup) + 3 * sizeof(struct gpiod_lookup),
GFP_KERNEL);
+ if (!lookup)
+ return -ENOMEM;
+
chipname = devm_kstrdup(&dev->dev, devname, GFP_KERNEL);
mmciname = kasprintf(GFP_KERNEL, "lm%x:00700", dev->id);
lookup->dev_id = mmciname;
--
2.20.1
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH v2 2/2] ARM: integrator: impd1: use struct_size() in devm_kzalloc()
2019-01-05 5:52 ` Gustavo A. R. Silva
@ 2019-01-05 5:55 ` Gustavo A. R. Silva
-1 siblings, 0 replies; 8+ messages in thread
From: Gustavo A. R. Silva @ 2019-01-05 5:55 UTC (permalink / raw)
To: Linus Walleij, Russell King
Cc: linux-arm-kernel, linux-kernel, Gustavo A. R. Silva
One of the more common cases of allocation size calculations is finding
the size of a structure that has a zero-sized array at the end, along
with memory for some number of elements for that array. For example:
struct foo {
int stuff;
void *entry[];
};
instance = devm_kzalloc(dev, sizeof(struct foo) + sizeof(void *) * count, GFP_KERNEL);
Instead of leaving these open-coded and prone to type mistakes, we can
now use the new struct_size() helper:
instance = devm_kzalloc(dev, struct_size(instance, entry, count), GFP_KERNEL);
This code was detected with the help of Coccinelle.
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
---
Changes in v2:
- Fix devm_kzalloc parameter reported by kbuild test robot.
arch/arm/mach-integrator/impd1.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/mach-integrator/impd1.c b/arch/arm/mach-integrator/impd1.c
index eb0149561be2..a0a1e2acdb5e 100644
--- a/arch/arm/mach-integrator/impd1.c
+++ b/arch/arm/mach-integrator/impd1.c
@@ -390,7 +390,7 @@ static int __ref impd1_probe(struct lm_device *dev)
char *mmciname;
lookup = devm_kzalloc(&dev->dev,
- sizeof(*lookup) + 3 * sizeof(struct gpiod_lookup),
+ struct_size(lookup, table, 3),
GFP_KERNEL);
if (!lookup)
return -ENOMEM;
--
2.20.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH v2 2/2] ARM: integrator: impd1: use struct_size() in devm_kzalloc()
@ 2019-01-05 5:55 ` Gustavo A. R. Silva
0 siblings, 0 replies; 8+ messages in thread
From: Gustavo A. R. Silva @ 2019-01-05 5:55 UTC (permalink / raw)
To: Linus Walleij, Russell King
Cc: linux-kernel, linux-arm-kernel, Gustavo A. R. Silva
One of the more common cases of allocation size calculations is finding
the size of a structure that has a zero-sized array at the end, along
with memory for some number of elements for that array. For example:
struct foo {
int stuff;
void *entry[];
};
instance = devm_kzalloc(dev, sizeof(struct foo) + sizeof(void *) * count, GFP_KERNEL);
Instead of leaving these open-coded and prone to type mistakes, we can
now use the new struct_size() helper:
instance = devm_kzalloc(dev, struct_size(instance, entry, count), GFP_KERNEL);
This code was detected with the help of Coccinelle.
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
---
Changes in v2:
- Fix devm_kzalloc parameter reported by kbuild test robot.
arch/arm/mach-integrator/impd1.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/mach-integrator/impd1.c b/arch/arm/mach-integrator/impd1.c
index eb0149561be2..a0a1e2acdb5e 100644
--- a/arch/arm/mach-integrator/impd1.c
+++ b/arch/arm/mach-integrator/impd1.c
@@ -390,7 +390,7 @@ static int __ref impd1_probe(struct lm_device *dev)
char *mmciname;
lookup = devm_kzalloc(&dev->dev,
- sizeof(*lookup) + 3 * sizeof(struct gpiod_lookup),
+ struct_size(lookup, table, 3),
GFP_KERNEL);
if (!lookup)
return -ENOMEM;
--
2.20.1
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH v2 2/2] ARM: integrator: impd1: use struct_size() in devm_kzalloc()
2019-01-05 5:55 ` Gustavo A. R. Silva
@ 2019-01-11 12:33 ` Linus Walleij
-1 siblings, 0 replies; 8+ messages in thread
From: Linus Walleij @ 2019-01-11 12:33 UTC (permalink / raw)
To: Gustavo A. R. Silva; +Cc: Russell King, Linux ARM, linux-kernel
On Sat, Jan 5, 2019 at 6:55 AM Gustavo A. R. Silva
<gustavo@embeddedor.com> wrote:
> One of the more common cases of allocation size calculations is finding
> the size of a structure that has a zero-sized array at the end, along
> with memory for some number of elements for that array. For example:
>
> struct foo {
> int stuff;
> void *entry[];
> };
>
> instance = devm_kzalloc(dev, sizeof(struct foo) + sizeof(void *) * count, GFP_KERNEL);
>
> Instead of leaving these open-coded and prone to type mistakes, we can
> now use the new struct_size() helper:
>
> instance = devm_kzalloc(dev, struct_size(instance, entry, count), GFP_KERNEL);
>
> This code was detected with the help of Coccinelle.
>
> Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
> ---
> Changes in v2:
> - Fix devm_kzalloc parameter reported by kbuild test robot.
Patch applied.
Yours,
Linus Walleij
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH v2 2/2] ARM: integrator: impd1: use struct_size() in devm_kzalloc()
@ 2019-01-11 12:33 ` Linus Walleij
0 siblings, 0 replies; 8+ messages in thread
From: Linus Walleij @ 2019-01-11 12:33 UTC (permalink / raw)
To: Gustavo A. R. Silva; +Cc: Russell King, Linux ARM, linux-kernel
On Sat, Jan 5, 2019 at 6:55 AM Gustavo A. R. Silva
<gustavo@embeddedor.com> wrote:
> One of the more common cases of allocation size calculations is finding
> the size of a structure that has a zero-sized array at the end, along
> with memory for some number of elements for that array. For example:
>
> struct foo {
> int stuff;
> void *entry[];
> };
>
> instance = devm_kzalloc(dev, sizeof(struct foo) + sizeof(void *) * count, GFP_KERNEL);
>
> Instead of leaving these open-coded and prone to type mistakes, we can
> now use the new struct_size() helper:
>
> instance = devm_kzalloc(dev, struct_size(instance, entry, count), GFP_KERNEL);
>
> This code was detected with the help of Coccinelle.
>
> Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
> ---
> Changes in v2:
> - Fix devm_kzalloc parameter reported by kbuild test robot.
Patch applied.
Yours,
Linus Walleij
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 8+ messages in thread