* [PATCH v2 1/2] ARM: integrator: impd1: fix NULL pointer dereference
2019-01-05 5:52 [PATCH v2 0/2] Fix NULL pointer dereference and use struct_size Gustavo A. R. Silva
@ 2019-01-05 5:54 ` Gustavo A. R. Silva
2019-01-05 5:55 ` [PATCH v2 2/2] ARM: integrator: impd1: use struct_size() in devm_kzalloc() Gustavo A. R. Silva
1 sibling, 0 replies; 4+ messages in thread
From: Gustavo A. R. Silva @ 2019-01-05 5:54 UTC (permalink / raw)
To: Russell King, Linus Walleij
Cc: linux-kernel, linux-arm-kernel, Gustavo A. R. Silva
There is a potential NULL pointer dereference in case devm_kzalloc()
fails and returns NULL.
Fix this by adding a NULL check on lookup.
This issue was detected with the help of Coccinelle.
Fixes: 684284b64aae ("ARM: integrator: add MMCI device to IM-PD1")
Cc: stable@vger.kernel.org
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
---
Changes in v2:
- None.
arch/arm/mach-integrator/impd1.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/arch/arm/mach-integrator/impd1.c b/arch/arm/mach-integrator/impd1.c
index a109f6482413..eb0149561be2 100644
--- a/arch/arm/mach-integrator/impd1.c
+++ b/arch/arm/mach-integrator/impd1.c
@@ -392,6 +392,9 @@ static int __ref impd1_probe(struct lm_device *dev)
lookup = devm_kzalloc(&dev->dev,
sizeof(*lookup) + 3 * sizeof(struct gpiod_lookup),
GFP_KERNEL);
+ if (!lookup)
+ return -ENOMEM;
+
chipname = devm_kstrdup(&dev->dev, devname, GFP_KERNEL);
mmciname = kasprintf(GFP_KERNEL, "lm%x:00700", dev->id);
lookup->dev_id = mmciname;
--
2.20.1
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply related [flat|nested] 4+ messages in thread* [PATCH v2 2/2] ARM: integrator: impd1: use struct_size() in devm_kzalloc()
2019-01-05 5:52 [PATCH v2 0/2] Fix NULL pointer dereference and use struct_size Gustavo A. R. Silva
2019-01-05 5:54 ` [PATCH v2 1/2] ARM: integrator: impd1: fix NULL pointer dereference Gustavo A. R. Silva
@ 2019-01-05 5:55 ` Gustavo A. R. Silva
2019-01-11 12:33 ` Linus Walleij
1 sibling, 1 reply; 4+ messages in thread
From: Gustavo A. R. Silva @ 2019-01-05 5:55 UTC (permalink / raw)
To: Linus Walleij, Russell King
Cc: linux-kernel, linux-arm-kernel, Gustavo A. R. Silva
One of the more common cases of allocation size calculations is finding
the size of a structure that has a zero-sized array at the end, along
with memory for some number of elements for that array. For example:
struct foo {
int stuff;
void *entry[];
};
instance = devm_kzalloc(dev, sizeof(struct foo) + sizeof(void *) * count, GFP_KERNEL);
Instead of leaving these open-coded and prone to type mistakes, we can
now use the new struct_size() helper:
instance = devm_kzalloc(dev, struct_size(instance, entry, count), GFP_KERNEL);
This code was detected with the help of Coccinelle.
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
---
Changes in v2:
- Fix devm_kzalloc parameter reported by kbuild test robot.
arch/arm/mach-integrator/impd1.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/mach-integrator/impd1.c b/arch/arm/mach-integrator/impd1.c
index eb0149561be2..a0a1e2acdb5e 100644
--- a/arch/arm/mach-integrator/impd1.c
+++ b/arch/arm/mach-integrator/impd1.c
@@ -390,7 +390,7 @@ static int __ref impd1_probe(struct lm_device *dev)
char *mmciname;
lookup = devm_kzalloc(&dev->dev,
- sizeof(*lookup) + 3 * sizeof(struct gpiod_lookup),
+ struct_size(lookup, table, 3),
GFP_KERNEL);
if (!lookup)
return -ENOMEM;
--
2.20.1
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply related [flat|nested] 4+ messages in thread