linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] Missing failure handling
@ 2006-07-20 19:16 Panagiotis Issaris
  2006-07-25  8:24 ` Andrew Morton
  2006-08-01  4:29 ` Paul Mackerras
  0 siblings, 2 replies; 3+ messages in thread
From: Panagiotis Issaris @ 2006-07-20 19:16 UTC (permalink / raw)
  To: linux-kernel; +Cc: paulus, linux-ppp

From: Panagiotis Issaris <takis@issaris.org>

The PPP code contains two kmalloc()s followed by memset()s without
handling a possible memory allocation failure. (Suggested by 
Joe Perches).

And furthermore, conversions from kmalloc+memset to kzalloc.

Signed-off-by: Panagiotis Issaris <takis@issaris.org>
---
 drivers/net/ppp_generic.c |   34 +++++++++++++++++++++++-----------
 1 files changed, 23 insertions(+), 11 deletions(-)

diff --git a/drivers/net/ppp_generic.c b/drivers/net/ppp_generic.c
index 0ec6e9d..7b27ac8 100644
--- a/drivers/net/ppp_generic.c
+++ b/drivers/net/ppp_generic.c
@@ -192,7 +192,7 @@ struct cardmap {
 	void *ptr[CARDMAP_WIDTH];
 };
 static void *cardmap_get(struct cardmap *map, unsigned int nr);
-static void cardmap_set(struct cardmap **map, unsigned int nr, void *ptr);
+static int cardmap_set(struct cardmap **map, unsigned int nr, void *ptr);
 static unsigned int cardmap_find_first_free(struct cardmap *map);
 static void cardmap_destroy(struct cardmap **map);
 
@@ -1995,10 +1995,9 @@ ppp_register_channel(struct ppp_channel 
 {
 	struct channel *pch;
 
-	pch = kmalloc(sizeof(struct channel), GFP_KERNEL);
+	pch = kzalloc(sizeof(struct channel), GFP_KERNEL);
 	if (pch == 0)
 		return -ENOMEM;
-	memset(pch, 0, sizeof(struct channel));
 	pch->ppp = NULL;
 	pch->chan = chan;
 	chan->ppp = pch;
@@ -2408,13 +2407,12 @@ ppp_create_interface(int unit, int *retp
 	int ret = -ENOMEM;
 	int i;
 
-	ppp = kmalloc(sizeof(struct ppp), GFP_KERNEL);
+	ppp = kzalloc(sizeof(struct ppp), GFP_KERNEL);
 	if (!ppp)
 		goto out;
 	dev = alloc_netdev(0, "", ppp_setup);
 	if (!dev)
 		goto out1;
-	memset(ppp, 0, sizeof(struct ppp));
 
 	ppp->mru = PPP_MRU;
 	init_ppp_file(&ppp->file, INTERFACE);
@@ -2454,11 +2452,18 @@ #endif /* CONFIG_PPP_MULTILINK */
 	}
 
 	atomic_inc(&ppp_unit_count);
-	cardmap_set(&all_ppp_units, unit, ppp);
+	ret = cardmap_set(&all_ppp_units, unit, ppp);
+	if (ret != 0) {
+		printk(KERN_ERR "PPP: couldn't set cardmap\n");	
+		goto out3;
+	}
+
 	mutex_unlock(&all_ppp_mutex);
 	*retp = 0;
 	return ppp;
 
+out3:
+	atomic_dec(&ppp_unit_count);
 out2:
 	mutex_unlock(&all_ppp_mutex);
 	free_netdev(dev);
@@ -2695,7 +2700,7 @@ static void *cardmap_get(struct cardmap 
 	return NULL;
 }
 
-static void cardmap_set(struct cardmap **pmap, unsigned int nr, void *ptr)
+static int cardmap_set(struct cardmap **pmap, unsigned int nr, void *ptr)
 {
 	struct cardmap *p;
 	int i;
@@ -2704,8 +2709,11 @@ static void cardmap_set(struct cardmap *
 	if (p == NULL || (nr >> p->shift) >= CARDMAP_WIDTH) {
 		do {
 			/* need a new top level */
-			struct cardmap *np = kmalloc(sizeof(*np), GFP_KERNEL);
-			memset(np, 0, sizeof(*np));
+			struct cardmap *np = kzalloc(sizeof(*np), GFP_KERNEL);
+			if (!np) {
+				printk(KERN_ERR "PPP: no memory (cardmap)\n");
+				return -ENOMEM;
+			}
 			np->ptr[0] = p;
 			if (p != NULL) {
 				np->shift = p->shift + CARDMAP_ORDER;
@@ -2719,8 +2727,11 @@ static void cardmap_set(struct cardmap *
 	while (p->shift > 0) {
 		i = (nr >> p->shift) & CARDMAP_MASK;
 		if (p->ptr[i] == NULL) {
-			struct cardmap *np = kmalloc(sizeof(*np), GFP_KERNEL);
-			memset(np, 0, sizeof(*np));
+			struct cardmap *np = kzalloc(sizeof(*np), GFP_KERNEL);
+			if (!np) {
+				printk(KERN_ERR "PPP: no memory (cardmap)\n");
+				return -ENOMEM;
+			}
 			np->shift = p->shift - CARDMAP_ORDER;
 			np->parent = p;
 			p->ptr[i] = np;
@@ -2735,6 +2746,7 @@ static void cardmap_set(struct cardmap *
 		set_bit(i, &p->inuse);
 	else
 		clear_bit(i, &p->inuse);
+	return 0;
 }
 
 static unsigned int cardmap_find_first_free(struct cardmap *map)
-- 
1.4.2.rc1.ge7a0-dirty


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH] Missing failure handling
  2006-07-20 19:16 [PATCH] Missing failure handling Panagiotis Issaris
@ 2006-07-25  8:24 ` Andrew Morton
  2006-08-01  4:29 ` Paul Mackerras
  1 sibling, 0 replies; 3+ messages in thread
From: Andrew Morton @ 2006-07-25  8:24 UTC (permalink / raw)
  To: Panagiotis Issaris; +Cc: linux-kernel, paulus, linux-ppp

On Thu, 20 Jul 2006 21:16:29 +0200
takis@lumumba.uhasselt.be (Panagiotis Issaris) wrote:

> From: Panagiotis Issaris <takis@issaris.org>
> 
> The PPP code contains two kmalloc()s followed by memset()s without
> handling a possible memory allocation failure. (Suggested by 
> Joe Perches).
> 
> And furthermore, conversions from kmalloc+memset to kzalloc.

OK...

> -			struct cardmap *np = kmalloc(sizeof(*np), GFP_KERNEL);
> -			memset(np, 0, sizeof(*np));
> +			struct cardmap *np = kzalloc(sizeof(*np), GFP_KERNEL);
> +			if (!np) {
> +				printk(KERN_ERR "PPP: no memory (cardmap)\n");
> +				return -ENOMEM;
> +			}
>  			np->ptr[0] = p;
>  			if (p != NULL) {
>  				np->shift = p->shift + CARDMAP_ORDER;
> @@ -2719,8 +2727,11 @@ static void cardmap_set(struct cardmap *
>  	while (p->shift > 0) {
>  		i = (nr >> p->shift) & CARDMAP_MASK;
>  		if (p->ptr[i] == NULL) {
> -			struct cardmap *np = kmalloc(sizeof(*np), GFP_KERNEL);
> -			memset(np, 0, sizeof(*np));
> +			struct cardmap *np = kzalloc(sizeof(*np), GFP_KERNEL);
> +			if (!np) {
> +				printk(KERN_ERR "PPP: no memory (cardmap)\n");
> +				return -ENOMEM;
> +			}
>  			np->shift = p->shift - CARDMAP_ORDER;

But this leaks memory on errors.

It looks like cardmap_destroy() will handle a partially-constructed map,
so..

--- a/drivers/net/ppp_generic.c~ppp-handle-kmalloc-failures-leak-fix
+++ a/drivers/net/ppp_generic.c
@@ -2710,10 +2710,8 @@ static int cardmap_set(struct cardmap **
 		do {
 			/* need a new top level */
 			struct cardmap *np = kzalloc(sizeof(*np), GFP_KERNEL);
-			if (!np) {
-				printk(KERN_ERR "PPP: no memory (cardmap)\n");
-				return -ENOMEM;
-			}
+			if (!np)
+				goto enomem;
 			np->ptr[0] = p;
 			if (p != NULL) {
 				np->shift = p->shift + CARDMAP_ORDER;
@@ -2728,10 +2726,8 @@ static int cardmap_set(struct cardmap **
 		i = (nr >> p->shift) & CARDMAP_MASK;
 		if (p->ptr[i] == NULL) {
 			struct cardmap *np = kzalloc(sizeof(*np), GFP_KERNEL);
-			if (!np) {
-				printk(KERN_ERR "PPP: no memory (cardmap)\n");
-				return -ENOMEM;
-			}
+			if (!np)
+				goto enomem;
 			np->shift = p->shift - CARDMAP_ORDER;
 			np->parent = p;
 			p->ptr[i] = np;
@@ -2747,6 +2743,10 @@ static int cardmap_set(struct cardmap **
 	else
 		clear_bit(i, &p->inuse);
 	return 0;
+enomem:
+	printk(KERN_ERR "PPP: no memory (cardmap)\n");
+	cardmap_destroy(pmap);
+	return -ENOMEM;
 }
 
 static unsigned int cardmap_find_first_free(struct cardmap *map)
_


^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH] Missing failure handling
  2006-07-20 19:16 [PATCH] Missing failure handling Panagiotis Issaris
  2006-07-25  8:24 ` Andrew Morton
@ 2006-08-01  4:29 ` Paul Mackerras
  1 sibling, 0 replies; 3+ messages in thread
From: Paul Mackerras @ 2006-08-01  4:29 UTC (permalink / raw)
  To: Panagiotis Issaris; +Cc: linux-kernel, linux-ppp

Panagiotis Issaris writes:

> -	cardmap_set(&all_ppp_units, unit, ppp);
> +	ret = cardmap_set(&all_ppp_units, unit, ppp);
> +	if (ret != 0) {
> +		printk(KERN_ERR "PPP: couldn't set cardmap\n");	

This is a pretty useless message, in that it will mean nothing to a
user who sees it.  It would be better to set ret = -ENOMEM and not
print the message, I think.

Paul.

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2006-08-01  5:01 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2006-07-20 19:16 [PATCH] Missing failure handling Panagiotis Issaris
2006-07-25  8:24 ` Andrew Morton
2006-08-01  4:29 ` Paul Mackerras

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).