linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH 1/1] power: Fix unchecked return value of devm_kzalloc
@ 2017-04-24  8:22 Pan Bian
  2017-04-25 10:50 ` Pali Rohár
  2017-05-01 11:32 ` Sebastian Reichel
  0 siblings, 2 replies; 5+ messages in thread
From: Pan Bian @ 2017-04-24  8:22 UTC (permalink / raw)
  To: Pali Rohár, Sebastian Reichel, linux-pm; +Cc: linux-kernel, Pan Bian

Function devm_kzalloc() will return a NULL pointer. However, in function
isp1704_charger_probe(), the return value of devm_kzalloc() is directly
used without validation. This may result in a bad memory access bug.

Signed-off-by: Pan Bian <bianpan2016@163.com>
---
 drivers/power/supply/isp1704_charger.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/drivers/power/supply/isp1704_charger.c b/drivers/power/supply/isp1704_charger.c
index 4cd6899..95af5f3 100644
--- a/drivers/power/supply/isp1704_charger.c
+++ b/drivers/power/supply/isp1704_charger.c
@@ -418,6 +418,10 @@ static int isp1704_charger_probe(struct platform_device *pdev)
 
 		pdata = devm_kzalloc(&pdev->dev,
 			sizeof(struct isp1704_charger_data), GFP_KERNEL);
+		if (!pdata) {
+			ret = -ENOMEM;
+			goto fail0;
+		}
 		pdata->enable_gpio = gpio;
 
 		dev_info(&pdev->dev, "init gpio %d\n", pdata->enable_gpio);
-- 
1.9.1

^ permalink raw reply related	[flat|nested] 5+ messages in thread
* Re: [PATCH 1/1] power: Fix unchecked return value of devm_kzalloc
  2017-04-24  8:22 [PATCH 1/1] power: Fix unchecked return value of devm_kzalloc Pan Bian
@ 2017-04-25 10:50 ` Pali Rohár
  2017-05-01 11:32 ` Sebastian Reichel
  1 sibling, 0 replies; 5+ messages in thread
From: Pali Rohár @ 2017-04-25 10:50 UTC (permalink / raw)
  To: Pan Bian; +Cc: Sebastian Reichel, linux-pm, linux-kernel

On Monday 24 April 2017 16:22:08 Pan Bian wrote:
> Function devm_kzalloc() will return a NULL pointer. However, in function
> isp1704_charger_probe(), the return value of devm_kzalloc() is directly
> used without validation. This may result in a bad memory access bug.
> 
> Signed-off-by: Pan Bian <bianpan2016@163.com>
> ---
>  drivers/power/supply/isp1704_charger.c | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/drivers/power/supply/isp1704_charger.c b/drivers/power/supply/isp1704_charger.c
> index 4cd6899..95af5f3 100644
> --- a/drivers/power/supply/isp1704_charger.c
> +++ b/drivers/power/supply/isp1704_charger.c
> @@ -418,6 +418,10 @@ static int isp1704_charger_probe(struct platform_device *pdev)
>  
>  		pdata = devm_kzalloc(&pdev->dev,
>  			sizeof(struct isp1704_charger_data), GFP_KERNEL);
> +		if (!pdata) {
> +			ret = -ENOMEM;
> +			goto fail0;
> +		}
>  		pdata->enable_gpio = gpio;
>  
>  		dev_info(&pdev->dev, "init gpio %d\n", pdata->enable_gpio);

Looks good now. Reviewed-by: Pali Rohár <pali.rohar@gmail.com>

-- 
Pali Rohár
pali.rohar@gmail.com

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH 1/1] power: Fix unchecked return value of devm_kzalloc
  2017-04-24  8:22 [PATCH 1/1] power: Fix unchecked return value of devm_kzalloc Pan Bian
  2017-04-25 10:50 ` Pali Rohár
@ 2017-05-01 11:32 ` Sebastian Reichel
  1 sibling, 0 replies; 5+ messages in thread
From: Sebastian Reichel @ 2017-05-01 11:32 UTC (permalink / raw)
  To: Pan Bian; +Cc: Pali Rohár, linux-pm, linux-kernel

[-- Attachment #1: Type: text/plain, Size: 377 bytes --]

Hi,

On Mon, Apr 24, 2017 at 04:22:08PM +0800, Pan Bian wrote:
> Function devm_kzalloc() will return a NULL pointer. However, in function
> isp1704_charger_probe(), the return value of devm_kzalloc() is directly
> used without validation. This may result in a bad memory access bug.
> 
> Signed-off-by: Pan Bian <bianpan2016@163.com>

Thanks, queued.

-- Sebastian

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH 1/1] power: Fix unchecked return value of devm_kzalloc
  2017-04-24  0:34 Pan Bian
@ 2017-04-24  7:16 ` Pali Rohár
  0 siblings, 0 replies; 5+ messages in thread
From: Pali Rohár @ 2017-04-24  7:16 UTC (permalink / raw)
  To: Pan Bian; +Cc: Sebastian Reichel, linux-pm, linux-kernel

On Monday 24 April 2017 08:34:08 Pan Bian wrote:
> Function devm_kzalloc() will return a NULL pointer. However, in function
> isp1704_charger_probe(), the return value of devm_kzalloc() is directly
> used without validation. This may result in a bad memory access bug.
> 
> Signed-off-by: Pan Bian <bianpan2016@163.com>
> ---
>  drivers/power/supply/isp1704_charger.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/drivers/power/supply/isp1704_charger.c b/drivers/power/supply/isp1704_charger.c
> index 4cd6899..2f02463 100644
> --- a/drivers/power/supply/isp1704_charger.c
> +++ b/drivers/power/supply/isp1704_charger.c
> @@ -418,6 +418,8 @@ static int isp1704_charger_probe(struct platform_device *pdev)
>  
>  		pdata = devm_kzalloc(&pdev->dev,
>  			sizeof(struct isp1704_charger_data), GFP_KERNEL);
> +		if (pdata)
> +			goto fail0;
>  		pdata->enable_gpio = gpio;
>  
>  		dev_info(&pdev->dev, "init gpio %d\n", pdata->enable_gpio);

fail0 returns ret value value which is initialized to -ENODEV. It could
be fragile if somebody change default initialization ret value to
something else (wort to 0). In your case before goto fail0 it is needed
to explicitly set ret to -ENOMEM so prevent future problems.

-- 
Pali Rohár
pali.rohar@gmail.com

^ permalink raw reply	[flat|nested] 5+ messages in thread
* [PATCH 1/1] power: Fix unchecked return value of devm_kzalloc
@ 2017-04-24  0:34 Pan Bian
  2017-04-24  7:16 ` Pali Rohár
  0 siblings, 1 reply; 5+ messages in thread
From: Pan Bian @ 2017-04-24  0:34 UTC (permalink / raw)
  To: Pali Rohár, Sebastian Reichel; +Cc: linux-pm, linux-kernel, Pan Bian

Function devm_kzalloc() will return a NULL pointer. However, in function
isp1704_charger_probe(), the return value of devm_kzalloc() is directly
used without validation. This may result in a bad memory access bug.

Signed-off-by: Pan Bian <bianpan2016@163.com>
---
 drivers/power/supply/isp1704_charger.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/power/supply/isp1704_charger.c b/drivers/power/supply/isp1704_charger.c
index 4cd6899..2f02463 100644
--- a/drivers/power/supply/isp1704_charger.c
+++ b/drivers/power/supply/isp1704_charger.c
@@ -418,6 +418,8 @@ static int isp1704_charger_probe(struct platform_device *pdev)
 
 		pdata = devm_kzalloc(&pdev->dev,
 			sizeof(struct isp1704_charger_data), GFP_KERNEL);
+		if (pdata)
+			goto fail0;
 		pdata->enable_gpio = gpio;
 
 		dev_info(&pdev->dev, "init gpio %d\n", pdata->enable_gpio);
-- 
1.9.1

^ permalink raw reply related	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2017-05-01 11:33 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-04-24  8:22 [PATCH 1/1] power: Fix unchecked return value of devm_kzalloc Pan Bian
2017-04-25 10:50 ` Pali Rohár
2017-05-01 11:32 ` Sebastian Reichel
  -- strict thread matches above, loose matches on Subject: below --
2017-04-24  0:34 Pan Bian
2017-04-24  7:16 ` Pali Rohár

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).