* [PATCH] net: fjes: fix potential NULL pointer dereferences
@ 2019-03-11 7:10 Kangjie Lu
2019-03-11 23:19 ` David Miller
0 siblings, 1 reply; 5+ messages in thread
From: Kangjie Lu @ 2019-03-11 7:10 UTC (permalink / raw)
To: kjlu; +Cc: pakki001, David S. Miller, Colin Ian King, netdev, linux-kernel
In case alloc_workqueue fails, the fix returns -ENOMEM to avoid
ULL pointer dereferences.
Signed-off-by: Kangjie Lu <kjlu@umn.edu>
---
drivers/net/fjes/fjes_main.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/drivers/net/fjes/fjes_main.c b/drivers/net/fjes/fjes_main.c
index d3eae1239045..18c2c9e24c24 100644
--- a/drivers/net/fjes/fjes_main.c
+++ b/drivers/net/fjes/fjes_main.c
@@ -1252,8 +1252,17 @@ static int fjes_probe(struct platform_device *plat_dev)
adapter->open_guard = false;
adapter->txrx_wq = alloc_workqueue(DRV_NAME "/txrx", WQ_MEM_RECLAIM, 0);
+ if (!adapter->txrx_wq) {
+ err = -ENOMEM;
+ goto err_free_netdev;
+ }
+
adapter->control_wq = alloc_workqueue(DRV_NAME "/control",
WQ_MEM_RECLAIM, 0);
+ if (!adapter->control_wq) {
+ err = -ENOMEM;
+ goto err_free_netdev;
+ }
INIT_WORK(&adapter->tx_stall_task, fjes_tx_stall_task);
INIT_WORK(&adapter->raise_intr_rxdata_task,
--
2.17.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH] net: fjes: fix potential NULL pointer dereferences
2019-03-11 7:10 [PATCH] net: fjes: fix potential NULL pointer dereferences Kangjie Lu
@ 2019-03-11 23:19 ` David Miller
2019-03-12 4:56 ` Kangjie Lu
2019-03-23 3:52 ` [PATCH v2] " Kangjie Lu
0 siblings, 2 replies; 5+ messages in thread
From: David Miller @ 2019-03-11 23:19 UTC (permalink / raw)
To: kjlu; +Cc: pakki001, colin.king, netdev, linux-kernel
From: Kangjie Lu <kjlu@umn.edu>
Date: Mon, 11 Mar 2019 02:10:21 -0500
> adapter->control_wq = alloc_workqueue(DRV_NAME "/control",
> WQ_MEM_RECLAIM, 0);
> + if (!adapter->control_wq) {
> + err = -ENOMEM;
> + goto err_free_netdev;
> + }
This error path leaks adapter->txrx_wq.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] net: fjes: fix potential NULL pointer dereferences
2019-03-11 23:19 ` David Miller
@ 2019-03-12 4:56 ` Kangjie Lu
2019-03-23 3:52 ` [PATCH v2] " Kangjie Lu
1 sibling, 0 replies; 5+ messages in thread
From: Kangjie Lu @ 2019-03-12 4:56 UTC (permalink / raw)
To: David Miller; +Cc: pakki001, colin.king, netdev, linux-kernel
> On Mar 11, 2019, at 6:19 PM, David Miller <davem@davemloft.net> wrote:
>
> From: Kangjie Lu <kjlu@umn.edu>
> Date: Mon, 11 Mar 2019 02:10:21 -0500
>
>> adapter->control_wq = alloc_workqueue(DRV_NAME "/control",
>> WQ_MEM_RECLAIM, 0);
>> + if (!adapter->control_wq) {
>> + err = -ENOMEM;
>> + goto err_free_netdev;
>> + }
>
> This error path leaks adapter->txrx_wq.
The following code also has an error-handling case: goto err_free_netdev.
Shouldn’t the resource release be in err_free_netdev?
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH v2] net: fjes: fix potential NULL pointer dereferences
2019-03-11 23:19 ` David Miller
2019-03-12 4:56 ` Kangjie Lu
@ 2019-03-23 3:52 ` Kangjie Lu
2019-03-26 17:50 ` David Miller
1 sibling, 1 reply; 5+ messages in thread
From: Kangjie Lu @ 2019-03-23 3:52 UTC (permalink / raw)
To: kjlu; +Cc: pakki001, David S. Miller, Colin Ian King, netdev, linux-kernel
In case alloc_workqueue fails, the patch returns -ENOMEM to avoid
NULL pointer dereferences.
In addition, the patch fixes memory-leak issues.
Signed-off-by: Kangjie Lu <kjlu@umn.edu>
---
V2: free resources properly
---
drivers/net/fjes/fjes_main.c | 15 ++++++++++++++-
1 file changed, 14 insertions(+), 1 deletion(-)
diff --git a/drivers/net/fjes/fjes_main.c b/drivers/net/fjes/fjes_main.c
index d3eae1239045..471486eefb7b 100644
--- a/drivers/net/fjes/fjes_main.c
+++ b/drivers/net/fjes/fjes_main.c
@@ -1252,8 +1252,16 @@ static int fjes_probe(struct platform_device *plat_dev)
adapter->open_guard = false;
adapter->txrx_wq = alloc_workqueue(DRV_NAME "/txrx", WQ_MEM_RECLAIM, 0);
+ if (!adapter->txrx_wq) {
+ err = -ENOMEM;
+ goto err_free_netdev;
+ }
adapter->control_wq = alloc_workqueue(DRV_NAME "/control",
WQ_MEM_RECLAIM, 0);
+ if (!adapter->control_wq) {
+ err = -ENOMEM;
+ goto err_free_wq;
+ }
INIT_WORK(&adapter->tx_stall_task, fjes_tx_stall_task);
INIT_WORK(&adapter->raise_intr_rxdata_task,
@@ -1270,7 +1278,7 @@ static int fjes_probe(struct platform_device *plat_dev)
hw->hw_res.irq = platform_get_irq(plat_dev, 0);
err = fjes_hw_init(&adapter->hw);
if (err)
- goto err_free_netdev;
+ goto err_free_wq;
/* setup MAC address (02:00:00:00:00:[epid])*/
netdev->dev_addr[0] = 2;
@@ -1292,6 +1300,11 @@ static int fjes_probe(struct platform_device *plat_dev)
err_hw_exit:
fjes_hw_exit(&adapter->hw);
+err_free_wq:
+ if (adapter->txrx_wq)
+ destroy_workqueue(adapter->txrx_wq);
+ if (adapter->control_wq)
+ destroy_workqueue(adapter->control_wq);
err_free_netdev:
free_netdev(netdev);
err_out:
--
2.17.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH v2] net: fjes: fix potential NULL pointer dereferences
2019-03-23 3:52 ` [PATCH v2] " Kangjie Lu
@ 2019-03-26 17:50 ` David Miller
0 siblings, 0 replies; 5+ messages in thread
From: David Miller @ 2019-03-26 17:50 UTC (permalink / raw)
To: kjlu; +Cc: pakki001, colin.king, netdev, linux-kernel
From: Kangjie Lu <kjlu@umn.edu>
Date: Fri, 22 Mar 2019 22:52:21 -0500
> @@ -1252,8 +1252,16 @@ static int fjes_probe(struct platform_device *plat_dev)
> adapter->open_guard = false;
>
> adapter->txrx_wq = alloc_workqueue(DRV_NAME "/txrx", WQ_MEM_RECLAIM, 0);
> + if (!adapter->txrx_wq) {
> + err = -ENOMEM;
> + goto err_free_netdev;
> + }
These error paths have to undo the netif_napi_add() done by fjes_sw_init().
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2019-03-26 17:50 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-03-11 7:10 [PATCH] net: fjes: fix potential NULL pointer dereferences Kangjie Lu
2019-03-11 23:19 ` David Miller
2019-03-12 4:56 ` Kangjie Lu
2019-03-23 3:52 ` [PATCH v2] " Kangjie Lu
2019-03-26 17:50 ` David Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).