* [PATCH 0/2] Fix NULL pointer dereference and use struct_size() @ 2019-01-22 16:55 Gustavo A. R. Silva 2019-01-22 16:56 ` [PATCH 1/2] mfd: sm501: Fix potential NULL pointer dereference Gustavo A. R. Silva ` (2 more replies) 0 siblings, 3 replies; 8+ messages in thread From: Gustavo A. R. Silva @ 2019-01-22 16:55 UTC (permalink / raw) To: Lee Jones, Linus Walleij; +Cc: linux-kernel, Gustavo A. R. Silva Hi, The first patch in this series fixes a potential NULL pointer dereference by adding a NULL check. A tag for stable has been added for this patch. The second patch promotes the use of struct_size() in devm_kzalloc(). Both issues were detected with the help of Coccinelle. Gustavo A. R. Silva (2): mfd: sm501: Fix potential NULL pointer dereference mfd: sm501: Use struct_size() in devm_kzalloc() drivers/mfd/sm501.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) -- 2.20.1 ^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH 1/2] mfd: sm501: Fix potential NULL pointer dereference 2019-01-22 16:55 [PATCH 0/2] Fix NULL pointer dereference and use struct_size() Gustavo A. R. Silva @ 2019-01-22 16:56 ` Gustavo A. R. Silva 2019-01-30 13:35 ` Lee Jones 2019-01-22 16:58 ` [PATCH 2/2] mfd: sm501: Use struct_size() in devm_kzalloc() Gustavo A. R. Silva 2019-01-26 13:20 ` [PATCH 0/2] Fix NULL pointer dereference and use struct_size() Linus Walleij 2 siblings, 1 reply; 8+ messages in thread From: Gustavo A. R. Silva @ 2019-01-22 16:56 UTC (permalink / raw) To: Linus Walleij, Lee Jones; +Cc: linux-kernel, Gustavo A. R. Silva There is a potential NULL pointer dereference in case devm_kzalloc() fails and returns NULL. Fix this by adding a NULL check on *lookup* This bug was detected with the help of Coccinelle. Fixes: b2e63555592f ("i2c: gpio: Convert to use descriptors") Cc: stable@vger.kernel.org Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com> --- drivers/mfd/sm501.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/mfd/sm501.c b/drivers/mfd/sm501.c index a530972c5a7e..e0173bf4b0dc 100644 --- a/drivers/mfd/sm501.c +++ b/drivers/mfd/sm501.c @@ -1145,6 +1145,9 @@ static int sm501_register_gpio_i2c_instance(struct sm501_devdata *sm, lookup = devm_kzalloc(&pdev->dev, sizeof(*lookup) + 3 * sizeof(struct gpiod_lookup), GFP_KERNEL); + if (!lookup) + return -ENOMEM; + lookup->dev_id = "i2c-gpio"; if (iic->pin_sda < 32) lookup->table[0].chip_label = "SM501-LOW"; -- 2.20.1 ^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH 1/2] mfd: sm501: Fix potential NULL pointer dereference 2019-01-22 16:56 ` [PATCH 1/2] mfd: sm501: Fix potential NULL pointer dereference Gustavo A. R. Silva @ 2019-01-30 13:35 ` Lee Jones 2019-01-31 0:16 ` Gustavo A. R. Silva 0 siblings, 1 reply; 8+ messages in thread From: Lee Jones @ 2019-01-30 13:35 UTC (permalink / raw) To: Gustavo A. R. Silva; +Cc: Linus Walleij, linux-kernel On Tue, 22 Jan 2019, Gustavo A. R. Silva wrote: > There is a potential NULL pointer dereference in case devm_kzalloc() > fails and returns NULL. > > Fix this by adding a NULL check on *lookup* > > This bug was detected with the help of Coccinelle. > > Fixes: b2e63555592f ("i2c: gpio: Convert to use descriptors") > Cc: stable@vger.kernel.org > Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com> > --- > drivers/mfd/sm501.c | 3 +++ > 1 file changed, 3 insertions(+) Applied, thanks. -- Lee Jones [李琼斯] Linaro Services Technical Lead Linaro.org │ Open source software for ARM SoCs Follow Linaro: Facebook | Twitter | Blog ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 1/2] mfd: sm501: Fix potential NULL pointer dereference 2019-01-30 13:35 ` Lee Jones @ 2019-01-31 0:16 ` Gustavo A. R. Silva 0 siblings, 0 replies; 8+ messages in thread From: Gustavo A. R. Silva @ 2019-01-31 0:16 UTC (permalink / raw) To: Lee Jones; +Cc: Linus Walleij, linux-kernel On 1/30/19 7:35 AM, Lee Jones wrote: > On Tue, 22 Jan 2019, Gustavo A. R. Silva wrote: > >> There is a potential NULL pointer dereference in case devm_kzalloc() >> fails and returns NULL. >> >> Fix this by adding a NULL check on *lookup* >> >> This bug was detected with the help of Coccinelle. >> >> Fixes: b2e63555592f ("i2c: gpio: Convert to use descriptors") >> Cc: stable@vger.kernel.org >> Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com> >> --- >> drivers/mfd/sm501.c | 3 +++ >> 1 file changed, 3 insertions(+) > > Applied, thanks. > Thanks, Lee. -- Gustavo ^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH 2/2] mfd: sm501: Use struct_size() in devm_kzalloc() 2019-01-22 16:55 [PATCH 0/2] Fix NULL pointer dereference and use struct_size() Gustavo A. R. Silva 2019-01-22 16:56 ` [PATCH 1/2] mfd: sm501: Fix potential NULL pointer dereference Gustavo A. R. Silva @ 2019-01-22 16:58 ` Gustavo A. R. Silva 2019-01-30 13:35 ` Lee Jones 2019-01-26 13:20 ` [PATCH 0/2] Fix NULL pointer dereference and use struct_size() Linus Walleij 2 siblings, 1 reply; 8+ messages in thread From: Gustavo A. R. Silva @ 2019-01-22 16:58 UTC (permalink / raw) To: Lee Jones, Linus Walleij; +Cc: linux-kernel, Gustavo A. R. Silva One of the more common cases of allocation size calculations is finding the size of a structure that has a zero-sized array at the end, along with memory for some number of elements for that array. For example: struct foo { int stuff; struct boo entry[]; }; instance = devm_kzalloc(dev, sizeof(struct foo) + count * sizeof(struct boo), GFP_KERNEL); Instead of leaving these open-coded and prone to type mistakes, we can now use the new struct_size() helper: instance = devm_kzalloc(dev, struct_size(instance, entry, count), GFP_KERNEL); This code was detected with the help of Coccinelle. Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com> --- drivers/mfd/sm501.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/mfd/sm501.c b/drivers/mfd/sm501.c index e0173bf4b0dc..d217debf382e 100644 --- a/drivers/mfd/sm501.c +++ b/drivers/mfd/sm501.c @@ -1142,8 +1142,7 @@ static int sm501_register_gpio_i2c_instance(struct sm501_devdata *sm, return -ENOMEM; /* Create a gpiod lookup using gpiochip-local offsets */ - lookup = devm_kzalloc(&pdev->dev, - sizeof(*lookup) + 3 * sizeof(struct gpiod_lookup), + lookup = devm_kzalloc(&pdev->dev, struct_size(lookup, table, 3), GFP_KERNEL); if (!lookup) return -ENOMEM; -- 2.20.1 ^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH 2/2] mfd: sm501: Use struct_size() in devm_kzalloc() 2019-01-22 16:58 ` [PATCH 2/2] mfd: sm501: Use struct_size() in devm_kzalloc() Gustavo A. R. Silva @ 2019-01-30 13:35 ` Lee Jones 0 siblings, 0 replies; 8+ messages in thread From: Lee Jones @ 2019-01-30 13:35 UTC (permalink / raw) To: Gustavo A. R. Silva; +Cc: Linus Walleij, linux-kernel On Tue, 22 Jan 2019, Gustavo A. R. Silva wrote: > One of the more common cases of allocation size calculations is finding > the size of a structure that has a zero-sized array at the end, along > with memory for some number of elements for that array. For example: > > struct foo { > int stuff; > struct boo entry[]; > }; > > instance = devm_kzalloc(dev, sizeof(struct foo) + count * sizeof(struct boo), GFP_KERNEL); > > Instead of leaving these open-coded and prone to type mistakes, we can > now use the new struct_size() helper: > > instance = devm_kzalloc(dev, struct_size(instance, entry, count), GFP_KERNEL); > > This code was detected with the help of Coccinelle. > > Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com> > --- > drivers/mfd/sm501.c | 3 +-- > 1 file changed, 1 insertion(+), 2 deletions(-) Applied, thanks. -- Lee Jones [李琼斯] Linaro Services Technical Lead Linaro.org │ Open source software for ARM SoCs Follow Linaro: Facebook | Twitter | Blog ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 0/2] Fix NULL pointer dereference and use struct_size() 2019-01-22 16:55 [PATCH 0/2] Fix NULL pointer dereference and use struct_size() Gustavo A. R. Silva 2019-01-22 16:56 ` [PATCH 1/2] mfd: sm501: Fix potential NULL pointer dereference Gustavo A. R. Silva 2019-01-22 16:58 ` [PATCH 2/2] mfd: sm501: Use struct_size() in devm_kzalloc() Gustavo A. R. Silva @ 2019-01-26 13:20 ` Linus Walleij 2019-01-26 13:49 ` Gustavo A. R. Silva 2 siblings, 1 reply; 8+ messages in thread From: Linus Walleij @ 2019-01-26 13:20 UTC (permalink / raw) To: Gustavo A. R. Silva; +Cc: Lee Jones, linux-kernel On Tue, Jan 22, 2019 at 5:55 PM Gustavo A. R. Silva <gustavo@embeddedor.com> wrote: > The first patch in this series fixes a potential NULL pointer > dereference by adding a NULL check. A tag for stable has been > added for this patch. > > The second patch promotes the use of struct_size() in devm_kzalloc(). Both patches: Reviewed-by: Linus Walleij <linus.walleij@linaro.org> Yours, Linus Walleij ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 0/2] Fix NULL pointer dereference and use struct_size() 2019-01-26 13:20 ` [PATCH 0/2] Fix NULL pointer dereference and use struct_size() Linus Walleij @ 2019-01-26 13:49 ` Gustavo A. R. Silva 0 siblings, 0 replies; 8+ messages in thread From: Gustavo A. R. Silva @ 2019-01-26 13:49 UTC (permalink / raw) To: Linus Walleij; +Cc: Lee Jones, linux-kernel On 1/26/19 7:20 AM, Linus Walleij wrote: > On Tue, Jan 22, 2019 at 5:55 PM Gustavo A. R. Silva > <gustavo@embeddedor.com> wrote: > >> The first patch in this series fixes a potential NULL pointer >> dereference by adding a NULL check. A tag for stable has been >> added for this patch. >> >> The second patch promotes the use of struct_size() in devm_kzalloc(). > > Both patches: > Reviewed-by: Linus Walleij <linus.walleij@linaro.org> > Thanks, Linus. -- Gustavo ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2019-01-31 0:16 UTC | newest] Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2019-01-22 16:55 [PATCH 0/2] Fix NULL pointer dereference and use struct_size() Gustavo A. R. Silva 2019-01-22 16:56 ` [PATCH 1/2] mfd: sm501: Fix potential NULL pointer dereference Gustavo A. R. Silva 2019-01-30 13:35 ` Lee Jones 2019-01-31 0:16 ` Gustavo A. R. Silva 2019-01-22 16:58 ` [PATCH 2/2] mfd: sm501: Use struct_size() in devm_kzalloc() Gustavo A. R. Silva 2019-01-30 13:35 ` Lee Jones 2019-01-26 13:20 ` [PATCH 0/2] Fix NULL pointer dereference and use struct_size() Linus Walleij 2019-01-26 13:49 ` Gustavo A. R. Silva
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).