* [PATCH] staging: vt6655: check for memory allocation failures [not found] <CGME20180328063144epcas1p305216b582520b884b09c93a7ad591660@epcas1p3.samsung.com> @ 2018-03-28 6:31 ` Ji-Hun Kim 2018-03-28 8:33 ` Greg KH 2018-03-28 9:55 ` Jia-Ju Bai 0 siblings, 2 replies; 4+ messages in thread From: Ji-Hun Kim @ 2018-03-28 6:31 UTC (permalink / raw) To: gregkh, forest Cc: devel, y.k.oh, kernel-janitors, ji_hun.kim, linux-kernel, julia.lawall, baijiaju1990, santhameena13 There are no null pointer checking on rd_info and td_info values which are allocated by kzalloc. It has potential null pointer dereferencing issues. Add return when allocation is failed. Signed-off-by: Ji-Hun Kim <ji_hun.kim@samsung.com> --- drivers/staging/vt6655/device_main.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/drivers/staging/vt6655/device_main.c b/drivers/staging/vt6655/device_main.c index fbc4bc6..5d0ba94 100644 --- a/drivers/staging/vt6655/device_main.c +++ b/drivers/staging/vt6655/device_main.c @@ -539,7 +539,8 @@ static void device_init_rd0_ring(struct vnt_private *priv) i ++, curr += sizeof(struct vnt_rx_desc)) { desc = &priv->aRD0Ring[i]; desc->rd_info = kzalloc(sizeof(*desc->rd_info), GFP_KERNEL); - + if (WARN_ON(!desc->rd_info)) + return; if (!device_alloc_rx_buf(priv, desc)) dev_err(&priv->pcid->dev, "can not alloc rx bufs\n"); @@ -563,7 +564,8 @@ static void device_init_rd1_ring(struct vnt_private *priv) i ++, curr += sizeof(struct vnt_rx_desc)) { desc = &priv->aRD1Ring[i]; desc->rd_info = kzalloc(sizeof(*desc->rd_info), GFP_KERNEL); - + if (WARN_ON(!desc->rd_info)) + return; if (!device_alloc_rx_buf(priv, desc)) dev_err(&priv->pcid->dev, "can not alloc rx bufs\n"); @@ -621,7 +623,8 @@ static void device_init_td0_ring(struct vnt_private *priv) i++, curr += sizeof(struct vnt_tx_desc)) { desc = &priv->apTD0Rings[i]; desc->td_info = kzalloc(sizeof(*desc->td_info), GFP_KERNEL); - + if (WARN_ON(!desc->td_info)) + return; desc->td_info->buf = priv->tx0_bufs + i * PKT_BUF_SZ; desc->td_info->buf_dma = priv->tx_bufs_dma0 + i * PKT_BUF_SZ; @@ -646,7 +649,8 @@ static void device_init_td1_ring(struct vnt_private *priv) i++, curr += sizeof(struct vnt_tx_desc)) { desc = &priv->apTD1Rings[i]; desc->td_info = kzalloc(sizeof(*desc->td_info), GFP_KERNEL); - + if (WARN_ON(!desc->td_info)) + return; desc->td_info->buf = priv->tx1_bufs + i * PKT_BUF_SZ; desc->td_info->buf_dma = priv->tx_bufs_dma1 + i * PKT_BUF_SZ; -- 1.9.1 _______________________________________________ devel mailing list devel@linuxdriverproject.org http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel ^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] staging: vt6655: check for memory allocation failures 2018-03-28 6:31 ` [PATCH] staging: vt6655: check for memory allocation failures Ji-Hun Kim @ 2018-03-28 8:33 ` Greg KH 2018-03-28 9:55 ` Jia-Ju Bai 1 sibling, 0 replies; 4+ messages in thread From: Greg KH @ 2018-03-28 8:33 UTC (permalink / raw) To: Ji-Hun Kim Cc: devel, y.k.oh, kernel-janitors, linux-kernel, julia.lawall, baijiaju1990, forest, santhameena13 On Wed, Mar 28, 2018 at 03:31:31PM +0900, Ji-Hun Kim wrote: > There are no null pointer checking on rd_info and td_info values which > are allocated by kzalloc. It has potential null pointer dereferencing > issues. Add return when allocation is failed. > > Signed-off-by: Ji-Hun Kim <ji_hun.kim@samsung.com> > --- > drivers/staging/vt6655/device_main.c | 12 ++++++++---- > 1 file changed, 8 insertions(+), 4 deletions(-) > > diff --git a/drivers/staging/vt6655/device_main.c b/drivers/staging/vt6655/device_main.c > index fbc4bc6..5d0ba94 100644 > --- a/drivers/staging/vt6655/device_main.c > +++ b/drivers/staging/vt6655/device_main.c > @@ -539,7 +539,8 @@ static void device_init_rd0_ring(struct vnt_private *priv) > i ++, curr += sizeof(struct vnt_rx_desc)) { > desc = &priv->aRD0Ring[i]; > desc->rd_info = kzalloc(sizeof(*desc->rd_info), GFP_KERNEL); > - > + if (WARN_ON(!desc->rd_info)) > + return; Eeek, no, this crashes any machine that runs with "panic on warn". You don't crash if you can not allocate any memory, you recover and move on. You don't even need to print anything out, as the call itself will do that if this happens. So this patch isn't ok at all, sorry. greg k-h _______________________________________________ devel mailing list devel@linuxdriverproject.org http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] staging: vt6655: check for memory allocation failures 2018-03-28 6:31 ` [PATCH] staging: vt6655: check for memory allocation failures Ji-Hun Kim 2018-03-28 8:33 ` Greg KH @ 2018-03-28 9:55 ` Jia-Ju Bai 2018-03-29 1:56 ` Ji-Hun Kim 1 sibling, 1 reply; 4+ messages in thread From: Jia-Ju Bai @ 2018-03-28 9:55 UTC (permalink / raw) To: Ji-Hun Kim, gregkh, forest Cc: devel, y.k.oh, kernel-janitors, linux-kernel, julia.lawall, santhameena13 On 2018/3/28 14:31, Ji-Hun Kim wrote: > There are no null pointer checking on rd_info and td_info values which > are allocated by kzalloc. It has potential null pointer dereferencing > issues. Add return when allocation is failed. > > Signed-off-by: Ji-Hun Kim <ji_hun.kim@samsung.com> > --- > drivers/staging/vt6655/device_main.c | 12 ++++++++---- > 1 file changed, 8 insertions(+), 4 deletions(-) > > diff --git a/drivers/staging/vt6655/device_main.c b/drivers/staging/vt6655/device_main.c > index fbc4bc6..5d0ba94 100644 > --- a/drivers/staging/vt6655/device_main.c > +++ b/drivers/staging/vt6655/device_main.c > @@ -539,7 +539,8 @@ static void device_init_rd0_ring(struct vnt_private *priv) > i ++, curr += sizeof(struct vnt_rx_desc)) { > desc = &priv->aRD0Ring[i]; > desc->rd_info = kzalloc(sizeof(*desc->rd_info), GFP_KERNEL); > - > + if (WARN_ON(!desc->rd_info)) > + return; > if (!device_alloc_rx_buf(priv, desc)) > dev_err(&priv->pcid->dev, "can not alloc rx bufs\n"); > > @@ -563,7 +564,8 @@ static void device_init_rd1_ring(struct vnt_private *priv) > i ++, curr += sizeof(struct vnt_rx_desc)) { > desc = &priv->aRD1Ring[i]; > desc->rd_info = kzalloc(sizeof(*desc->rd_info), GFP_KERNEL); > - > + if (WARN_ON(!desc->rd_info)) > + return; > if (!device_alloc_rx_buf(priv, desc)) > dev_err(&priv->pcid->dev, "can not alloc rx bufs\n"); > > @@ -621,7 +623,8 @@ static void device_init_td0_ring(struct vnt_private *priv) > i++, curr += sizeof(struct vnt_tx_desc)) { > desc = &priv->apTD0Rings[i]; > desc->td_info = kzalloc(sizeof(*desc->td_info), GFP_KERNEL); > - > + if (WARN_ON(!desc->td_info)) > + return; > desc->td_info->buf = priv->tx0_bufs + i * PKT_BUF_SZ; > desc->td_info->buf_dma = priv->tx_bufs_dma0 + i * PKT_BUF_SZ; > > @@ -646,7 +649,8 @@ static void device_init_td1_ring(struct vnt_private *priv) > i++, curr += sizeof(struct vnt_tx_desc)) { > desc = &priv->apTD1Rings[i]; > desc->td_info = kzalloc(sizeof(*desc->td_info), GFP_KERNEL); > - > + if (WARN_ON(!desc->td_info)) > + return; > desc->td_info->buf = priv->tx1_bufs + i * PKT_BUF_SZ; > desc->td_info->buf_dma = priv->tx_bufs_dma1 + i * PKT_BUF_SZ; > I think the bugs you found are right. But your patch is not correct, because it is dangerous to return directly. I think you should return an error and then implement error handling code for these functions. Best wishes, Jia-Ju Bai _______________________________________________ devel mailing list devel@linuxdriverproject.org http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] staging: vt6655: check for memory allocation failures 2018-03-28 9:55 ` Jia-Ju Bai @ 2018-03-29 1:56 ` Ji-Hun Kim 0 siblings, 0 replies; 4+ messages in thread From: Ji-Hun Kim @ 2018-03-29 1:56 UTC (permalink / raw) To: baijiaju1990, gregkh, forest Cc: devel, y.k.oh, kernel-janitors, linux-kernel, julia.lawall, santhameena13 On Wed, Mar 28, 2018 at 05:55:57PM +0800, Jia-Ju Bai wrote: > >@@ -646,7 +649,8 @@ static void device_init_td1_ring(struct vnt_private *priv) > > i++, curr += sizeof(struct vnt_tx_desc)) { > > desc = &priv->apTD1Rings[i]; > > desc->td_info = kzalloc(sizeof(*desc->td_info), GFP_KERNEL); > >- > >+ if (WARN_ON(!desc->td_info)) > >+ return; > > desc->td_info->buf = priv->tx1_bufs + i * PKT_BUF_SZ; > > desc->td_info->buf_dma = priv->tx_bufs_dma1 + i * PKT_BUF_SZ; > > I think the bugs you found are right. > But your patch is not correct, because it is dangerous to return directly. > I think you should return an error and then implement error handling > code for these functions. > Yes, it needs to free previous allocated values in the for loop. Directly return could make memory leaks. I am going to make patch v2. - Delete WARN_ON which could make crashes on some machines. - Add freeing sequences for previously allocated memory when kzalloc() failed instead of returning directly. Does these changes would be fine on this bug? _______________________________________________ devel mailing list devel@linuxdriverproject.org http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2018-03-29 1:56 UTC | newest] Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- [not found] <CGME20180328063144epcas1p305216b582520b884b09c93a7ad591660@epcas1p3.samsung.com> 2018-03-28 6:31 ` [PATCH] staging: vt6655: check for memory allocation failures Ji-Hun Kim 2018-03-28 8:33 ` Greg KH 2018-03-28 9:55 ` Jia-Ju Bai 2018-03-29 1:56 ` Ji-Hun Kim
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).