From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Pavel Skripkin <paskripkin@gmail.com>,
"David S. Miller" <davem@davemloft.net>
Subject: [PATCH 4.14 16/47] net: caif: add proper error handling
Date: Tue, 8 Jun 2021 20:26:59 +0200 [thread overview]
Message-ID: <20210608175931.014250942@linuxfoundation.org> (raw)
In-Reply-To: <20210608175930.477274100@linuxfoundation.org>
From: Pavel Skripkin <paskripkin@gmail.com>
commit a2805dca5107d5603f4bbc027e81e20d93476e96 upstream.
caif_enroll_dev() can fail in some cases. Ingnoring
these cases can lead to memory leak due to not assigning
link_support pointer to anywhere.
Fixes: 7c18d2205ea7 ("caif: Restructure how link caif link layer enroll")
Cc: stable@vger.kernel.org
Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/net/caif/caif_dev.h | 2 +-
include/net/caif/cfcnfg.h | 2 +-
net/caif/caif_dev.c | 8 +++++---
net/caif/cfcnfg.c | 16 +++++++++++-----
4 files changed, 18 insertions(+), 10 deletions(-)
--- a/include/net/caif/caif_dev.h
+++ b/include/net/caif/caif_dev.h
@@ -119,7 +119,7 @@ void caif_free_client(struct cflayer *ad
* The link_support layer is used to add any Link Layer specific
* framing.
*/
-void caif_enroll_dev(struct net_device *dev, struct caif_dev_common *caifdev,
+int caif_enroll_dev(struct net_device *dev, struct caif_dev_common *caifdev,
struct cflayer *link_support, int head_room,
struct cflayer **layer, int (**rcv_func)(
struct sk_buff *, struct net_device *,
--- a/include/net/caif/cfcnfg.h
+++ b/include/net/caif/cfcnfg.h
@@ -62,7 +62,7 @@ void cfcnfg_remove(struct cfcnfg *cfg);
* @fcs: Specify if checksum is used in CAIF Framing Layer.
* @head_room: Head space needed by link specific protocol.
*/
-void
+int
cfcnfg_add_phy_layer(struct cfcnfg *cnfg,
struct net_device *dev, struct cflayer *phy_layer,
enum cfcnfg_phy_preference pref,
--- a/net/caif/caif_dev.c
+++ b/net/caif/caif_dev.c
@@ -303,7 +303,7 @@ static void dev_flowctrl(struct net_devi
caifd_put(caifd);
}
-void caif_enroll_dev(struct net_device *dev, struct caif_dev_common *caifdev,
+int caif_enroll_dev(struct net_device *dev, struct caif_dev_common *caifdev,
struct cflayer *link_support, int head_room,
struct cflayer **layer,
int (**rcv_func)(struct sk_buff *, struct net_device *,
@@ -314,11 +314,12 @@ void caif_enroll_dev(struct net_device *
enum cfcnfg_phy_preference pref;
struct cfcnfg *cfg = get_cfcnfg(dev_net(dev));
struct caif_device_entry_list *caifdevs;
+ int res;
caifdevs = caif_device_list(dev_net(dev));
caifd = caif_device_alloc(dev);
if (!caifd)
- return;
+ return -ENOMEM;
*layer = &caifd->layer;
spin_lock_init(&caifd->flow_lock);
@@ -340,7 +341,7 @@ void caif_enroll_dev(struct net_device *
sizeof(caifd->layer.name) - 1);
caifd->layer.name[sizeof(caifd->layer.name) - 1] = 0;
caifd->layer.transmit = transmit;
- cfcnfg_add_phy_layer(cfg,
+ res = cfcnfg_add_phy_layer(cfg,
dev,
&caifd->layer,
pref,
@@ -350,6 +351,7 @@ void caif_enroll_dev(struct net_device *
mutex_unlock(&caifdevs->lock);
if (rcv_func)
*rcv_func = receive;
+ return res;
}
EXPORT_SYMBOL(caif_enroll_dev);
--- a/net/caif/cfcnfg.c
+++ b/net/caif/cfcnfg.c
@@ -452,7 +452,7 @@ unlock:
rcu_read_unlock();
}
-void
+int
cfcnfg_add_phy_layer(struct cfcnfg *cnfg,
struct net_device *dev, struct cflayer *phy_layer,
enum cfcnfg_phy_preference pref,
@@ -461,7 +461,7 @@ cfcnfg_add_phy_layer(struct cfcnfg *cnfg
{
struct cflayer *frml;
struct cfcnfg_phyinfo *phyinfo = NULL;
- int i;
+ int i, res = 0;
u8 phyid;
mutex_lock(&cnfg->lock);
@@ -475,12 +475,15 @@ cfcnfg_add_phy_layer(struct cfcnfg *cnfg
goto got_phyid;
}
pr_warn("Too many CAIF Link Layers (max 6)\n");
+ res = -EEXIST;
goto out;
got_phyid:
phyinfo = kzalloc(sizeof(struct cfcnfg_phyinfo), GFP_ATOMIC);
- if (!phyinfo)
+ if (!phyinfo) {
+ res = -ENOMEM;
goto out_err;
+ }
phy_layer->id = phyid;
phyinfo->pref = pref;
@@ -494,8 +497,10 @@ got_phyid:
frml = cffrml_create(phyid, fcs);
- if (!frml)
+ if (!frml) {
+ res = -ENOMEM;
goto out_err;
+ }
phyinfo->frm_layer = frml;
layer_set_up(frml, cnfg->mux);
@@ -513,11 +518,12 @@ got_phyid:
list_add_rcu(&phyinfo->node, &cnfg->phys);
out:
mutex_unlock(&cnfg->lock);
- return;
+ return res;
out_err:
kfree(phyinfo);
mutex_unlock(&cnfg->lock);
+ return res;
}
EXPORT_SYMBOL(cfcnfg_add_phy_layer);
next prev parent reply other threads:[~2021-06-08 18:35 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-08 18:26 [PATCH 4.14 00/47] 4.14.236-rc1 review Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 4.14 01/47] net: usb: cdc_ncm: dont spew notifications Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 4.14 02/47] efi: Allow EFI_MEMORY_XP and EFI_MEMORY_RO both to be cleared Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 4.14 03/47] efi: cper: fix snprintf() use in cper_dimm_err_location() Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 4.14 04/47] vfio/pci: Fix error return code in vfio_ecap_init() Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 4.14 05/47] vfio/pci: zap_vma_ptes() needs MMU Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 4.14 06/47] vfio/platform: fix module_put call in error flow Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 4.14 07/47] ipvs: ignore IP_VS_SVC_F_HASHED flag when adding service Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 4.14 08/47] HID: pidff: fix error return code in hid_pidff_init() Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 4.14 09/47] HID: i2c-hid: fix format string mismatch Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 4.14 10/47] netfilter: nfnetlink_cthelper: hit EBUSY on updates if size mismatches Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 4.14 11/47] ieee802154: fix error return code in ieee802154_add_iface() Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 4.14 12/47] ieee802154: fix error return code in ieee802154_llsec_getparams() Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 4.14 13/47] Bluetooth: fix the erroneous flush_work() order Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 4.14 14/47] Bluetooth: use correct lock to prevent UAF of hdev object Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 4.14 15/47] net: caif: added cfserl_release function Greg Kroah-Hartman
2021-06-08 18:26 ` Greg Kroah-Hartman [this message]
2021-06-08 18:27 ` [PATCH 4.14 17/47] net: caif: fix memory leak in caif_device_notify Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.14 18/47] net: caif: fix memory leak in cfusbl_device_notify Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.14 19/47] ALSA: timer: Fix master timer notification Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.14 20/47] ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.14 21/47] pid: take a reference when initializing `cad_pid` Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.14 22/47] ocfs2: fix data corruption by fallocate Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.14 23/47] nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.14 24/47] btrfs: fix error handling in btrfs_del_csums Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.14 25/47] btrfs: fixup error handling in fixup_inode_link_counts Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.14 26/47] mm, hugetlb: fix simple resv_huge_pages underflow on UFFDIO_COPY Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.14 27/47] bpf, selftests: Fix up some test_verifier cases for unprivileged Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.14 28/47] bpf: Move off_reg into sanitize_ptr_alu Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.14 29/47] bpf: Ensure off_reg has no mixed signed bounds for all types Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.14 30/47] bpf: Rework ptr_limit into alu_limit and add common error path Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.14 31/47] bpf: Improve verifier error messages for users Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.14 32/47] bpf: Refactor and streamline bounds check into helper Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.14 33/47] bpf: Move sanitize_val_alu out of op switch Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.14 34/47] bpf: Tighten speculative pointer arithmetic mask Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.14 35/47] bpf: Update selftests to reflect new error states Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.14 36/47] bpf: do not allow root to mangle valid pointers Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.14 37/47] bpf/verifier: disallow pointer subtraction Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.14 38/47] selftests/bpf: fix test_align Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.14 39/47] selftests/bpf: make dubious pointer arithmetic test useful Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.14 40/47] bpf: Fix leakage of uninitialized bpf stack under speculation Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.14 41/47] bpf: Wrap aux data inside bpf_sanitize_info container Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.14 42/47] bpf: Fix mask direction swap upon off reg sign change Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.14 43/47] bpf: No need to simulate speculative domain for immediates Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.14 44/47] bnxt_en: Remove the setting of dev_port Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.14 45/47] KVM: SVM: Truncate GPR value for DR and CR accesses in !64-bit mode Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.14 46/47] sched/fair: Optimize select_idle_cpu Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.14 47/47] xen-pciback: redo VF placement in the virtual topology Greg Kroah-Hartman
2021-06-09 9:33 ` [PATCH 4.14 00/47] 4.14.236-rc1 review Jon Hunter
2021-06-09 11:25 ` Naresh Kamboju
2021-06-09 18:48 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210608175931.014250942@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=davem@davemloft.net \
--cc=linux-kernel@vger.kernel.org \
--cc=paskripkin@gmail.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).