| Message ID | 20230903101322.205537-1-yiyang13@huawei.com |
|---|---|
| State | New |
| Headers | show |
| Series | tty: vcc: Add check for kstrdup() in vcc_probe() | expand |
On Sun, Sep 03, 2023 at 06:13:22PM +0800, Yi Yang wrote: > Add check for the return value of kstrdup() and return the error, if it > fails in order to avoid NULL pointer dereference. > > Fixes: 5d171050e28f ("sparc64: vcc: Enable VCC port probe and removal") > Signed-off-by: Yi Yang <yiyang13@huawei.com> > --- > drivers/tty/vcc.c | 9 +++++++++ > 1 file changed, 9 insertions(+) > > diff --git a/drivers/tty/vcc.c b/drivers/tty/vcc.c > index a39ed981bfd3..420d334f6077 100644 > --- a/drivers/tty/vcc.c > +++ b/drivers/tty/vcc.c > @@ -579,6 +579,10 @@ static int vcc_probe(struct vio_dev *vdev, const struct vio_device_id *id) > return -ENOMEM; > > name = kstrdup(dev_name(&vdev->dev), GFP_KERNEL); > + if (!name) { > + kfree(port); > + return -ENOMEM; Please just add another goto target later in the function like the rest of the error paths follow. And how did you test this patch? thanks, greg k-h
On Mon, Sep 04, 2023 at 11:45:11AM +0800, yiyang (D) wrote: > On 2023/9/3 18:49, Greg KH wrote: > > On Sun, Sep 03, 2023 at 06:13:22PM +0800, Yi Yang wrote: > > > Add check for the return value of kstrdup() and return the error, if it > > > fails in order to avoid NULL pointer dereference. > > > > > > Fixes: 5d171050e28f ("sparc64: vcc: Enable VCC port probe and removal") > > > Signed-off-by: Yi Yang <yiyang13@huawei.com> > > > --- > > > drivers/tty/vcc.c | 9 +++++++++ > > > 1 file changed, 9 insertions(+) > > > > > > diff --git a/drivers/tty/vcc.c b/drivers/tty/vcc.c > > > index a39ed981bfd3..420d334f6077 100644 > > > --- a/drivers/tty/vcc.c > > > +++ b/drivers/tty/vcc.c > > > @@ -579,6 +579,10 @@ static int vcc_probe(struct vio_dev *vdev, const struct vio_device_id *id) > > > return -ENOMEM; > > > name = kstrdup(dev_name(&vdev->dev), GFP_KERNEL); > > > + if (!name) { > > > + kfree(port); > > > + return -ENOMEM; > > > > Please just add another goto target later in the function like the rest > > of the error paths follow. > Ok, i will send v2 patch for this issue. > > > > And how did you test this patch? > > > I use crosstool-ng build sparc arch for open CONFIG_VCC. That is build-testing, how did you functionally test that this works properly? thanks, greg k-h
diff --git a/drivers/tty/vcc.c b/drivers/tty/vcc.c index a39ed981bfd3..420d334f6077 100644 --- a/drivers/tty/vcc.c +++ b/drivers/tty/vcc.c @@ -579,6 +579,10 @@ static int vcc_probe(struct vio_dev *vdev, const struct vio_device_id *id) return -ENOMEM; name = kstrdup(dev_name(&vdev->dev), GFP_KERNEL); + if (!name) { + kfree(port); + return -ENOMEM; + } rv = vio_driver_init(&port->vio, vdev, VDEV_CONSOLE_CON, vcc_versions, ARRAY_SIZE(vcc_versions), NULL, name); @@ -624,6 +628,11 @@ static int vcc_probe(struct vio_dev *vdev, const struct vio_device_id *id) goto unreg_tty; } port->domain = kstrdup(domain, GFP_KERNEL); + if (!port->domain) { + rv = -ENOMEM; + goto unreg_tty; + } + mdesc_release(hp);
Add check for the return value of kstrdup() and return the error, if it fails in order to avoid NULL pointer dereference. Fixes: 5d171050e28f ("sparc64: vcc: Enable VCC port probe and removal") Signed-off-by: Yi Yang <yiyang13@huawei.com> --- drivers/tty/vcc.c | 9 +++++++++ 1 file changed, 9 insertions(+)