module: Fix NULL vs IS_ERR checking for module_get_next_page

Message ID 20221110025834.1624394-1-linmq006@gmail.com
State New
Headers
Series module: Fix NULL vs IS_ERR checking for module_get_next_page |

Commit Message

Miaoqian Lin Nov. 10, 2022, 2:58 a.m. UTC
  The module_get_next_page() function return error pointers on error
instead of NULL.
Use IS_ERR() to check the return value to fix this.

Fixes: b1ae6dc41eaa ("module: add in-kernel support for decompressing")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
---
 kernel/module/decompress.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)
  

Comments

Luis Chamberlain Nov. 10, 2022, 4:09 a.m. UTC | #1
On Thu, Nov 10, 2022 at 06:58:34AM +0400, Miaoqian Lin wrote:
> The module_get_next_page() function return error pointers on error
> instead of NULL.
> Use IS_ERR() to check the return value to fix this.
> 
> Fixes: b1ae6dc41eaa ("module: add in-kernel support for decompressing")
> Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
> ---

Thanks queued up. How did you find out? Just code inspection? I see
chances are low of this triggering, but just curious how you found it.

  Luis
  
Miaoqian Lin Nov. 10, 2022, 4:18 a.m. UTC | #2
Hi,

On 2022/11/10 12:09, Luis Chamberlain wrote:
> On Thu, Nov 10, 2022 at 06:58:34AM +0400, Miaoqian Lin wrote:
>> The module_get_next_page() function return error pointers on error
>> instead of NULL.
>> Use IS_ERR() to check the return value to fix this.
>>
>> Fixes: b1ae6dc41eaa ("module: add in-kernel support for decompressing")
>> Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
>> ---
> Thanks queued up. How did you find out? Just code inspection? I see
> chances are low of this triggering, but just curious how you found it.
I found this by static analysis, specifically, I obtained functions that return error pointers and

inspected whether their callers followed the correct specification.

>   Luis
  
Luis Chamberlain Nov. 10, 2022, 6:05 a.m. UTC | #3
On Thu, Nov 10, 2022 at 12:18:50PM +0800, Miaoqian Lin wrote:
> Hi,
> 
> On 2022/11/10 12:09, Luis Chamberlain wrote:
> > On Thu, Nov 10, 2022 at 06:58:34AM +0400, Miaoqian Lin wrote:
> >> The module_get_next_page() function return error pointers on error
> >> instead of NULL.
> >> Use IS_ERR() to check the return value to fix this.
> >>
> >> Fixes: b1ae6dc41eaa ("module: add in-kernel support for decompressing")
> >> Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
> >> ---
> > Thanks queued up. How did you find out? Just code inspection? I see
> > chances are low of this triggering, but just curious how you found it.
> I found this by static analysis, specifically, I obtained functions that return error pointers and
> inspected whether their callers followed the correct specification.

Which one did you use?

  Luis
  
Miaoqian Lin Nov. 10, 2022, 6:26 a.m. UTC | #4
On 2022/11/10 14:05, Luis Chamberlain wrote:
> On Thu, Nov 10, 2022 at 12:18:50PM +0800, Miaoqian Lin wrote:
>> Hi,
>>
>> On 2022/11/10 12:09, Luis Chamberlain wrote:
>>> On Thu, Nov 10, 2022 at 06:58:34AM +0400, Miaoqian Lin wrote:
>>>> The module_get_next_page() function return error pointers on error
>>>> instead of NULL.
>>>> Use IS_ERR() to check the return value to fix this.
>>>>
>>>> Fixes: b1ae6dc41eaa ("module: add in-kernel support for decompressing")
>>>> Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
>>>> ---
>>> Thanks queued up. How did you find out? Just code inspection? I see
>>> chances are low of this triggering, but just curious how you found it.
>> I found this by static analysis, specifically, I obtained functions that return error pointers and
>> inspected whether their callers followed the correct specification.
> Which one did you use?
I wrote custom checker based on the weggli tool (https://github.com/googleprojectzero/weggli).
>   Luis
  
Dmitry Torokhov Nov. 10, 2022, 6:43 p.m. UTC | #5
On Thu, Nov 10, 2022 at 06:58:34AM +0400, Miaoqian Lin wrote:
> The module_get_next_page() function return error pointers on error
> instead of NULL.
> Use IS_ERR() to check the return value to fix this.
> 
> Fixes: b1ae6dc41eaa ("module: add in-kernel support for decompressing")
> Signed-off-by: Miaoqian Lin <linmq006@gmail.com>

Reviewed-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>

Thank you for spotting this.
  

Patch

diff --git a/kernel/module/decompress.c b/kernel/module/decompress.c
index c033572d83f0..720e719253cd 100644
--- a/kernel/module/decompress.c
+++ b/kernel/module/decompress.c
@@ -114,8 +114,8 @@  static ssize_t module_gzip_decompress(struct load_info *info,
 	do {
 		struct page *page = module_get_next_page(info);
 
-		if (!page) {
-			retval = -ENOMEM;
+		if (IS_ERR(page)) {
+			retval = PTR_ERR(page);
 			goto out_inflate_end;
 		}
 
@@ -173,8 +173,8 @@  static ssize_t module_xz_decompress(struct load_info *info,
 	do {
 		struct page *page = module_get_next_page(info);
 
-		if (!page) {
-			retval = -ENOMEM;
+		if (IS_ERR(page)) {
+			retval = PTR_ERR(page);
 			goto out;
 		}