Message ID | 20240225060450.53044-1-duoming@zju.edu.cn |
---|---|
State | New |
Headers |
Return-Path: <linux-kernel+bounces-79987-ouuuleilei=gmail.com@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7300:a81b:b0:108:e6aa:91d0 with SMTP id bq27csp1451432dyb; Sat, 24 Feb 2024 22:05:44 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCWSbqEKzcBH8GLZv3aqyxNtmuD8u7nL67N0YTMPlZQ1VNbsqU4SC7I3qDTeG8mbc0nvmo3J6lMYW2oZpgrRNdeYBB26HQ== X-Google-Smtp-Source: AGHT+IFokEwms6bjpe/1/ZLyYagPv5o4fZUqIQ18TTbXJR3bjA9sA/LgiyaLZOxGzPjqm/AIsyuO X-Received: by 2002:a17:902:720c:b0:1db:51ee:8677 with SMTP id ba12-20020a170902720c00b001db51ee8677mr4071790plb.59.1708841144633; Sat, 24 Feb 2024 22:05:44 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1708841144; cv=pass; d=google.com; s=arc-20160816; b=RbCehtGlSvAlHtp0elPoGVEhxBxfdOSWiTjizKFCh7t6sDqqte+mTWG8CU01sb7Bq4 I16AY10mtrx3wGVmKGSxa1OnZTf4zZwlRQkjUzLHy7RgaPHdREkCBUiwwTVSureeoa9f ifsS63W1BJvE4eKgtxEAOJTQlrHw9PH4XeWf+8zG6PDoudQSm/yIdu9h3paAidehnV7G YEAc4oVH2j3l0ilNJ23HnAc4Wz3UXTS2w/+bTCMvSNZMmGu5viF947XwLKcMhEYpNH2m NyR0geQKwFv65BMJkANZ3bQvCauKO7mTbEfEomSOo5oJCvG1Q2MzbOT1Q4BH6vlEnv5X hmgg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-id:precedence:message-id:date :subject:cc:to:from; bh=WDyWUnYteRZa2V1w3PwQ4y2dfktnoO1bThe6zG9pl4M=; fh=G9Sjt63BI5E/YOtwjdxUdqtLe5Ryeb/xOYxbZXPkXa4=; b=Wp+X/G6T0psBLJjNGBM0qlW8qBvVhuUr12pwus4vB5RsxFHaTka1yIv43EiBE1BgcE l71bBD0hHa0CJEGt+05Dpkf2GSgfWqUfpkrpg9odq6AzBjWh0NKKoV1xqaelxP3TQT8j TSxTw0HKQacjd7l7x+soJH9qPVDlsEwbvfCRGMOuTBrhcMJVPmGqgWJCvXFp8VI4+8TH ZdQgh9sanRkKpjM+ihJz90y4vnUJY5VUbLePKLhRoBJc4HiX+MGY0b02qB2sJFJXTJ3b 6mLA97f3tdnM8/jOvqzbk6X8UW3jqWYVSmybm43pyxWU25lKIQp4nEm2K542LUdj82p/ RWPw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; arc=pass (i=1 spf=pass spfdomain=zju.edu.cn); spf=pass (google.com: domain of linux-kernel+bounces-79987-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-79987-ouuuleilei=gmail.com@vger.kernel.org" Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id e7-20020a170902784700b001dc418f52fasi1746584pln.571.2024.02.24.22.05.44 for <ouuuleilei@gmail.com> (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 24 Feb 2024 22:05:44 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-79987-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; arc=pass (i=1 spf=pass spfdomain=zju.edu.cn); spf=pass (google.com: domain of linux-kernel+bounces-79987-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-79987-ouuuleilei=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id DA039B20C21 for <ouuuleilei@gmail.com>; Sun, 25 Feb 2024 06:05:36 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 33CE6D27D; Sun, 25 Feb 2024 06:05:25 +0000 (UTC) Received: from zg8tndyumtaxlji0oc4xnzya.icoremail.net (zg8tndyumtaxlji0oc4xnzya.icoremail.net [46.101.248.176]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 78851944C for <linux-kernel@vger.kernel.org>; Sun, 25 Feb 2024 06:05:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=46.101.248.176 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708841123; cv=none; b=IW4IJOL1UvGOow7t/lHAKgsqvm6PAoY7frgR1lsP1NwEhouMPcm5jpTNkjCcabyTJlBt7elCkZqMKZwBWaJzE6eMNs2yYFJwwIEh7tvvoq4zcn/1IG/Uy9w9lK5nqnIDkrkhJKBjaX0MMWlY7He4lOivdLGGfbMcJnARN2FHQ7U= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708841123; c=relaxed/simple; bh=ifytgLKVyzupiyqK0UXfu9ql9qICwiWLNDCvwtpaIxo=; h=From:To:Cc:Subject:Date:Message-Id; b=RErROj+W0qlJt90NLJIC0xgb3VnarcEk7+O47sa3u6jGv8UogjuJFhWALQrCknZtatK1rFfawxpg2tRNNm10AeUFk+SABLqlvah5qSFaxD09wy37MDH/u2BNiZBGgm6oWIsRXl/34BcTnJfK2jcYimE+LuwZWrBH5oStLZeO2uY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=zju.edu.cn; spf=pass smtp.mailfrom=zju.edu.cn; arc=none smtp.client-ip=46.101.248.176 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=zju.edu.cn Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=zju.edu.cn Received: from ubuntu.localdomain (unknown [218.12.16.226]) by mail-app4 (Coremail) with SMTP id cS_KCgD3732D2NpliIKXAQ--.22731S2; Sun, 25 Feb 2024 14:05:02 +0800 (CST) From: Duoming Zhou <duoming@zju.edu.cn> To: linux-arm-kernel@lists.infradead.org Cc: linux-kernel@vger.kernel.org, andrew@lunn.ch, gregory.clement@bootlin.com, sebastian.hesselbarth@gmail.com, linux@armlinux.org.uk, Duoming Zhou <duoming@zju.edu.cn> Subject: [PATCH] ARM: mvebu: Add check in coherency.c to prevent null pointer dereference Date: Sun, 25 Feb 2024 14:04:50 +0800 Message-Id: <20240225060450.53044-1-duoming@zju.edu.cn> X-Mailer: git-send-email 2.17.1 X-CM-TRANSID: cS_KCgD3732D2NpliIKXAQ--.22731S2 X-Coremail-Antispam: 1UD129KBjvdXoWrZF1DtF1rZryfJrW7Zr1UKFg_yoWDGrcEkw 4ft3yDur1Sqw45ur1UGa17Wr9Iyws3Zry8AayIqFZ8C3yY9r43Ar9rtr1fAry7Zrs3KrW3 tas7KF15Aw1UWjkaLaAFLSUrUUUUjb8apTn2vfkv8UJUUUU8Yxn0WfASr-VFAUDa7-sFnT 9fnUUIcSsGvfJTRUUUbskFF20E14v26r4j6ryUM7CY07I20VC2zVCF04k26cxKx2IYs7xG 6rWj6s0DM7CIcVAFz4kK6r1j6r18M28lY4IEw2IIxxk0rwA2F7IY1VAKz4vEj48ve4kI8w A2z4x0Y4vE2Ix0cI8IcVAFwI0_tr0E3s1l84ACjcxK6xIIjxv20xvEc7CjxVAFwI0_Gr1j 6F4UJwA2z4x0Y4vEx4A2jsIE14v26rxl6s0DM28EF7xvwVC2z280aVCY1x0267AKxVW0oV Cq3wAS0I0E0xvYzxvE52x082IY62kv0487Mc02F40EFcxC0VAKzVAqx4xG6I80ewAv7VC0 I7IYx2IY67AKxVWUGVWUXwAv7VC2z280aVAFwI0_Jr0_Gr1lOx8S6xCaFVCjc4AY6r1j6r 4UM4x0Y48IcxkI7VAKI48JM4x0x7Aq67IIx4CEVc8vx2IErcIFxwCY1x0262kKe7AKxVWU AVWUtwCY02Avz4vE14v_GF1l42xK82IYc2Ij64vIr41l4I8I3I0E4IkC6x0Yz7v_Jr0_Gr 1lx2IqxVAqx4xG67AKxVWUJVWUGwC20s026x8GjcxK67AKxVWUGVWUWwC2zVAF1VAY17CE 14v26r126r1DMIIYrxkI7VAKI48JMIIF0xvE2Ix0cI8IcVAFwI0_Jr0_JF4lIxAIcVC0I7 IYx2IY6xkF7I0E14v26r4j6F4UMIIF0xvE42xK8VAvwI8IcIk0rVWUJVWUCwCI42IY6I8E 87Iv67AKxVWUJVW8JwCI42IY6I8E87Iv6xkF7I0E14v26r4j6r4UJbIYCTnIWIevJa73Uj IFyTuYvjfUeXdbDUUUU X-CM-SenderInfo: qssqjiasttq6lmxovvfxof0/1tbiAwMBAWXY6VIJRQBEsO Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: <linux-kernel.vger.kernel.org> List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org> List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org> X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1791849811782338995 X-GMAIL-MSGID: 1791849811782338995 |
Series |
ARM: mvebu: Add check in coherency.c to prevent null pointer dereference
|
|
Commit Message
Duoming Zhou
Feb. 25, 2024, 6:04 a.m. UTC
The kzalloc() in armada_375_380_coherency_init() will return
null if the physical memory has run out. As a result, if we
dereference the property pointer, the null pointer dereference
bug will happen.
This patch adds a check to avoid null pointer dereference.
Fixes: 497a92308af8 ("ARM: mvebu: implement L2/PCIe deadlock workaround")
Signed-off-by: Duoming Zhou <duoming@zju.edu.cn>
---
arch/arm/mach-mvebu/coherency.c | 2 ++
1 file changed, 2 insertions(+)
Comments
On Sun, Feb 25, 2024 at 02:04:50PM +0800, Duoming Zhou wrote: > The kzalloc() in armada_375_380_coherency_init() will return > null if the physical memory has run out. As a result, if we > dereference the property pointer, the null pointer dereference > bug will happen. > > This patch adds a check to avoid null pointer dereference. Again, what if kstrdup() fails?
On Sun, 25 Feb 2024 11:30:20 +0000 Russell King (Oracle) wrote: > > The kzalloc() in armada_375_380_coherency_init() will return > > null if the physical memory has run out. As a result, if we > > dereference the property pointer, the null pointer dereference > > bug will happen. > > > > This patch adds a check to avoid null pointer dereference. > > Again, what if kstrdup() fails? Thank you for your suggestions, I will also add a check to judge whether kstrdup() fails. Best regards, Duoming Zhou
On Sun, Feb 25, 2024 at 02:04:50PM +0800, Duoming Zhou wrote: > The kzalloc() in armada_375_380_coherency_init() will return > null if the physical memory has run out. As a result, if we > dereference the property pointer, the null pointer dereference > bug will happen. > > This patch adds a check to avoid null pointer dereference. > > Fixes: 497a92308af8 ("ARM: mvebu: implement L2/PCIe deadlock workaround") > Signed-off-by: Duoming Zhou <duoming@zju.edu.cn> I have to wounder how we can run out of memory here. This code is being called from: postcore_initcall(coherency_late_init); If you look at: https://elixir.bootlin.com/linux/latest/source/include/linux/init.h#L299 You can see that only true kernel core stuff has been called before that. If that has consumed all the available memory, something is very seriously wrong, and the machine is not going to last another couple of milliseconds before it crashes no matter what checking you do. So i do wounder if your time could be better spent in other places? Andrew
On Mon, Feb 26, 2024 at 02:39:37PM +0100, Andrew Lunn wrote: > On Sun, Feb 25, 2024 at 02:04:50PM +0800, Duoming Zhou wrote: > > The kzalloc() in armada_375_380_coherency_init() will return > > null if the physical memory has run out. As a result, if we > > dereference the property pointer, the null pointer dereference > > bug will happen. > > > > This patch adds a check to avoid null pointer dereference. > > > > Fixes: 497a92308af8 ("ARM: mvebu: implement L2/PCIe deadlock workaround") > > Signed-off-by: Duoming Zhou <duoming@zju.edu.cn> > > I have to wounder how we can run out of memory here. This code is > being called from: > > postcore_initcall(coherency_late_init); > > If you look at: > > https://elixir.bootlin.com/linux/latest/source/include/linux/init.h#L299 > > You can see that only true kernel core stuff has been called before > that. If that has consumed all the available memory, something is very > seriously wrong, and the machine is not going to last another couple > of milliseconds before it crashes no matter what checking you do. > > So i do wounder if your time could be better spent in other places? Sadly, it's an easy patch generation target for newbies getting involved with kernel development. "Find all kzalloc()s and look to see whether they check for a NULL pointer, if not generate a patch". This results in people doing exactly that, not looking at the bigger picture, and not considering whether a NULL pointer could occur there. The other issue is that if a NULL pointer is returned at this point, the resulting oops at least allows a developer to debug it (maybe not a user if the console isn't up.) Adding this patch which basically just continues the loop silently means that there's no diagnostic that something went wrong, and it's up to someone to figure out "why does XYZ no longer work" to figure it out...
diff --git a/arch/arm/mach-mvebu/coherency.c b/arch/arm/mach-mvebu/coherency.c index a6b621ff0b8..a81a3c8c19a 100644 --- a/arch/arm/mach-mvebu/coherency.c +++ b/arch/arm/mach-mvebu/coherency.c @@ -191,6 +191,8 @@ static void __init armada_375_380_coherency_init(struct device_node *np) struct property *p; p = kzalloc(sizeof(*p), GFP_KERNEL); + if (!p) + continue; p->name = kstrdup("arm,io-coherent", GFP_KERNEL); of_add_property(cache_dn, p); }