| Message ID | 202301171823476416320@zte.com.cn |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp1676299wrn;
Tue, 17 Jan 2023 02:26:29 -0800 (PST)
X-Google-Smtp-Source:
AMrXdXvGF3/ngRTGdPpsl7kvOkqQGkf7FaMShsmfruD01ETKbVQWW7oSxHtAF9GFlBvGobIls3G8
X-Received: by 2002:a05:6a20:4a14:b0:b8:88ea:ca27 with SMTP id
fr20-20020a056a204a1400b000b888eaca27mr2286437pzb.53.1673951188753;
Tue, 17 Jan 2023 02:26:28 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1673951188; cv=none;
d=google.com; s=arc-20160816;
b=0j9VmKZJHwTYsbno0qEaUopVhfyqnaEVS3yTwyXi/qx6HvcGO5fakjAwOSRno7TJ0G
Iy98uSmkC7Ra6Yhm8sFmlLmo6dUkho7za4p0ssv+NtuvDkVvBoTvtcWKDF7NMP9fI3qc
qF2B4Wi49LjBA5fxpmsSB3+vRjqg6FMIjKrYfnhQcYBt5Dbhg+JsjcMrqsXoxywVo9to
OlIwuX20XmsAGSyHkroV36ztffNSKaBAxGlhh+CGxYZw1JVvgH+Ql3bRTDcnqf/lWPwp
nrNF/Jip/VzQJtA9Hqf3I1RA9lazuU0Ij/BwORxCZkeAZsLP91eBB1hPdOFPk0q5Zg87
kK5g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:subject:cc:to:from:mime-version:message-id:date;
bh=GjioQyDs/YHEhTv5zW51M+MZPWBeXNC7rmaDhVNb/A0=;
b=JVpgJiqhnr1V8O0KYDnIzMOvH/T6mLlhLVMGx+4/L3tF2uSpRiu29Soc8YDuFrc213
QubwON/p9DUja7Gfam6o/zIi0gK7vMTuJ6CfkJ8dNVzNSaUhQDUi9vjm+nXCv5OQ3Wt+
d/nTtJ6b5JlzxlnAcTduFGaqr1Hdx3nK4vbUhfiS4vpfhreAz0SSC5tiqOMlvDgnki2W
/c55pJkn5SNsX1ecXWS5l8jPXaooe6sAXYdPoV5ldgDlTAsJGtl56SYNYpvQ8NZepRAB
+EYINSaUrFeH93oT7lIyTIjm7iFBz/HkJF9phpmSIRV2BAhcBgp2jsq7d08RSQyzTkFD
x3bg==
ARC-Authentication-Results: i=1; mx.google.com;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=zte.com.cn
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
g10-20020a170902d1ca00b00186bb39ff55si28771935plb.427.2023.01.17.02.26.16;
Tue, 17 Jan 2023 02:26:28 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=zte.com.cn
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S235462AbjAQKYC (ORCPT <rfc822;pfffrao@gmail.com> + 99 others);
Tue, 17 Jan 2023 05:24:02 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34190 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S235285AbjAQKYB (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Tue, 17 Jan 2023 05:24:01 -0500
Received: from mxct.zte.com.cn (mxct.zte.com.cn [183.62.165.209])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 81CA926593;
Tue, 17 Jan 2023 02:23:58 -0800 (PST)
Received: from mse-fl1.zte.com.cn (unknown [10.5.228.132])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by mxct.zte.com.cn (FangMail) with ESMTPS id 4Nx4k46yL0z4xq20;
Tue, 17 Jan 2023 18:23:56 +0800 (CST)
Received: from xaxapp01.zte.com.cn ([10.88.99.176])
by mse-fl1.zte.com.cn with SMTP id 30HANicF048677;
Tue, 17 Jan 2023 18:23:44 +0800 (+08)
(envelope-from ye.xingchen@zte.com.cn)
Received: from mapi (xaxapp01[null])
by mapi (Zmail) with MAPI id mid31;
Tue, 17 Jan 2023 18:23:47 +0800 (CST)
Date: Tue, 17 Jan 2023 18:23:47 +0800 (CST)
X-Zmail-TransId: 2af963c67733ffffffffed689a60
X-Mailer: Zmail v1.0
Message-ID: <202301171823476416320@zte.com.cn>
Mime-Version: 1.0
From: <ye.xingchen@zte.com.cn>
To: <richard.henderson@linaro.org>
Cc: <ink@jurassic.park.msu.ru>, <mattst88@gmail.com>,
<linux-alpha@vger.kernel.org>, <linux-kernel@vger.kernel.org>,
<chi.minghao@zte.com.cn>
Subject: =?utf-8?q?=5BPATCH=5D_alpha=3A_potential_dereference_of_null_pointe?=
=?utf-8?q?r?=
Content-Type: text/plain;
charset="UTF-8"
X-MAIL: mse-fl1.zte.com.cn 30HANicF048677
X-Fangmail-Gw-Spam-Type: 0
X-Fangmail-Anti-Spam-Filtered: true
X-Fangmail-MID-QID: 63C6773C.000/4Nx4k46yL0z4xq20
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE,
T_SPF_PERMERROR,UNPARSEABLE_RELAY autolearn=ham autolearn_force=no
version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1755265041694713975?=
X-GMAIL-MSGID: =?utf-8?q?1755265041694713975?=
|
| Series |
alpha: potential dereference of null pointer
|
|
Commit Message
ye.xingchen@zte.com.cn
Jan. 17, 2023, 10:23 a.m. UTC
From: Minghao Chi <chi.minghao@zte.com.cn> The return value of kmalloc() needs to be checked. To avoid use of null pointer in case of the failure of alloc. Reported-by: Zeal Robot <zealci@zte.com.cn> Signed-off-by: Minghao Chi <chi.minghao@zte.com.cn> Signed-off-by: ye xingchen <ye.xingchen@zte.com.cn> --- arch/alpha/kernel/module.c | 2 ++ 1 file changed, 2 insertions(+)
Comments
On Tue, Jan 17, 2023 at 06:23:47PM +0800, ye.xingchen@zte.com.cn wrote: > From: Minghao Chi <chi.minghao@zte.com.cn> > > The return value of kmalloc() needs to be checked. > To avoid use of null pointer in case of the failure of alloc. > > Reported-by: Zeal Robot <zealci@zte.com.cn> > Signed-off-by: Minghao Chi <chi.minghao@zte.com.cn> > Signed-off-by: ye xingchen <ye.xingchen@zte.com.cn> > --- > arch/alpha/kernel/module.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/arch/alpha/kernel/module.c b/arch/alpha/kernel/module.c > index 5b60c248de9e..5442b75a98c2 100644 > --- a/arch/alpha/kernel/module.c > +++ b/arch/alpha/kernel/module.c > @@ -47,6 +47,8 @@ process_reloc_for_got(Elf64_Rela *rela, > } > > g = kmalloc (sizeof (*g), GFP_KERNEL); > + if (!g) > + return; > g->next = chains[r_sym].next; > g->r_addend = r_addend; > g->got_offset = *poffset; NAK. This kind of patches is strictly worse than useless. Look at what has happened here: 1) your tool has found an indicator of possible bug. Might or might not be a false positive. 2) it is *NOT* a false positive - the problem caught by your heuristics is real. Indeed, allocation might fail and that would result in problems. 3) solution: send a patch that would modify the code so that the same heuristics would no longer be able to spot the problem. Suppose it gets applied. Is the bug fixed? Your heuristics no longer trigger, but what happens in the conditions that would have triggered the original bug? Sure, process_reloc_for_got() returns without an oops now. But what was it supposed to do with the object it tried to allocate? It might be that "skip allocation and move on" is correct, but from the look of that code it seems to be unlikely. And if you look at the caller, you'll see that * everything we allocate gets shortly freed * the caller does temporary allocations of its own (also freed later) * failure of the allocations in the caller translates into "return -ENOMEM" IOW, the caller's callers are supposed to deal with the possibility of -ENOMEM being returned to them in such situations, which means that we do have a reasonably safe approach - have allocation failures in process_reloc_for_got() reported to caller and treated as "clean up and fail with -ENOMEM there". *IF* your variant is actually safe, you should at the very least include the analysis and the reasons why it works. TBH, I do not believe that it is safe. And no, "it doesn't oops with that change" is not a sufficient improvement to balance "it ends up with corrupted loaded module in the same conditions and is harder to spot on source inspection". I would suggest something along the lines of (completely untested) diff below: diff --git a/arch/alpha/kernel/module.c b/arch/alpha/kernel/module.c index 5b60c248de9e..e6ef4c5e8f95 100644 --- a/arch/alpha/kernel/module.c +++ b/arch/alpha/kernel/module.c @@ -25,7 +25,7 @@ struct got_entry { int got_offset; }; -static inline void +static inline int process_reloc_for_got(Elf64_Rela *rela, struct got_entry *chains, Elf64_Xword *poffset) { @@ -35,7 +35,7 @@ process_reloc_for_got(Elf64_Rela *rela, struct got_entry *g; if (r_type != R_ALPHA_LITERAL) - return; + return 0; for (g = chains + r_sym; g ; g = g->next) if (g->r_addend == r_addend) { @@ -47,6 +47,8 @@ process_reloc_for_got(Elf64_Rela *rela, } g = kmalloc (sizeof (*g), GFP_KERNEL); + if (!g) + return -ENOMEM; g->next = chains[r_sym].next; g->r_addend = r_addend; g->got_offset = *poffset; @@ -58,6 +60,7 @@ process_reloc_for_got(Elf64_Rela *rela, 42 valid relocation types, and a 32-bit field. Co-opt the bits above 256 to store the got offset for this reloc. */ rela->r_info |= g->got_offset << 8; + return 0; } int @@ -68,6 +71,7 @@ module_frob_arch_sections(Elf64_Ehdr *hdr, Elf64_Shdr *sechdrs, Elf64_Rela *rela; Elf64_Shdr *esechdrs, *symtab, *s, *got; unsigned long nsyms, nrela, i; + int err; esechdrs = sechdrs + hdr->e_shnum; symtab = got = NULL; @@ -107,12 +111,12 @@ module_frob_arch_sections(Elf64_Ehdr *hdr, Elf64_Shdr *sechdrs, /* Examine all LITERAL relocations to find out what GOT entries are required. This sizes the GOT section as well. */ - for (s = sechdrs; s < esechdrs; ++s) + for (err = 0, s = sechdrs; !err && s < esechdrs; ++s) if (s->sh_type == SHT_RELA) { nrela = s->sh_size / sizeof(Elf64_Rela); rela = (void *)hdr + s->sh_offset; - for (i = 0; i < nrela; ++i) - process_reloc_for_got(rela+i, chains, + for (i = 0; !err && i < nrela; ++i) + err = process_reloc_for_got(rela+i, chains, &got->sh_size); } @@ -126,7 +130,7 @@ module_frob_arch_sections(Elf64_Ehdr *hdr, Elf64_Shdr *sechdrs, } kfree(chains); - return 0; + return err; } int
diff --git a/arch/alpha/kernel/module.c b/arch/alpha/kernel/module.c index 5b60c248de9e..5442b75a98c2 100644 --- a/arch/alpha/kernel/module.c +++ b/arch/alpha/kernel/module.c @@ -47,6 +47,8 @@ process_reloc_for_got(Elf64_Rela *rela, } g = kmalloc (sizeof (*g), GFP_KERNEL); + if (!g) + return; g->next = chains[r_sym].next; g->r_addend = r_addend; g->got_offset = *poffset;