| Message ID | 20231204020745.2445944-1-chentao@kylinos.cn |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:bcd1:0:b0:403:3b70:6f57 with SMTP id r17csp2505867vqy;
Sun, 3 Dec 2023 18:08:06 -0800 (PST)
X-Google-Smtp-Source:
AGHT+IFc0c39O1EBF2WkE2gK+8pNwQiiLuvmUhV3qoQhMQAv1zsPfdEaXLsWKfUMwCX/r9h36L4D
X-Received: by 2002:a17:90a:fe0b:b0:286:6cc1:8674 with SMTP id
ck11-20020a17090afe0b00b002866cc18674mr1225409pjb.89.1701655686435;
Sun, 03 Dec 2023 18:08:06 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1701655686; cv=none;
d=google.com; s=arc-20160816;
b=gQ3lz/56tt9VFvpnDrh6ux/VCABvisIsPgrhJP9QUmy2qi16juPLW/3q3T3HqFWHuO
CYK3uAaSSZH6qBjNJkiZ/ZcVHyd+Z/vARsmwF76UDdzqwiBKe7LGRZDYWdxZf1pTzk1P
EaxiPfj+B1s05BQYUg5HiiYl1xHy4ALDpx5iHdP5mLFuzWS10JrOh1E1wTuJU8+CBUUl
ffAhUx4GkFVY3GcpN/IusP/mhlqVnWU54t7rjuU9iB6yJNydnmmji7ZY34ahCeYx9JXV
yGrAwJfDGQnM5B27jH6JCK/JvC+yE7dUKDvOhP5MNDaskyWLuoIrCDHllkRIDxPyyDmF
biKQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:message-id:date:subject:cc:to:from;
bh=qkWYyASAZFk5ASKxyi/58/9yXf00ZSShlehYudUVweE=;
fh=miGay42fzsNzfksisbZymqB8k7x1sFxKvQBDMsHhNb0=;
b=Q/+QTN2WFv9w/gvLYsJeSNMiFtomwJsD83bMxOmfiZUzwL2mHCIMXh4jNmi6l7yonK
a/rfdr1gy7ZP6GMzkenKYLXGv49RtnxbEZFpZm+29oqLDtIB44HRHXa8If/NFCVnZuU4
JtmJ0enpxIBwQ8rquIh49flDItsh+XAPmlSDHAhXLMTuMYr4g9bWfkycCOCuQtjvEKxe
FmQV4mohgtps7Y8+vJhH1ap0TQKvFS6k5eNQmxVpm0R8PfVwu5zmSPdRc3q+gdROgVU4
clYTUB/zNw0R4cvB3U9Pw3yer4mH+/P1PZZbA3mKDCUiMbPlHP4Uy/a4ycS7yA+Nep3n
Syrg==
ARC-Authentication-Results: i=1; mx.google.com;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 23.128.96.36 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: from pete.vger.email (pete.vger.email. [23.128.96.36])
by mx.google.com with ESMTPS id
ce9-20020a17090aff0900b00286b48a6226si717583pjb.89.2023.12.03.18.08.06
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Sun, 03 Dec 2023 18:08:06 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 23.128.96.36 as permitted sender) client-ip=23.128.96.36;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 23.128.96.36 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
by pete.vger.email (Postfix) with ESMTP id B29098047560;
Sun, 3 Dec 2023 18:08:03 -0800 (PST)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.11 at pete.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S234281AbjLDCHy (ORCPT <rfc822;pwkd43@gmail.com> + 99 others);
Sun, 3 Dec 2023 21:07:54 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42066 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S229918AbjLDCHx (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Sun, 3 Dec 2023 21:07:53 -0500
Received: from mailgw.kylinos.cn (mailgw.kylinos.cn [124.126.103.232])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C1D77A6
for <linux-kernel@vger.kernel.org>;
Sun, 3 Dec 2023 18:07:57 -0800 (PST)
X-UUID: 014ab063981c49b5bb30737bf10e66c6-20231204
X-CID-P-RULE: Release_Ham
X-CID-O-INFO: VERSION:1.1.33,REQID:a05bcdc4-b345-4b04-9792-be9ac9b1cfed,IP:10,
URL:0,TC:0,Content:0,EDM:0,RT:0,SF:-15,FILE:0,BULK:0,RULE:Release_Ham,ACTI
ON:release,TS:-5
X-CID-INFO: VERSION:1.1.33,REQID:a05bcdc4-b345-4b04-9792-be9ac9b1cfed,IP:10,UR
L:0,TC:0,Content:0,EDM:0,RT:0,SF:-15,FILE:0,BULK:0,RULE:Release_Ham,ACTION
:release,TS:-5
X-CID-META: VersionHash:364b77b,CLOUDID:b172c560-c89d-4129-91cb-8ebfae4653fc,B
ulkID:23120410075314KM9WVT,BulkQuantity:0,Recheck:0,SF:38|24|17|19|44|66|1
02,TC:nil,Content:0,EDM:-3,IP:-2,URL:0,File:nil,Bulk:nil,QS:nil,BEC:nil,CO
L:0,OSI:0,OSA:0,AV:0,LES:1,SPR:NO,DKR:0,DKP:0,BRR:0,BRE:0
X-CID-BVR: 0
X-CID-BAS: 0,_,0,_
X-CID-FACTOR: TF_CID_SPAM_SNR,TF_CID_SPAM_FAS,TF_CID_SPAM_FSD,TF_CID_SPAM_FSI
X-UUID: 014ab063981c49b5bb30737bf10e66c6-20231204
X-User: chentao@kylinos.cn
Received: from vt.. [(116.128.244.171)] by mailgw
(envelope-from <chentao@kylinos.cn>)
(Generic MTA with TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 256/256)
with ESMTP id 124436007; Mon, 04 Dec 2023 10:07:49 +0800
From: Kunwu Chan <chentao@kylinos.cn>
To: fbarrat@linux.ibm.com, ajd@linux.ibm.com, arnd@arndb.de,
gregkh@linuxfoundation.org, mpe@ellerman.id.au,
mrochs@linux.vnet.ibm.com
Cc: kunwu.chan@hotmail.com, linuxppc-dev@lists.ozlabs.org,
linux-kernel@vger.kernel.org, Kunwu Chan <chentao@kylinos.cn>
Subject: [PATCH] cxl: Fix null pointer dereference in cxl_get_fd
Date: Mon, 4 Dec 2023 10:07:45 +0800
Message-Id: <20231204020745.2445944-1-chentao@kylinos.cn>
X-Mailer: git-send-email 2.34.1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No,
score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS,
MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,
UNPARSEABLE_RELAY autolearn=unavailable autolearn_force=no
version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on pete.vger.email
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test,
not delayed by milter-greylist-4.6.4 (pete.vger.email [0.0.0.0]);
Sun, 03 Dec 2023 18:08:03 -0800 (PST)
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1784315313075765260
X-GMAIL-MSGID: 1784315313075765260
|
| Series |
cxl: Fix null pointer dereference in cxl_get_fd
|
|
Commit Message
Kunwu Chan
Dec. 4, 2023, 2:07 a.m. UTC
kasprintf() returns a pointer to dynamically allocated memory
which can be NULL upon failure.
Fixes: bdecf76e319a ("cxl: Fix coredump generation when cxl_get_fd() is used")
Signed-off-by: Kunwu Chan <chentao@kylinos.cn>
---
drivers/misc/cxl/api.c | 4 ++++
1 file changed, 4 insertions(+)
Comments
On 04/12/2023 03:07, Kunwu Chan wrote: > kasprintf() returns a pointer to dynamically allocated memory > which can be NULL upon failure. > > Fixes: bdecf76e319a ("cxl: Fix coredump generation when cxl_get_fd() is used") > Signed-off-by: Kunwu Chan <chentao@kylinos.cn> > --- > drivers/misc/cxl/api.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/drivers/misc/cxl/api.c b/drivers/misc/cxl/api.c > index d85c56530863..bfd7ccd4d7e1 100644 > --- a/drivers/misc/cxl/api.c > +++ b/drivers/misc/cxl/api.c > @@ -419,6 +419,10 @@ struct file *cxl_get_fd(struct cxl_context *ctx, struct file_operations *fops, > fops = (struct file_operations *)&afu_fops; > > name = kasprintf(GFP_KERNEL, "cxl:%d", ctx->pe); > + if (!name) { > + put_unused_fd(fdtmp); > + return ERR_PTR(-ENOMEM); > + } That works, but you might as well follow the existing error path: name = kasprintf(GFP_KERNEL, "cxl:%d", ctx->pe); if (!name) goto err_fd; Fred > file = cxl_getfile(name, fops, ctx, flags); > kfree(name); > if (IS_ERR(file))
Hi Fred,
Thanks for your reply.
But there is a question, whether we should return an error code in error
path so that the caller of the 'cxl_get_fd' can know the specific
reason. rather than just return NULL.
Such as:
- int rc, flags, fdtmp;
+ int rc = 0, flags, fdtmp;
char *name = NULL;
/* only allow one per context */
- if (ctx->mapping)
- return ERR_PTR(-EEXIST);
+ if (ctx->mapping) {
+ rc = -EEXIST;
+ goto err;
+ }
flags = O_RDWR | O_CLOEXEC;
/* This code is similar to anon_inode_getfd() */
rc = get_unused_fd_flags(flags);
- if (rc < 0)
- return ERR_PTR(rc);
+ if (rc < 0) {
+ goto err;
+ }
fdtmp = rc;
name = kasprintf(GFP_KERNEL, "cxl:%d", ctx->pe);
+ if (!name) {
+ rc = -ENOMEM;
+ goto err_fd;
+ }
file = cxl_getfile(name, fops, ctx, flags);
kfree(name);
@@ -434,6 +437,9 @@ struct file *cxl_get_fd(struct cxl_context *ctx,
struct file_operations *fops,
err_fd:
put_unused_fd(fdtmp);
+err:
+ if (rc)
+ return ERR_PTR(rc);
return NULL;
Thanks again,
Kunwu
On 2023/12/4 18:43, Frederic Barrat wrote:
>
>
> On 04/12/2023 03:07, Kunwu Chan wrote:
>> kasprintf() returns a pointer to dynamically allocated memory
>> which can be NULL upon failure.
>>
>> Fixes: bdecf76e319a ("cxl: Fix coredump generation when cxl_get_fd()
>> is used")
>> Signed-off-by: Kunwu Chan <chentao@kylinos.cn>
>> ---
>> drivers/misc/cxl/api.c | 4 ++++
>> 1 file changed, 4 insertions(+)
>>
>> diff --git a/drivers/misc/cxl/api.c b/drivers/misc/cxl/api.c
>> index d85c56530863..bfd7ccd4d7e1 100644
>> --- a/drivers/misc/cxl/api.c
>> +++ b/drivers/misc/cxl/api.c
>> @@ -419,6 +419,10 @@ struct file *cxl_get_fd(struct cxl_context *ctx,
>> struct file_operations *fops,
>> fops = (struct file_operations *)&afu_fops;
>> name = kasprintf(GFP_KERNEL, "cxl:%d", ctx->pe);
>> + if (!name) {
>> + put_unused_fd(fdtmp);
>> + return ERR_PTR(-ENOMEM);
>> + }
>
>
> That works, but you might as well follow the existing error path:
>
> name = kasprintf(GFP_KERNEL, "cxl:%d", ctx->pe);
> if (!name)
> goto err_fd;
>
> Fred
>
>
>> file = cxl_getfile(name, fops, ctx, flags);
>> kfree(name);
>> if (IS_ERR(file))
diff --git a/drivers/misc/cxl/api.c b/drivers/misc/cxl/api.c index d85c56530863..bfd7ccd4d7e1 100644 --- a/drivers/misc/cxl/api.c +++ b/drivers/misc/cxl/api.c @@ -419,6 +419,10 @@ struct file *cxl_get_fd(struct cxl_context *ctx, struct file_operations *fops, fops = (struct file_operations *)&afu_fops; name = kasprintf(GFP_KERNEL, "cxl:%d", ctx->pe); + if (!name) { + put_unused_fd(fdtmp); + return ERR_PTR(-ENOMEM); + } file = cxl_getfile(name, fops, ctx, flags); kfree(name); if (IS_ERR(file))