From patchwork Fri Jan 12 05:49:03 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kunwu Chan X-Patchwork-Id: 187576 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7300:2411:b0:101:2151:f287 with SMTP id m17csp1925277dyi; Thu, 11 Jan 2024 21:49:55 -0800 (PST) X-Google-Smtp-Source: AGHT+IHLMLcTMLpSedtuWjj5gLIXPonA88bGtdDe1WK7IljrEizwHvH+KEgiUW+Ie6rFai3JXg5M X-Received: by 2002:a05:620a:f92:b0:783:2a1b:7d59 with SMTP id b18-20020a05620a0f9200b007832a1b7d59mr816393qkn.124.1705038594820; Thu, 11 Jan 2024 21:49:54 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1705038594; cv=none; d=google.com; s=arc-20160816; b=Muit4jjB95zWg8fe0Y/glCabt9wdNYGFeWl4koWgkOhnugsoPfv5ACT86jx4VuxHgv EwSFw/dHCfnIlJhyIf3cZRJ6UEqcFBbdovst2CXg5v43v5eGAfKcdFpw1C4QiiRfKbNJ DAcZFpPG2YUtXO+7/EOY93KpGcLXEWPX6K4OkcQH2Iaujya5xWI+Y0AVmNbQolNvvEI9 aiXbb2fWa/wWdjoo2v9MtoCFKMKF3pxB9Bcn3XbynEOO2Ulv4bYJCeklucZKVdPYT9O7 wSyAXH5EmRuzedtNKJdyEgEPUQ1RWtz7LpTvNAt74IeqgrPZhH0016MRzurtS+QjBcR1 pazA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:message-id:date:subject:cc:to :from; bh=ZF7NDdmrb11wh/dtKJA4szVe/diJhLTaZ3kzo/SYrFw=; fh=OvsyJxMSbSLiIelwZ2q27h0be1KxztSX8+7h2/wAfb4=; b=fY0hPezpvZHiRBZqa2bCxrIxVGu5JHqxR/E/1pF8Ytql5zzkxvOdui9bw1D7FJKUOp m4EWCHMdMEkapceeXaDee1k3DnyQXlZvcnKzqbxTOMfzaislzQ3fBHq6wMlgsT2REbDL O5f/+6mKEheXOQyzW9KHPHAE5r9ijM0hvcHvi4h+47Wf2Jyk/gSf9iVCKfZPWYE3Zxpm 7YttlLtWq/Gw3QvIAyXAL7F835NLI/8EGhHTOeafB/E3TiQyDJpQmB2xwwdG3tCwl/pj j6xUP0R1m32AXa8BLSkGKtlWRyLF3SK6n8H7H1+/n/lX50rcs3Bsp+5rp6qGOp6B8uwz Z63A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel+bounces-24324-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-24324-ouuuleilei=gmail.com@vger.kernel.org" Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id a8-20020a05620a102800b0078336cfb124si2347733qkk.665.2024.01.11.21.49.54 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 11 Jan 2024 21:49:54 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-24324-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel+bounces-24324-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-24324-ouuuleilei=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 999BB1C24C21 for ; Fri, 12 Jan 2024 05:49:54 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 01C425C8EC; Fri, 12 Jan 2024 05:49:43 +0000 (UTC) Received: from mailgw.kylinos.cn (mailgw.kylinos.cn [124.126.103.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D634CF4F7 for ; Fri, 12 Jan 2024 05:49:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=kylinos.cn Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=kylinos.cn X-UUID: 42fd11a048c0454598ed9c6f7886c2d0-20240112 X-CID-P-RULE: Release_Ham X-CID-O-INFO: VERSION:1.1.35,REQID:f4e44b7c-1c19-4d19-85ee-fa66e4fada47,IP:10, URL:0,TC:0,Content:0,EDM:25,RT:0,SF:-15,FILE:0,BULK:0,RULE:Release_Ham,ACT ION:release,TS:20 X-CID-INFO: VERSION:1.1.35,REQID:f4e44b7c-1c19-4d19-85ee-fa66e4fada47,IP:10,UR L:0,TC:0,Content:0,EDM:25,RT:0,SF:-15,FILE:0,BULK:0,RULE:Release_Ham,ACTIO N:release,TS:20 X-CID-META: VersionHash:5d391d7,CLOUDID:9838162f-1ab8-4133-9780-81938111c800,B ulkID:240112134931J0V78QH9,BulkQuantity:0,Recheck:0,SF:38|24|17|19|44|66|1 02,TC:nil,Content:0,EDM:5,IP:-2,URL:0,File:nil,Bulk:nil,QS:nil,BEC:nil,COL :0,OSI:0,OSA:0,AV:0,LES:1,SPR:NO,DKR:0,DKP:0,BRR:0,BRE:0 X-CID-BVR: 0 X-CID-BAS: 0,_,0,_ X-CID-FACTOR: TF_CID_SPAM_FAS,TF_CID_SPAM_FSD,TF_CID_SPAM_FSI,TF_CID_SPAM_SNR X-UUID: 42fd11a048c0454598ed9c6f7886c2d0-20240112 X-User: chentao@kylinos.cn Received: from kernel.. [(116.128.244.171)] by mailgw (envelope-from ) (Generic MTA with TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 256/256) with ESMTP id 1899038784; Fri, 12 Jan 2024 13:49:30 +0800 From: Kunwu Chan To: fbarrat@linux.ibm.com, ajd@linux.ibm.com, arnd@arndb.de, mpe@ellerman.id.au, mrochs@linux.vnet.ibm.com Cc: linuxppc-dev@lists.ozlabs.org, linux-kernel@vger.kernel.org, Kunwu Chan , Kunwu Chan Subject: [PATCH v2] cxl: Fix null pointer dereference in cxl_get_fd Date: Fri, 12 Jan 2024 13:49:03 +0800 Message-Id: <20240112054903.133145-1-chentao@kylinos.cn> X-Mailer: git-send-email 2.39.2 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1787862549817174610 X-GMAIL-MSGID: 1787862549817174610 kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. Uniformly handle resource release in error paths. And when an error occurs, an error pointer should be returned. Fixes: bdecf76e319a ("cxl: Fix coredump generation when cxl_get_fd() is used") Signed-off-by: Kunwu Chan Cc: Kunwu Chan Suggested-by: Frederic Barrat Reviewed-by: Andrew Donnellan Acked-by: Frederic Barrat --- v2: Deal with error path --- drivers/misc/cxl/api.c | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/drivers/misc/cxl/api.c b/drivers/misc/cxl/api.c index d85c56530863..b49bc3d29fc0 100644 --- a/drivers/misc/cxl/api.c +++ b/drivers/misc/cxl/api.c @@ -389,19 +389,22 @@ struct file *cxl_get_fd(struct cxl_context *ctx, struct file_operations *fops, int *fd) { struct file *file; - int rc, flags, fdtmp; + int rc = 0, flags, fdtmp; char *name = NULL; /* only allow one per context */ - if (ctx->mapping) - return ERR_PTR(-EEXIST); + if (ctx->mapping) { + rc = -EEXIST; + goto err; + } flags = O_RDWR | O_CLOEXEC; /* This code is similar to anon_inode_getfd() */ rc = get_unused_fd_flags(flags); if (rc < 0) - return ERR_PTR(rc); + goto err; + fdtmp = rc; /* @@ -419,6 +422,10 @@ struct file *cxl_get_fd(struct cxl_context *ctx, struct file_operations *fops, fops = (struct file_operations *)&afu_fops; name = kasprintf(GFP_KERNEL, "cxl:%d", ctx->pe); + if (!name) { + rc = -ENOMEM; + goto err_fd; + } file = cxl_getfile(name, fops, ctx, flags); kfree(name); if (IS_ERR(file)) @@ -430,6 +437,9 @@ struct file *cxl_get_fd(struct cxl_context *ctx, struct file_operations *fops, err_fd: put_unused_fd(fdtmp); +err: + if (rc < 0) + return ERR_PTR(rc); return NULL; } EXPORT_SYMBOL_GPL(cxl_get_fd);