kmemdup can fail and return a NULL pointer. The patch modifies the
signature of tb_xdp_schedule_request and passes the failure error upstream.
Signed-off-by: Aditya Pakki <[email protected]>
---
drivers/thunderbolt/xdomain.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/drivers/thunderbolt/xdomain.c b/drivers/thunderbolt/xdomain.c
index e27dd8beb94b..b0e9cc30d708 100644
--- a/drivers/thunderbolt/xdomain.c
+++ b/drivers/thunderbolt/xdomain.c
@@ -526,7 +526,7 @@ static void tb_xdp_handle_request(struct work_struct *work)
kfree(xw);
}
-static void
+static bool
tb_xdp_schedule_request(struct tb *tb, const struct tb_xdp_header *hdr,
size_t size)
{
@@ -534,13 +534,16 @@ tb_xdp_schedule_request(struct tb *tb, const struct tb_xdp_header *hdr,
xw = kmalloc(sizeof(*xw), GFP_KERNEL);
if (!xw)
- return;
+ return false;
INIT_WORK(&xw->work, tb_xdp_handle_request);
xw->pkg = kmemdup(hdr, size, GFP_KERNEL);
+ if (!xw->pkg)
+ return false;
xw->tb = tb;
queue_work(tb->wq, &xw->work);
+ return true;
}
/**
@@ -1417,8 +1420,7 @@ bool tb_xdomain_handle_request(struct tb *tb, enum tb_cfg_pkg_type type,
*/
if (uuid_equal(&hdr->uuid, &tb_xdp_uuid)) {
if (type == TB_CFG_PKG_XDOMAIN_REQ) {
- tb_xdp_schedule_request(tb, hdr, size);
- return true;
+ return tb_xdp_schedule_request(tb, hdr, size);
}
return false;
}
--
2.17.1
On Mon, Mar 18, 2019 at 05:55:08PM -0500, Aditya Pakki wrote:
> @@ -1417,8 +1420,7 @@ bool tb_xdomain_handle_request(struct tb *tb, enum tb_cfg_pkg_type type,
> */
> if (uuid_equal(&hdr->uuid, &tb_xdp_uuid)) {
> if (type == TB_CFG_PKG_XDOMAIN_REQ) {
> - tb_xdp_schedule_request(tb, hdr, size);
> - return true;
> + return tb_xdp_schedule_request(tb, hdr, size);
Please remove parens as well that there is only a single statement
following the if-block.
Otherwise looks fine.
From: Aditya Pakki
> Sent: 18 March 2019 22:55
>
> kmemdup can fail and return a NULL pointer. The patch modifies the
> signature of tb_xdp_schedule_request and passes the failure error upstream.
>
> Signed-off-by: Aditya Pakki <[email protected]>
> ---
> drivers/thunderbolt/xdomain.c | 10 ++++++----
> 1 file changed, 6 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/thunderbolt/xdomain.c b/drivers/thunderbolt/xdomain.c
> index e27dd8beb94b..b0e9cc30d708 100644
> --- a/drivers/thunderbolt/xdomain.c
> +++ b/drivers/thunderbolt/xdomain.c
> @@ -526,7 +526,7 @@ static void tb_xdp_handle_request(struct work_struct *work)
> kfree(xw);
> }
>
> -static void
> +static bool
> tb_xdp_schedule_request(struct tb *tb, const struct tb_xdp_header *hdr,
> size_t size)
> {
> @@ -534,13 +534,16 @@ tb_xdp_schedule_request(struct tb *tb, const struct tb_xdp_header *hdr,
>
> xw = kmalloc(sizeof(*xw), GFP_KERNEL);
> if (!xw)
> - return;
> + return false;
>
> INIT_WORK(&xw->work, tb_xdp_handle_request);
> xw->pkg = kmemdup(hdr, size, GFP_KERNEL);
> + if (!xw->pkg)
> + return false;
You're leaking 'xw' here.
David
-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)
On 3/20/2019 4:27 PM, David Laight wrote:
> From: Aditya Pakki
>> Sent: 18 March 2019 22:55
>>
>> kmemdup can fail and return a NULL pointer. The patch modifies the
>> signature of tb_xdp_schedule_request and passes the failure error upstream.
>>
>> Signed-off-by: Aditya Pakki <[email protected]>
>> ---
>> drivers/thunderbolt/xdomain.c | 10 ++++++----
>> 1 file changed, 6 insertions(+), 4 deletions(-)
>>
>> diff --git a/drivers/thunderbolt/xdomain.c b/drivers/thunderbolt/xdomain.c
>> index e27dd8beb94b..b0e9cc30d708 100644
>> --- a/drivers/thunderbolt/xdomain.c
>> +++ b/drivers/thunderbolt/xdomain.c
>> @@ -526,7 +526,7 @@ static void tb_xdp_handle_request(struct work_struct *work)
>> kfree(xw);
>> }
>>
>> -static void
>> +static bool
>> tb_xdp_schedule_request(struct tb *tb, const struct tb_xdp_header *hdr,
>> size_t size)
>> {
>> @@ -534,13 +534,16 @@ tb_xdp_schedule_request(struct tb *tb, const struct tb_xdp_header *hdr,
>>
>> xw = kmalloc(sizeof(*xw), GFP_KERNEL);
>> if (!xw)
>> - return;
>> + return false;
>>
>> INIT_WORK(&xw->work, tb_xdp_handle_request);
>> xw->pkg = kmemdup(hdr, size, GFP_KERNEL);
>> + if (!xw->pkg)
>> + return false;
> You're leaking 'xw' here.
Yes , Clean up is missing otherwise patch looks good.
Mukesh
>
> David
>
> -
> Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
> Registration No: 1397386 (Wales)
>