devm_kasprintf() may return NULL on failure of internal allocation
thus the assignment to name is not safe if unchecked. if NULL
is passed in for name then perf_pmu_register() would not fail
but rather silently jump to skip_type which is not the intent
here. As perf_pmu_register() may also return -ENOMEM returning
-ENOMEM in the (unlikely) failure case of devm_kasprintf() should
be fine here as well.
Signed-off-by: Nicholas Mc Guire <[email protected]>
Fixes: d5d9696b0380 ("drivers/perf: Add support for ARMv8.2 Statistical Profiling Extension")
---
Problem located with an experimental coccinelle script
The dev_err() might seem a bit much for this unlikely error but as
perf_pmu_register() may also return -ENOMEM it would be hard to figure
out what went wrong without this message.
Patch was compile tested with: defconfig (ARCH=arm64) +
ARM_SPE_PMU=y
Patch is against 4.20-rc3 (localversion-next is next-20181128)
drivers/perf/arm_spe_pmu.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/perf/arm_spe_pmu.c b/drivers/perf/arm_spe_pmu.c
index 54ec278..f1ea00c 100644
--- a/drivers/perf/arm_spe_pmu.c
+++ b/drivers/perf/arm_spe_pmu.c
@@ -927,6 +927,11 @@ static int arm_spe_pmu_perf_init(struct arm_spe_pmu *spe_pmu)
idx = atomic_inc_return(&pmu_idx);
name = devm_kasprintf(dev, GFP_KERNEL, "%s_%d", PMUNAME, idx);
+ if (!name) {
+ dev_err(dev, "Allocation of name failed\n");
+ return -ENOMEM;
+ }
+
return perf_pmu_register(&spe_pmu->pmu, name, -1);
}
--
2.1.4
On Wed, Nov 28, 2018 at 12:24:47PM +0100, Nicholas Mc Guire wrote:
> devm_kasprintf() may return NULL on failure of internal allocation
> thus the assignment to name is not safe if unchecked. if NULL
> is passed in for name then perf_pmu_register() would not fail
> but rather silently jump to skip_type which is not the intent
> here. As perf_pmu_register() may also return -ENOMEM returning
> -ENOMEM in the (unlikely) failure case of devm_kasprintf() should
> be fine here as well.
>
> Signed-off-by: Nicholas Mc Guire <[email protected]>
> Fixes: d5d9696b0380 ("drivers/perf: Add support for ARMv8.2 Statistical Profiling Extension")
> ---
>
> Problem located with an experimental coccinelle script
>
> The dev_err() might seem a bit much for this unlikely error but as
> perf_pmu_register() may also return -ENOMEM it would be hard to figure
> out what went wrong without this message.
>
> Patch was compile tested with: defconfig (ARCH=arm64) +
> ARM_SPE_PMU=y
>
> Patch is against 4.20-rc3 (localversion-next is next-20181128)
>
> drivers/perf/arm_spe_pmu.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/drivers/perf/arm_spe_pmu.c b/drivers/perf/arm_spe_pmu.c
> index 54ec278..f1ea00c 100644
> --- a/drivers/perf/arm_spe_pmu.c
> +++ b/drivers/perf/arm_spe_pmu.c
> @@ -927,6 +927,11 @@ static int arm_spe_pmu_perf_init(struct arm_spe_pmu *spe_pmu)
>
> idx = atomic_inc_return(&pmu_idx);
> name = devm_kasprintf(dev, GFP_KERNEL, "%s_%d", PMUNAME, idx);
> + if (!name) {
> + dev_err(dev, "Allocation of name failed\n");
> + return -ENOMEM;
> + }
In the other dev_err() messages, we use the form "failed to ...", e.g.
"failed to get IRQ (%d)\n"
"failed to get PPI partition (%d)\n
"failed to allocate spe_pmu\n"
... so for consistency could you please change the string to:
"failed to allocate spe_pmu name\n"
With that, feel free to add:
Acked-by: Mark Rutland <[email protected]>
Mark.
On Thu, Nov 29, 2018 at 12:14:32PM +0000, Mark Rutland wrote:
> On Wed, Nov 28, 2018 at 12:24:47PM +0100, Nicholas Mc Guire wrote:
> > diff --git a/drivers/perf/arm_spe_pmu.c b/drivers/perf/arm_spe_pmu.c
> > index 54ec278..f1ea00c 100644
> > --- a/drivers/perf/arm_spe_pmu.c
> > +++ b/drivers/perf/arm_spe_pmu.c
> > @@ -927,6 +927,11 @@ static int arm_spe_pmu_perf_init(struct arm_spe_pmu *spe_pmu)
> >
> > idx = atomic_inc_return(&pmu_idx);
> > name = devm_kasprintf(dev, GFP_KERNEL, "%s_%d", PMUNAME, idx);
> > + if (!name) {
> > + dev_err(dev, "Allocation of name failed\n");
> > + return -ENOMEM;
> > + }
>
> In the other dev_err() messages, we use the form "failed to ...", e.g.
>
> "failed to get IRQ (%d)\n"
> "failed to get PPI partition (%d)\n
> "failed to allocate spe_pmu\n"
>
> ... so for consistency could you please change the string to:
>
> "failed to allocate spe_pmu name\n"
>
> With that, feel free to add:
>
> Acked-by: Mark Rutland <[email protected]>
Thanks, I've queued this for 4.21 with a tweaked error message.
Will