uuid in add_switch is allocted via kmemdup which can fail. The patch
logs the error and cleans up the allocated memory for switch.
Signed-off-by: Aditya Pakki <[email protected]>
---
v2: replace WARN_ONCE with tb_sw_warn, as suggested by Mika
v1: Change warn_once to return after clean up.
---
drivers/thunderbolt/icm.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/thunderbolt/icm.c b/drivers/thunderbolt/icm.c
index e3fc920af682..8b7f9131e9d1 100644
--- a/drivers/thunderbolt/icm.c
+++ b/drivers/thunderbolt/icm.c
@@ -473,6 +473,11 @@ static void add_switch(struct tb_switch *parent_sw, u64 route,
goto out;
sw->uuid = kmemdup(uuid, sizeof(*uuid), GFP_KERNEL);
+ if (!sw->uuid) {
+ tb_sw_warn(sw, "cannot allocate memory for switch\n");
+ tb_switch_put(sw);
+ goto out;
+ }
sw->connection_id = connection_id;
sw->connection_key = connection_key;
sw->link = link;
--
2.17.1
On 3/26/2019 2:55 AM, Aditya Pakki wrote:
> uuid in add_switch is allocted via kmemdup which can fail. The patch
> logs the error and cleans up the allocated memory for switch.
>
> Signed-off-by: Aditya Pakki <[email protected]>
Reviewed-by: Mukesh Ojha <[email protected]>
-Mukesh
>
> ---
> v2: replace WARN_ONCE with tb_sw_warn, as suggested by Mika
> v1: Change warn_once to return after clean up.
> ---
> drivers/thunderbolt/icm.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/drivers/thunderbolt/icm.c b/drivers/thunderbolt/icm.c
> index e3fc920af682..8b7f9131e9d1 100644
> --- a/drivers/thunderbolt/icm.c
> +++ b/drivers/thunderbolt/icm.c
> @@ -473,6 +473,11 @@ static void add_switch(struct tb_switch *parent_sw, u64 route,
> goto out;
>
> sw->uuid = kmemdup(uuid, sizeof(*uuid), GFP_KERNEL);
> + if (!sw->uuid) {
> + tb_sw_warn(sw, "cannot allocate memory for switch\n");
> + tb_switch_put(sw);
> + goto out;
> + }
> sw->connection_id = connection_id;
> sw->connection_key = connection_key;
> sw->link = link;
On Mon, Mar 25, 2019 at 04:25:22PM -0500, Aditya Pakki wrote:
> uuid in add_switch is allocted via kmemdup which can fail. The patch
> logs the error and cleans up the allocated memory for switch.
>
> Signed-off-by: Aditya Pakki <[email protected]>
Applied, thanks!
> uuid in add_switch is allocted via kmemdup which can fail.
I have tried another script for the semantic patch language out.
This source code analysis approach points out that the implementation
of the function “icm_handle_event” contains still an unchecked call
of the function “kmemdup”.
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/thunderbolt/icm.c?id=3cdb9446a117d5d63af823bde6fe6babc312e77b#n1627
https://elixir.bootlin.com/linux/v5.4-rc2/source/drivers/thunderbolt/icm.c#L1627
How do you think about to improve it?
Regards,
Markus
On Fri, Oct 11, 2019 at 03:00:13PM +0200, Markus Elfring wrote:
> > uuid in add_switch is allocted via kmemdup which can fail.
>
> I have tried another script for the semantic patch language out.
> This source code analysis approach points out that the implementation
> of the function “icm_handle_event” contains still an unchecked call
> of the function “kmemdup”.
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/thunderbolt/icm.c?id=3cdb9446a117d5d63af823bde6fe6babc312e77b#n1627
> https://elixir.bootlin.com/linux/v5.4-rc2/source/drivers/thunderbolt/icm.c#L1627
Right it misses that.
> How do you think about to improve it?
Feel free to send a patch fixing it ;-) Or I can do that myself.
>> This source code analysis approach points out that the implementation
>> of the function “icm_handle_event” contains still an unchecked call
>> of the function “kmemdup”.
>> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/thunderbolt/icm.c?id=3cdb9446a117d5d63af823bde6fe6babc312e77b#n1627
>> https://elixir.bootlin.com/linux/v5.4-rc2/source/drivers/thunderbolt/icm.c#L1627
>
> Right it misses that.
Thanks for your quick feedback.
> Feel free to send a patch fixing it ;-) Or I can do that myself.
Would you like to reconsider also the addition of the function call
“tb_sw_warn(sw, "cannot allocate memory for switch\n")”?
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/process/coding-style.rst?id=9e208aa06c2109b45eec6be049a8e47034748c20#n878
Regards,
Markus
On Fri, Oct 11, 2019 at 04:13:22PM +0200, Markus Elfring wrote:
> Would you like to reconsider also the addition of the function call
> “tb_sw_warn(sw, "cannot allocate memory for switch\n")”?
For that I already have a patch as part of my USB4 support v2 series.