As kzalloc may fail and return NULL pointer,
it should be better to check the return value
in order to avoid the NULL pointer dereference.
Fixes: d6b98c8d242a ("ice: add write functionality for GNSS TTY")
Signed-off-by: Jiasheng Jiang <[email protected]>
---
drivers/net/ethernet/intel/ice/ice_gnss.c | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/intel/ice/ice_gnss.c b/drivers/net/ethernet/intel/ice/ice_gnss.c
index b5a7f246d230..6d3d5e75726b 100644
--- a/drivers/net/ethernet/intel/ice/ice_gnss.c
+++ b/drivers/net/ethernet/intel/ice/ice_gnss.c
@@ -421,7 +421,7 @@ static struct tty_driver *ice_gnss_create_tty_driver(struct ice_pf *pf)
const int ICE_TTYDRV_NAME_MAX = 14;
struct tty_driver *tty_driver;
char *ttydrv_name;
- unsigned int i;
+ unsigned int i, j;
int err;
tty_driver = tty_alloc_driver(ICE_GNSS_TTY_MINOR_DEVICES,
@@ -462,6 +462,17 @@ static struct tty_driver *ice_gnss_create_tty_driver(struct ice_pf *pf)
GFP_KERNEL);
pf->gnss_serial[i] = NULL;
+ if (!pf->gnss_tty_port[i]) {
+ for (j = 0; j < i; j++) {
+ tty_port_destroy(pf->gnss_tty_port[j]);
+ kfree(pf->gnss_tty_port[j]);
+ }
+ kfree(ttydrv_name);
+ tty_driver_kref_put(pf->ice_gnss_tty_driver);
+
+ return NULL;
+ }
+
tty_port_init(pf->gnss_tty_port[i]);
tty_port_link_device(pf->gnss_tty_port[i], tty_driver, i);
}
--
2.25.1
On Tue, Dec 06, 2022 at 11:08:05AM +0800, Jiasheng Jiang wrote:
> As kzalloc may fail and return NULL pointer,
> it should be better to check the return value
> in order to avoid the NULL pointer dereference.
>
> Fixes: d6b98c8d242a ("ice: add write functionality for GNSS TTY")
> Signed-off-by: Jiasheng Jiang <[email protected]>
> ---
> drivers/net/ethernet/intel/ice/ice_gnss.c | 13 ++++++++++++-
> 1 file changed, 12 insertions(+), 1 deletion(-)
The idea is correct, but please change an implementation to use goto
and proper unwind for whole function. It will remove duplication in the
code which handles tty_port destroys.
Thanks
>
> diff --git a/drivers/net/ethernet/intel/ice/ice_gnss.c b/drivers/net/ethernet/intel/ice/ice_gnss.c
> index b5a7f246d230..6d3d5e75726b 100644
> --- a/drivers/net/ethernet/intel/ice/ice_gnss.c
> +++ b/drivers/net/ethernet/intel/ice/ice_gnss.c
> @@ -421,7 +421,7 @@ static struct tty_driver *ice_gnss_create_tty_driver(struct ice_pf *pf)
> const int ICE_TTYDRV_NAME_MAX = 14;
> struct tty_driver *tty_driver;
> char *ttydrv_name;
> - unsigned int i;
> + unsigned int i, j;
> int err;
>
> tty_driver = tty_alloc_driver(ICE_GNSS_TTY_MINOR_DEVICES,
> @@ -462,6 +462,17 @@ static struct tty_driver *ice_gnss_create_tty_driver(struct ice_pf *pf)
> GFP_KERNEL);
> pf->gnss_serial[i] = NULL;
>
> + if (!pf->gnss_tty_port[i]) {
> + for (j = 0; j < i; j++) {
> + tty_port_destroy(pf->gnss_tty_port[j]);
> + kfree(pf->gnss_tty_port[j]);
> + }
> + kfree(ttydrv_name);
> + tty_driver_kref_put(pf->ice_gnss_tty_driver);
> +
> + return NULL;
> + }
> +
> tty_port_init(pf->gnss_tty_port[i]);
> tty_port_link_device(pf->gnss_tty_port[i], tty_driver, i);
> }
> --
> 2.25.1
>
Tue, Dec 06, 2022 at 04:08:05AM CET, [email protected] wrote:
>As kzalloc may fail and return NULL pointer,
>it should be better to check the return value
>in order to avoid the NULL pointer dereference.
Okay, so? Be imperative to the code base, tell it what to do in your
patch description.
>
>Fixes: d6b98c8d242a ("ice: add write functionality for GNSS TTY")
>Signed-off-by: Jiasheng Jiang <[email protected]>
>---
> drivers/net/ethernet/intel/ice/ice_gnss.c | 13 ++++++++++++-
> 1 file changed, 12 insertions(+), 1 deletion(-)
>
>diff --git a/drivers/net/ethernet/intel/ice/ice_gnss.c b/drivers/net/ethernet/intel/ice/ice_gnss.c
>index b5a7f246d230..6d3d5e75726b 100644
>--- a/drivers/net/ethernet/intel/ice/ice_gnss.c
>+++ b/drivers/net/ethernet/intel/ice/ice_gnss.c
>@@ -421,7 +421,7 @@ static struct tty_driver *ice_gnss_create_tty_driver(struct ice_pf *pf)
> const int ICE_TTYDRV_NAME_MAX = 14;
> struct tty_driver *tty_driver;
> char *ttydrv_name;
>- unsigned int i;
>+ unsigned int i, j;
> int err;
>
> tty_driver = tty_alloc_driver(ICE_GNSS_TTY_MINOR_DEVICES,
>@@ -462,6 +462,17 @@ static struct tty_driver *ice_gnss_create_tty_driver(struct ice_pf *pf)
> GFP_KERNEL);
> pf->gnss_serial[i] = NULL;
>
>+ if (!pf->gnss_tty_port[i]) {
>+ for (j = 0; j < i; j++) {
>+ tty_port_destroy(pf->gnss_tty_port[j]);
You are destroying port which you didn't call (pf->gnss_tty_port[i])
for. Also, you are introducing a code duplication here with the error
path couple of lines below. Please convert this to goto-label error
path so the cleanup code is shared.
>+ kfree(pf->gnss_tty_port[j]);
>+ }
>+ kfree(ttydrv_name);
>+ tty_driver_kref_put(pf->ice_gnss_tty_driver);
>+
>+ return NULL;
>+ }
>+
> tty_port_init(pf->gnss_tty_port[i]);
> tty_port_link_device(pf->gnss_tty_port[i], tty_driver, i);
> }
>--
>2.25.1
>
On Tue, Dec 06, 2022 at 05:47:01PM +0800, Jiri Pirko wrote:
>>As kzalloc may fail and return NULL pointer,
>>it should be better to check the return value
>>in order to avoid the NULL pointer dereference.
>
> Okay, so? Be imperative to the code base, tell it what to do in your
> patch description.
OK, I will describe the changes by the patch in more details.
>>@@ -462,6 +462,17 @@ static struct tty_driver *ice_gnss_create_tty_driver(struct ice_pf *pf)
>> GFP_KERNEL);
>> pf->gnss_serial[i] = NULL;
>>
>>+ if (!pf->gnss_tty_port[i]) {
>>+ for (j = 0; j < i; j++) {
>>+ tty_port_destroy(pf->gnss_tty_port[j]);
>
> You are destroying port which you didn't call (pf->gnss_tty_port[i])
> for. Also, you are introducing a code duplication here with the error
> path couple of lines below. Please convert this to goto-label error
> path so the cleanup code is shared.
I will convert this to goto-label in v2.
But I have a question that the j is from 0 to (i - 1), and therefore only
the initialized port will be destroyed.
Is there any wrong?
Thanks,
Jiang
Wed, Dec 07, 2022 at 03:20:00AM CET, [email protected] wrote:
>On Tue, Dec 06, 2022 at 05:47:01PM +0800, Jiri Pirko wrote:
>>>As kzalloc may fail and return NULL pointer,
>>>it should be better to check the return value
>>>in order to avoid the NULL pointer dereference.
>>
>> Okay, so? Be imperative to the code base, tell it what to do in your
>> patch description.
>
>OK, I will describe the changes by the patch in more details.
It is not about details, it is about "imperative mood".
>
>>>@@ -462,6 +462,17 @@ static struct tty_driver *ice_gnss_create_tty_driver(struct ice_pf *pf)
>>> GFP_KERNEL);
>>> pf->gnss_serial[i] = NULL;
>>>
>>>+ if (!pf->gnss_tty_port[i]) {
>>>+ for (j = 0; j < i; j++) {
>>>+ tty_port_destroy(pf->gnss_tty_port[j]);
>>
>> You are destroying port which you didn't call (pf->gnss_tty_port[i])
>> for. Also, you are introducing a code duplication here with the error
>> path couple of lines below. Please convert this to goto-label error
>> path so the cleanup code is shared.
>
>I will convert this to goto-label in v2.
>But I have a question that the j is from 0 to (i - 1), and therefore only
>the initialized port will be destroyed.
>Is there any wrong?
You are right.
>
>Thanks,
>Jiang
>