2006-10-10 20:46:37

by Florin Malita

[permalink] [raw]
Subject: [PATCH] airo.c: check returned values

create_proc_entry() can fail and return NULL in setup_proc_entry(), the
result must be checked before dereferencing. (Coverity ID 1443)

init_wifidev() & setup_proc_entry() can also fail in _init_airo_card().

This adds the checks & cleanup code and removes some whitespace.

Signed-off-by: Florin Malita <[email protected]>
---

airo.c | 98 +++++++++++++++++++++++++++++++++++++++++++++++------------------
1 file changed, 72 insertions(+), 26 deletions(-)

diff --git a/drivers/net/wireless/airo.c b/drivers/net/wireless/airo.c
index 0a33c8a..9d5427a 100644
--- a/drivers/net/wireless/airo.c
+++ b/drivers/net/wireless/airo.c
@@ -2897,6 +2897,8 @@ static struct net_device *_init_airo_car
goto err_out_map;
}
ai->wifidev = init_wifidev(ai, dev);
+ if (!ai->wifidev)
+ goto err_out_reg;

set_bit(FLAG_REGISTERED,&ai->flags);
airo_print_info(dev->name, "MAC enabled %x:%x:%x:%x:%x:%x",
@@ -2908,11 +2910,18 @@ static struct net_device *_init_airo_car
for( i = 0; i < MAX_FIDS; i++ )
ai->fids[i] = transmit_allocate(ai,AIRO_DEF_MTU,i>=MAX_FIDS/2);

- setup_proc_entry( dev, dev->priv ); /* XXX check for failure */
+ if (setup_proc_entry(dev, dev->priv) < 0)
+ goto err_out_wifi;
+
netif_start_queue(dev);
SET_MODULE_OWNER(dev);
return dev;

+err_out_wifi:
+ unregister_netdev(ai->wifidev);
+ free_netdev(ai->wifidev);
+err_out_reg:
+ unregister_netdev(dev);
err_out_map:
if (test_bit(FLAG_MPI,&ai->flags) && pci) {
pci_free_consistent(pci, PCI_SHARED_LEN, ai->shared, ai->shared_dma);
@@ -4495,91 +4504,128 @@ static int setup_proc_entry( struct net_
apriv->proc_entry = create_proc_entry(apriv->proc_name,
S_IFDIR|airo_perm,
airo_entry);
- apriv->proc_entry->uid = proc_uid;
- apriv->proc_entry->gid = proc_gid;
- apriv->proc_entry->owner = THIS_MODULE;
+ if (!apriv->proc_entry)
+ goto fail;
+ apriv->proc_entry->uid = proc_uid;
+ apriv->proc_entry->gid = proc_gid;
+ apriv->proc_entry->owner = THIS_MODULE;

/* Setup the StatsDelta */
entry = create_proc_entry("StatsDelta",
S_IFREG | (S_IRUGO&proc_perm),
apriv->proc_entry);
- entry->uid = proc_uid;
- entry->gid = proc_gid;
+ if (!entry)
+ goto fail_stats_delta;
+ entry->uid = proc_uid;
+ entry->gid = proc_gid;
entry->data = dev;
- entry->owner = THIS_MODULE;
+ entry->owner = THIS_MODULE;
SETPROC_OPS(entry, proc_statsdelta_ops);

/* Setup the Stats */
entry = create_proc_entry("Stats",
S_IFREG | (S_IRUGO&proc_perm),
apriv->proc_entry);
- entry->uid = proc_uid;
- entry->gid = proc_gid;
+ if (!entry)
+ goto fail_stats;
+ entry->uid = proc_uid;
+ entry->gid = proc_gid;
entry->data = dev;
- entry->owner = THIS_MODULE;
+ entry->owner = THIS_MODULE;
SETPROC_OPS(entry, proc_stats_ops);

/* Setup the Status */
entry = create_proc_entry("Status",
S_IFREG | (S_IRUGO&proc_perm),
apriv->proc_entry);
- entry->uid = proc_uid;
- entry->gid = proc_gid;
+ if (!entry)
+ goto fail_status;
+ entry->uid = proc_uid;
+ entry->gid = proc_gid;
entry->data = dev;
- entry->owner = THIS_MODULE;
+ entry->owner = THIS_MODULE;
SETPROC_OPS(entry, proc_status_ops);

/* Setup the Config */
entry = create_proc_entry("Config",
S_IFREG | proc_perm,
apriv->proc_entry);
- entry->uid = proc_uid;
- entry->gid = proc_gid;
+ if (!entry)
+ goto fail_config;
+ entry->uid = proc_uid;
+ entry->gid = proc_gid;
entry->data = dev;
- entry->owner = THIS_MODULE;
+ entry->owner = THIS_MODULE;
SETPROC_OPS(entry, proc_config_ops);

/* Setup the SSID */
entry = create_proc_entry("SSID",
S_IFREG | proc_perm,
apriv->proc_entry);
- entry->uid = proc_uid;
- entry->gid = proc_gid;
+ if (!entry)
+ goto fail_ssid;
+ entry->uid = proc_uid;
+ entry->gid = proc_gid;
entry->data = dev;
- entry->owner = THIS_MODULE;
+ entry->owner = THIS_MODULE;
SETPROC_OPS(entry, proc_SSID_ops);

/* Setup the APList */
entry = create_proc_entry("APList",
S_IFREG | proc_perm,
apriv->proc_entry);
- entry->uid = proc_uid;
- entry->gid = proc_gid;
+ if (!entry)
+ goto fail_aplist;
+ entry->uid = proc_uid;
+ entry->gid = proc_gid;
entry->data = dev;
- entry->owner = THIS_MODULE;
+ entry->owner = THIS_MODULE;
SETPROC_OPS(entry, proc_APList_ops);

/* Setup the BSSList */
entry = create_proc_entry("BSSList",
S_IFREG | proc_perm,
apriv->proc_entry);
+ if (!entry)
+ goto fail_bsslist;
entry->uid = proc_uid;
entry->gid = proc_gid;
entry->data = dev;
- entry->owner = THIS_MODULE;
+ entry->owner = THIS_MODULE;
SETPROC_OPS(entry, proc_BSSList_ops);

/* Setup the WepKey */
entry = create_proc_entry("WepKey",
S_IFREG | proc_perm,
apriv->proc_entry);
- entry->uid = proc_uid;
- entry->gid = proc_gid;
+ if (!entry)
+ goto fail_wepkey;
+ entry->uid = proc_uid;
+ entry->gid = proc_gid;
entry->data = dev;
- entry->owner = THIS_MODULE;
+ entry->owner = THIS_MODULE;
SETPROC_OPS(entry, proc_wepkey_ops);

return 0;
+
+fail_wepkey:
+ remove_proc_entry("BSSList", apriv->proc_entry);
+fail_bsslist:
+ remove_proc_entry("APList", apriv->proc_entry);
+fail_aplist:
+ remove_proc_entry("SSID", apriv->proc_entry);
+fail_ssid:
+ remove_proc_entry("Config", apriv->proc_entry);
+fail_config:
+ remove_proc_entry("Status", apriv->proc_entry);
+fail_status:
+ remove_proc_entry("Stats", apriv->proc_entry);
+fail_stats:
+ remove_proc_entry("StatsDelta", apriv->proc_entry);
+fail_stats_delta:
+ remove_proc_entry(apriv->proc_name, airo_entry);
+fail:
+ return -ENOMEM;
}

static int takedown_proc_entry( struct net_device *dev,



2006-11-06 07:57:38

by Jeff Garzik

[permalink] [raw]
Subject: Re: [PATCH] airo.c: check returned values

Florin Malita wrote:
> create_proc_entry() can fail and return NULL in setup_proc_entry(), the
> result must be checked before dereferencing. (Coverity ID 1443)
>
> init_wifidev() & setup_proc_entry() can also fail in _init_airo_card().
>
> This adds the checks & cleanup code and removes some whitespace.
>
> Signed-off-by: Florin Malita <[email protected]>

NAK: create_proc_entry() is complicated. You are correct it can fail
-- but to add to the confusion, when CONFIG_PROC_FS is disabled, the
wrapper will also return NULL -- which is NOT a failure case.

Jeff



2006-11-06 14:30:42

by Florin Malita

[permalink] [raw]
Subject: Re: [PATCH] airo.c: check returned values

Jeff Garzik wrote:
> Florin Malita wrote:
>
>> create_proc_entry() can fail and return NULL in setup_proc_entry(), the
>> result must be checked before dereferencing. (Coverity ID 1443)
>>
>> init_wifidev() & setup_proc_entry() can also fail in _init_airo_card().
>>
>> This adds the checks & cleanup code and removes some whitespace.
>>
>> Signed-off-by: Florin Malita <[email protected]>
>>
>
> NAK: create_proc_entry() is complicated. You are correct it can fail
> -- but to add to the confusion, when CONFIG_PROC_FS is disabled, the
> wrapper will also return NULL -- which is NOT a failure case.
>

It is a failure condition for setup_proc_entry() but you're saying that
shouldn't cause a failure of _init_airo_card() as the driver would be
working fine even without procfs support, right?

Note that previously the no-procfs case was *really* broken (it would
explode right away in setup_proc_entry) and I'm not sure it can function
correctly without it now but I guess it's worth a try.

Which one would be preferred:

a) make the setup_proc_entry() call in _init_airo_card() conditional on
CONFIG_PROC_FS
b) simply ignore the result

---
fm