2016-12-04 06:29:40

by Pan Bian

[permalink] [raw]
Subject: [PATCH 1/1] net: ethernet: broadcom: fix improper return value

From: Pan Bian <[email protected]>

Marco BNX2X_ALLOC_AND_SET(arr, lbl, func) calls kmalloc() to allocate
memory, and jumps to label "lbl" if the allocation fails. Label "lbl"
first cleans memory and then returns variable rc. Before calling the
macro, the value of variable rc is 0. Because 0 means no error, the
callers of bnx2x_init_firmware() may be misled. This patch fixes the bug,
assigning "-ENOMEM" to rc before calling macro NX2X_ALLOC_AND_SET().

Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=189141

Signed-off-by: Pan Bian <[email protected]>
---
drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 1 +
1 file changed, 1 insertion(+)

diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c
index 0cee4c0..6f9fc20 100644
--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c
+++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c
@@ -13505,6 +13505,7 @@ static int bnx2x_init_firmware(struct bnx2x *bp)

/* Initialize the pointers to the init arrays */
/* Blob */
+ rc = -ENOMEM;
BNX2X_ALLOC_AND_SET(init_data, request_firmware_exit, be32_to_cpu_n);

/* Opcodes */
--
1.9.1



2016-12-04 11:33:16

by Kalderon, Michal

[permalink] [raw]
Subject: RE: [PATCH 1/1] net: ethernet: broadcom: fix improper return value

> From: Pan Bian <[email protected]>
>
> Marco BNX2X_ALLOC_AND_SET(arr, lbl, func) calls kmalloc() to allocate
> memory, and jumps to label "lbl" if the allocation fails. Label "lbl"
> first cleans memory and then returns variable rc. Before calling the macro, the
> value of variable rc is 0. Because 0 means no error, the callers of
> bnx2x_init_firmware() may be misled. This patch fixes the bug, assigning "-
> ENOMEM" to rc before calling macro NX2X_ALLOC_AND_SET().
>
> Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=189141
>
> Signed-off-by: Pan Bian <[email protected]>

The title is wrong from net-next; It should have been "bnx2x: Fix improper return value".

Acked-by: Michal Kalderon <[email protected]>

2016-12-05 19:59:30

by David Miller

[permalink] [raw]
Subject: Re: [PATCH 1/1] net: ethernet: broadcom: fix improper return value

From: Pan Bian <[email protected]>
Date: Sun, 4 Dec 2016 14:29:29 +0800

> From: Pan Bian <[email protected]>
>
> Marco BNX2X_ALLOC_AND_SET(arr, lbl, func) calls kmalloc() to allocate
> memory, and jumps to label "lbl" if the allocation fails. Label "lbl"
> first cleans memory and then returns variable rc. Before calling the
> macro, the value of variable rc is 0. Because 0 means no error, the
> callers of bnx2x_init_firmware() may be misled. This patch fixes the bug,
> assigning "-ENOMEM" to rc before calling macro NX2X_ALLOC_AND_SET().
>
> Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=189141
>
> Signed-off-by: Pan Bian <[email protected]>

Applied, but...

> @@ -13505,6 +13505,7 @@ static int bnx2x_init_firmware(struct bnx2x *bp)
>
> /* Initialize the pointers to the init arrays */
> /* Blob */
> + rc = -ENOMEM;
> BNX2X_ALLOC_AND_SET(init_data, request_firmware_exit, be32_to_cpu_n);
>
> /* Opcodes */

These kinds of macros which internally change control flow should always
be avoided.