From: Colin Ian King <[email protected]>
Ensure we don't end up with a null pointer dereferences by checking
for for allocation failures. Allocate by sizeof(*ptr) rather than
the type to fix checkpack warnings. Also merge multiple lines into
one line for the kmalloc call.
Detected by CoverityScan, CID#1422435 ("Dereference null return value")
Signed-off-by: Colin Ian King <[email protected]>
---
drivers/net/ieee802154/ca8210.c | 18 ++++++++++--------
1 file changed, 10 insertions(+), 8 deletions(-)
diff --git a/drivers/net/ieee802154/ca8210.c b/drivers/net/ieee802154/ca8210.c
index 53fa87bfede0..25fd3b04b3c0 100644
--- a/drivers/net/ieee802154/ca8210.c
+++ b/drivers/net/ieee802154/ca8210.c
@@ -634,6 +634,8 @@ static int ca8210_test_int_driver_write(
dev_dbg(&priv->spi->dev, "%#03x\n", buf[i]);
fifo_buffer = kmalloc(len, GFP_KERNEL);
+ if (!fifo_buffer)
+ return -ENOMEM;
memcpy(fifo_buffer, buf, len);
kfifo_in(&test->up_fifo, &fifo_buffer, 4);
wake_up_interruptible(&priv->test.readq);
@@ -759,10 +761,10 @@ static void ca8210_rx_done(struct cas_control *cas_ctl)
&priv->spi->dev,
"Resetting MAC...\n");
- mlme_reset_wpc = kmalloc(
- sizeof(struct work_priv_container),
- GFP_KERNEL
- );
+ mlme_reset_wpc = kmalloc(sizeof(*mlme_reset_wpc),
+ GFP_KERNEL);
+ if (!mlme_reset_wpc)
+ goto finish;
INIT_WORK(
&mlme_reset_wpc->work,
ca8210_mlme_reset_worker
@@ -925,10 +927,10 @@ static int ca8210_spi_transfer(
dev_dbg(&spi->dev, "ca8210_spi_transfer called\n");
- cas_ctl = kmalloc(
- sizeof(struct cas_control),
- GFP_ATOMIC
- );
+ cas_ctl = kmalloc(sizeof(*cas_ctl), GFP_ATOMIC);
+ if (!cas_ctl)
+ return -ENOMEM;
+
cas_ctl->priv = priv;
memset(cas_ctl->tx_buf, SPI_IDLE, CA8210_SPI_BUF_SIZE);
memset(cas_ctl->tx_in_buf, SPI_IDLE, CA8210_SPI_BUF_SIZE);
--
2.11.0
On Wed, 2017-03-29 at 16:54 +0100, Colin King wrote:
> From: Colin Ian King <[email protected]>
>
> Ensure we don't end up with a null pointer dereferences by checking
> for for allocation failures. Allocate by sizeof(*ptr) rather than
> the type to fix checkpack warnings. Also merge multiple lines into
> one line for the kmalloc call.
>
> Detected by CoverityScan, CID#1422435 ("Dereference null return value")
OK, but could you change patch title to be less generic ?
Also, what tree is this patch targeting ?
# ls -l drivers/net/ieee802154/ca8210.c
ls: cannot access drivers/net/ieee802154/ca8210.c: No such file or
directory
Thanks.
Am 29.03.2017 17:54, schrieb Colin King:
> From: Colin Ian King <[email protected]>
>
> Ensure we don't end up with a null pointer dereferences by checking
> for for allocation failures. Allocate by sizeof(*ptr) rather than
> the type to fix checkpack warnings. Also merge multiple lines into
> one line for the kmalloc call.
>
> Detected by CoverityScan, CID#1422435 ("Dereference null return value")
>
> Signed-off-by: Colin Ian King <[email protected]>
> ---
> drivers/net/ieee802154/ca8210.c | 18 ++++++++++--------
> 1 file changed, 10 insertions(+), 8 deletions(-)
>
> diff --git a/drivers/net/ieee802154/ca8210.c b/drivers/net/ieee802154/ca8210.c
> index 53fa87bfede0..25fd3b04b3c0 100644
> --- a/drivers/net/ieee802154/ca8210.c
> +++ b/drivers/net/ieee802154/ca8210.c
> @@ -634,6 +634,8 @@ static int ca8210_test_int_driver_write(
> dev_dbg(&priv->spi->dev, "%#03x\n", buf[i]);
>
> fifo_buffer = kmalloc(len, GFP_KERNEL);
> + if (!fifo_buffer)
> + return -ENOMEM;
> memcpy(fifo_buffer, buf, len);
perhaps kmemdup() ist the way to go ?
by replace kamlloc()+memcpy
re,
wh
> kfifo_in(&test->up_fifo, &fifo_buffer, 4);
> wake_up_interruptible(&priv->test.readq);
> @@ -759,10 +761,10 @@ static void ca8210_rx_done(struct cas_control *cas_ctl)
> &priv->spi->dev,
> "Resetting MAC...\n");
>
> - mlme_reset_wpc = kmalloc(
> - sizeof(struct work_priv_container),
> - GFP_KERNEL
> - );
> + mlme_reset_wpc = kmalloc(sizeof(*mlme_reset_wpc),
> + GFP_KERNEL);
> + if (!mlme_reset_wpc)
> + goto finish;
> INIT_WORK(
> &mlme_reset_wpc->work,
> ca8210_mlme_reset_worker
> @@ -925,10 +927,10 @@ static int ca8210_spi_transfer(
>
> dev_dbg(&spi->dev, "ca8210_spi_transfer called\n");
>
> - cas_ctl = kmalloc(
> - sizeof(struct cas_control),
> - GFP_ATOMIC
> - );
> + cas_ctl = kmalloc(sizeof(*cas_ctl), GFP_ATOMIC);
> + if (!cas_ctl)
> + return -ENOMEM;
> +
> cas_ctl->priv = priv;
> memset(cas_ctl->tx_buf, SPI_IDLE, CA8210_SPI_BUF_SIZE);
> memset(cas_ctl->tx_in_buf, SPI_IDLE, CA8210_SPI_BUF_SIZE);
Hello.
On 03/29/2017 06:21 PM, Eric Dumazet wrote:
> On Wed, 2017-03-29 at 16:54 +0100, Colin King wrote:
>> From: Colin Ian King <[email protected]>
>>
>> Ensure we don't end up with a null pointer dereferences by checking
>> for for allocation failures. Allocate by sizeof(*ptr) rather than
>> the type to fix checkpack warnings. Also merge multiple lines into
>> one line for the kmalloc call.
>>
>> Detected by CoverityScan, CID#1422435 ("Dereference null return value")
>
> OK, but could you change patch title to be less generic ?
>
> Also, what tree is this patch targeting ?
>
> # ls -l drivers/net/ieee802154/ca8210.c
> ls: cannot access drivers/net/ieee802154/ca8210.c: No such file or
> directory
This new driver is sitting in bluetooth-next right now for the next merge.
regards
Stefan Schmidt