When kcalloc() returns NULL to nl_table, no error return code of
netlink_proto_init() is assigned.
To fix this bug, err is assigned with -ENOMEM in this case.
Fixes: fab2caf62ed0 ("[NETLINK]: Call panic if nl_table allocation fails")
Reported-by: TOTE Robot <[email protected]>
Signed-off-by: Jia-Ju Bai <[email protected]>
---
net/netlink/af_netlink.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index dd488938447f..9ab66cfb1037 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -2880,8 +2880,10 @@ static int __init netlink_proto_init(void)
BUILD_BUG_ON(sizeof(struct netlink_skb_parms) > sizeof_field(struct sk_buff, cb));
nl_table = kcalloc(MAX_LINKS, sizeof(*nl_table), GFP_KERNEL);
- if (!nl_table)
+ if (!nl_table) {
+ err = -ENOMEM;
goto panic;
+ }
for (i = 0; i < MAX_LINKS; i++) {
if (rhashtable_init(&nl_table[i].hash,
--
2.17.1
On 09.03.2021 09:33, Jia-Ju Bai wrote:
> When kcalloc() returns NULL to nl_table, no error return code of
> netlink_proto_init() is assigned.
> To fix this bug, err is assigned with -ENOMEM in this case.
>
Didn't we talk enough about your incorrect patches yesterday?
This one is incorrect again. panic() never returns.
Stop sending patches until you understand the code you're changing!
> Fixes: fab2caf62ed0 ("[NETLINK]: Call panic if nl_table allocation fails")
> Reported-by: TOTE Robot <[email protected]>
> Signed-off-by: Jia-Ju Bai <[email protected]>
> ---
> net/netlink/af_netlink.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
> index dd488938447f..9ab66cfb1037 100644
> --- a/net/netlink/af_netlink.c
> +++ b/net/netlink/af_netlink.c
> @@ -2880,8 +2880,10 @@ static int __init netlink_proto_init(void)
> BUILD_BUG_ON(sizeof(struct netlink_skb_parms) > sizeof_field(struct sk_buff, cb));
>
> nl_table = kcalloc(MAX_LINKS, sizeof(*nl_table), GFP_KERNEL);
> - if (!nl_table)
> + if (!nl_table) {
> + err = -ENOMEM;
> goto panic;
> + }
>
> for (i = 0; i < MAX_LINKS; i++) {
> if (rhashtable_init(&nl_table[i].hash,
>
On 2021/3/9 16:47, Heiner Kallweit wrote:
> On 09.03.2021 09:33, Jia-Ju Bai wrote:
>> When kcalloc() returns NULL to nl_table, no error return code of
>> netlink_proto_init() is assigned.
>> To fix this bug, err is assigned with -ENOMEM in this case.
>>
> Didn't we talk enough about your incorrect patches yesterday?
> This one is incorrect again. panic() never returns.
> Stop sending patches until you understand the code you're changing!
Ah, sorry, I was too confident about this bug report...
Thanks for your reply.
Following your advice, now I am sending the patches only for the bug
reports that I am confident about after careful code review.
Some of the patches have been applied, but some of them are still wrong,
like this patch...
I am sorry for the false positives...
Best wishes,
Jia-Ju Bai