The module_get_next_page() function return error pointers on error
instead of NULL.
Use IS_ERR() to check the return value to fix this.
Fixes: b1ae6dc41eaa ("module: add in-kernel support for decompressing")
Signed-off-by: Miaoqian Lin <[email protected]>
---
kernel/module/decompress.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/kernel/module/decompress.c b/kernel/module/decompress.c
index c033572d83f0..720e719253cd 100644
--- a/kernel/module/decompress.c
+++ b/kernel/module/decompress.c
@@ -114,8 +114,8 @@ static ssize_t module_gzip_decompress(struct load_info *info,
do {
struct page *page = module_get_next_page(info);
- if (!page) {
- retval = -ENOMEM;
+ if (IS_ERR(page)) {
+ retval = PTR_ERR(page);
goto out_inflate_end;
}
@@ -173,8 +173,8 @@ static ssize_t module_xz_decompress(struct load_info *info,
do {
struct page *page = module_get_next_page(info);
- if (!page) {
- retval = -ENOMEM;
+ if (IS_ERR(page)) {
+ retval = PTR_ERR(page);
goto out;
}
--
2.37.3.671.ge2130fe6da78.dirty
On Thu, Nov 10, 2022 at 06:58:34AM +0400, Miaoqian Lin wrote:
> The module_get_next_page() function return error pointers on error
> instead of NULL.
> Use IS_ERR() to check the return value to fix this.
>
> Fixes: b1ae6dc41eaa ("module: add in-kernel support for decompressing")
> Signed-off-by: Miaoqian Lin <[email protected]>
> ---
Thanks queued up. How did you find out? Just code inspection? I see
chances are low of this triggering, but just curious how you found it.
Luis
Hi,
On 2022/11/10 12:09, Luis Chamberlain wrote:
> On Thu, Nov 10, 2022 at 06:58:34AM +0400, Miaoqian Lin wrote:
>> The module_get_next_page() function return error pointers on error
>> instead of NULL.
>> Use IS_ERR() to check the return value to fix this.
>>
>> Fixes: b1ae6dc41eaa ("module: add in-kernel support for decompressing")
>> Signed-off-by: Miaoqian Lin <[email protected]>
>> ---
> Thanks queued up. How did you find out? Just code inspection? I see
> chances are low of this triggering, but just curious how you found it.
I found this by static analysis, specifically, I obtained functions that return error pointers and
inspected whether their callers followed the correct specification.
> Luis
On 2022/11/10 14:05, Luis Chamberlain wrote:
> On Thu, Nov 10, 2022 at 12:18:50PM +0800, Miaoqian Lin wrote:
>> Hi,
>>
>> On 2022/11/10 12:09, Luis Chamberlain wrote:
>>> On Thu, Nov 10, 2022 at 06:58:34AM +0400, Miaoqian Lin wrote:
>>>> The module_get_next_page() function return error pointers on error
>>>> instead of NULL.
>>>> Use IS_ERR() to check the return value to fix this.
>>>>
>>>> Fixes: b1ae6dc41eaa ("module: add in-kernel support for decompressing")
>>>> Signed-off-by: Miaoqian Lin <[email protected]>
>>>> ---
>>> Thanks queued up. How did you find out? Just code inspection? I see
>>> chances are low of this triggering, but just curious how you found it.
>> I found this by static analysis, specifically, I obtained functions that return error pointers and
>> inspected whether their callers followed the correct specification.
> Which one did you use?
I wrote custom checker based on the weggli tool (https://github.com/googleprojectzero/weggli).
> Luis
On Thu, Nov 10, 2022 at 12:18:50PM +0800, Miaoqian Lin wrote:
> Hi,
>
> On 2022/11/10 12:09, Luis Chamberlain wrote:
> > On Thu, Nov 10, 2022 at 06:58:34AM +0400, Miaoqian Lin wrote:
> >> The module_get_next_page() function return error pointers on error
> >> instead of NULL.
> >> Use IS_ERR() to check the return value to fix this.
> >>
> >> Fixes: b1ae6dc41eaa ("module: add in-kernel support for decompressing")
> >> Signed-off-by: Miaoqian Lin <[email protected]>
> >> ---
> > Thanks queued up. How did you find out? Just code inspection? I see
> > chances are low of this triggering, but just curious how you found it.
> I found this by static analysis, specifically, I obtained functions that return error pointers and
> inspected whether their callers followed the correct specification.
Which one did you use?
Luis
On Thu, Nov 10, 2022 at 06:58:34AM +0400, Miaoqian Lin wrote:
> The module_get_next_page() function return error pointers on error
> instead of NULL.
> Use IS_ERR() to check the return value to fix this.
>
> Fixes: b1ae6dc41eaa ("module: add in-kernel support for decompressing")
> Signed-off-by: Miaoqian Lin <[email protected]>
Reviewed-by: Dmitry Torokhov <[email protected]>
Thank you for spotting this.
--
Dmitry