Received: by 10.213.65.68 with SMTP id h4csp1260589imn; Thu, 29 Mar 2018 01:02:37 -0700 (PDT) X-Google-Smtp-Source: AIpwx4/AIKYAUcNTm6t1Da51ENEc3PVu9eYAbT0Ue23gZbKX7pzPSzKB+fq3Fvy43kcuFByiZroP X-Received: by 10.99.176.71 with SMTP id z7mr4694477pgo.74.1522310557458; Thu, 29 Mar 2018 01:02:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522310557; cv=none; d=google.com; s=arc-20160816; b=qUUc2lVCukZpVCrKpuK+cEVb9koaAheq/We7qcR6jCrLsC8yAKrt+sPkp4warkiDt2 gJXJpJAE+y2Te/U7YotL+pywUD5bdVxrWKJ/yUgEo3BtU8Scfz6XobIi2eWwM6uaBicH 0Z6NFTrUv0njLVLlA7J/Vq7I1LiiaVWGdn+7H9qM5vq4Ckpi/QZe5eQf0TBQLcH8UMZb ku21XHFrJD5XAxPlCwHspXOf1qCaTs9r0RH1IojNZA9D7m0ZBURxITwIcHsUJJAZPQ4k BCACOHyN17zH8hsGCZES9RQ0yyww/Bq3Eu2Wkyjdr4JJoe+QEN5UgiUdiLD12Zlxgs/Y XO2g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-language :content-transfer-encoding:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature :arc-authentication-results; bh=3Ti3R0cgEFJ8sYKZsk+GbC5XKyeJVIV0RpBkm2JuBh4=; b=kDjmbFcOPCZteL8cmd6xm9J4eEcb1Y7ydXd39UNConXx0L1fo5W3LO1HFbXFJ9zzzk qa8js1riK0TzFXmzsME/Hqt3T2CD8U2rIWjehARFibRxlCbKvAlKwpFFHigE5JMlaqfG Rvvdpy0CHDyOofhsW764Ep6XmwPaYMLDpbW/wUvENcJW/4qBYq19iLjDmQ9+Cl8LnWtG q7+YNZhaBjUj9jSGgk+dsKXerl9+nu5xEnLf9US5Xy0cdBCoiV2EIqYTtQPPeBvUSwn/ W3eXPn0JHkNyQN6S/mFkbSi5nMkxrl8mWUlnuRvAz+acjcgj5PK6FWPFOzbEBE1/ZNtY PkeQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=fFBgujdo; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b35-v6si5508771plh.84.2018.03.29.01.02.18; Thu, 29 Mar 2018 01:02:37 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=fFBgujdo; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751973AbeC2IBB (ORCPT + 99 others); Thu, 29 Mar 2018 04:01:01 -0400 Received: from mail-it0-f67.google.com ([209.85.214.67]:32949 "EHLO mail-it0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751325AbeC2IA7 (ORCPT ); Thu, 29 Mar 2018 04:00:59 -0400 Received: by mail-it0-f67.google.com with SMTP id z143-v6so22076908itc.0; Thu, 29 Mar 2018 01:00:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding:content-language; bh=3Ti3R0cgEFJ8sYKZsk+GbC5XKyeJVIV0RpBkm2JuBh4=; b=fFBgujdoxnavtrIWPM/ddULDLCdJ3BhJkfTwyKpLJSJKf8ZYmFnw109M/CAoNYRT3o gXWRMTpeftilWl/VVUWMXCzYgGUPHluo76zpteTIYFJDevn3b+9+y0xTIwFwV10O/wXk pI6KxTqo93DfIBl1ePoLN5cR0CcCRFejeFO9rIUs+LLLPGFPYLhNHJIsECwkLeP6ZBNS 10OvET/pEsiSrflMnUhlWiZSOv5BXJbHKtTWt/K0PBqXSznTVNrjE9kpDyMNVCKoUYGb A9PY6dTWZinEFl0vW60F0zaRykJiks9Eg4gWMgdZ2oCX6Y4PcctmpRskJygYsEVcH3cc 4PsA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=3Ti3R0cgEFJ8sYKZsk+GbC5XKyeJVIV0RpBkm2JuBh4=; b=TdqH3DtM1dWokGYOYXetXlJMEg9uS6tI/AqZBJn2M40iOXKxvfG1ddF+dFe1ZG+/Ul V98/A2u4XBQFwNxuWRx68Mqb0RDRXFig+Lzu3iLL19hEKxIRgNSfCj/fW2mVCPreDqE2 ybqA/824DC8BB8DQl8Gn4VHjT7F3XqwxEMkvIq1DqjLhLyZlH9df6YvCrRksaCqBcabN EjDKtJn0saK7KRK8V6TMjtfAf5xsx7H4kNYv8++VtoayiTm19oZ38uwl1DS44mwMKq64 DrTRdZTkwGRYJpEQocrj5jIjeHzocGcElY+21yWTK7Dv8rrPV3eEsEhJYVbrtJ3q7och xciw== X-Gm-Message-State: AElRT7E1hXP61Mms2COqwVBDH6lOVITCXNb+vi9CBqiwVwriesf97ZiQ NkvmEaa/YWnT+dvpmUGCdmJd6LKI X-Received: by 2002:a24:6881:: with SMTP id v123-v6mr6307930itb.32.1522310458926; Thu, 29 Mar 2018 01:00:58 -0700 (PDT) Received: from ?IPv6:2402:f000:1:1501:200:5efe:166.111.70.50? ([2402:f000:1:1501:200:5efe:a66f:4632]) by smtp.gmail.com with ESMTPSA id 4sm3527567iox.55.2018.03.29.01.00.52 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 29 Mar 2018 01:00:58 -0700 (PDT) Subject: Re: [PATCH v2] staging: vt6655: check for memory allocation failures To: Ji-Hun Kim , gregkh@linuxfoundation.org, forest@alittletooquiet.net Cc: dartnorris@gmail.com, santhameena13@gmail.com, julia.lawall@lip6.fr, y.k.oh@samsung.com, devel@driverdev.osuosl.org, linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org References: <1522308157-26463-1-git-send-email-ji_hun.kim@samsung.com> From: Jia-Ju Bai Message-ID: <798fbe60-52aa-4fb0-0cd3-e2c067bd6c04@gmail.com> Date: Thu, 29 Mar 2018 16:00:42 +0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.2.0 MIME-Version: 1.0 In-Reply-To: <1522308157-26463-1-git-send-email-ji_hun.kim@samsung.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2018/3/29 15:22, Ji-Hun Kim wrote: > There are no null pointer checking on rd_info and td_info values which > are allocated by kzalloc. It has potential null pointer dereferencing > issues. Add return when allocation is failed. > > Signed-off-by: Ji-Hun Kim > --- > > Change: since v1: > > - Delete WARN_ON which can makes crashes on some machines. > - Instead of return directly, goto freeing function for freeing previously > allocated memory in the for loop after kzalloc() failed. > - In the freeing function, if td_info and rd_info are not allocated, no > needs to free. > > drivers/staging/vt6655/device_main.c | 64 +++++++++++++++++++++++++----------- > 1 file changed, 44 insertions(+), 20 deletions(-) > > diff --git a/drivers/staging/vt6655/device_main.c b/drivers/staging/vt6655/device_main.c > index fbc4bc6..ecbba43 100644 > --- a/drivers/staging/vt6655/device_main.c > +++ b/drivers/staging/vt6655/device_main.c > @@ -539,7 +539,8 @@ static void device_init_rd0_ring(struct vnt_private *priv) > i ++, curr += sizeof(struct vnt_rx_desc)) { > desc = &priv->aRD0Ring[i]; > desc->rd_info = kzalloc(sizeof(*desc->rd_info), GFP_KERNEL); > - > + if (!desc->rd_info) > + goto error; > if (!device_alloc_rx_buf(priv, desc)) > dev_err(&priv->pcid->dev, "can not alloc rx bufs\n"); > > @@ -550,6 +551,10 @@ static void device_init_rd0_ring(struct vnt_private *priv) > if (i > 0) > priv->aRD0Ring[i-1].next_desc = cpu_to_le32(priv->rd0_pool_dma); > priv->pCurrRD[0] = &priv->aRD0Ring[0]; > + > + return; > +error: > + device_free_rd0_ring(priv); > } > I think you should return an error number here, because device_init_rd0_ring() is called by vnt_start(). You should also implement error handling code in vnt_start(), and let vnt_start() returns an error number too. The same for device_init_rd1_ring(), device_init_td0_ring() and device_init_td1_ring(). Best wishes, Jia-Ju Bai