Received: by 10.213.65.68 with SMTP id h4csp1385451imn; Thu, 29 Mar 2018 03:55:00 -0700 (PDT) X-Google-Smtp-Source: AIpwx49x59qOz3MMgIOYINfEuNN4dS0s44P+Nd/vojVtVtzidVsZCiAcIKWE7H5Ab9hoW6YdD0Rl X-Received: by 10.99.97.20 with SMTP id v20mr5197125pgb.214.1522320900831; Thu, 29 Mar 2018 03:55:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522320900; cv=none; d=google.com; s=arc-20160816; b=XrOBSmi2zXssxNDHY9gGkfqwQrbW/fWbhe0QTDXTgGdumyUe8hp7YL3d0A57ncuPH3 kgshDrpfAHoT55qQGSd50niK1MAM2r5E1szOrBFPneVzZ3j2L+hxk5qzg+c6onYv42S5 QEr6KMDWvQVgtpnwAXiX/yVYg989IgLKPa4+p/TMO6xBgWPVi0nl/QZ5IKh69GGgj3SL /DkNF4T6sJtC91Yz83U6hn+6lpFViwRYovIQEyhO5EzMEOdcG1eRV8CpYR+U4q+J1SiJ sHnXiNulQem+rU2oW673WA+QNQVJ5ZpLISdPz8AP0Ma1puLSLbZKckwrIKOI8RFV+r5U UWfw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=fcyOAwIhOUwmLhKNz/HTYx0DO0qRlcLetsbOJXwXE/o=; b=Lf8zE4ptShb6xZcSTyTxHuL7vbRnySUuCYpRzGHWlWTqw4AUrnE3yM6D94e4tKzq3Z GxMNgXZLa6x+37ZJalakSTHvfYCGtsq1YaOpe0TKUf8he91sOUf0b30ntyo1VHDVcKMJ zuB013qR+RrCUIC2KmFXZKaX5Ak/7Me1vFw/MX3F0/h6jbuC88jpMORpsVyW8Rl/ktuH u1Qvj7FwdAxEp1cLUZAqIiAv7dOK6uyxP2Hsmr3/lfWDQkYGICng8HEw6rs/d3Wxoulz XuRw5F03D72AbAN3gCGxs8Quf/vhvVoGxHJ3bNfVYnjInC/mtIzef5elxkp54vV3e4/C +VvQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=cwj0hHf5; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k8si3765934pgt.786.2018.03.29.03.54.46; Thu, 29 Mar 2018 03:55:00 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=cwj0hHf5; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752254AbeC2Kxs (ORCPT + 99 others); Thu, 29 Mar 2018 06:53:48 -0400 Received: from mail-lf0-f65.google.com ([209.85.215.65]:35953 "EHLO mail-lf0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750799AbeC2Kxr (ORCPT ); Thu, 29 Mar 2018 06:53:47 -0400 Received: by mail-lf0-f65.google.com with SMTP id z143-v6so7795159lff.3; Thu, 29 Mar 2018 03:53:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=fcyOAwIhOUwmLhKNz/HTYx0DO0qRlcLetsbOJXwXE/o=; b=cwj0hHf5TC3o601uUbxqmqWn2rkCurm0Xx3B6qH639zUWJWTJWr0fTe81p9YGf5xU+ XilV3XSwsZYUto35ITAlDF0pc3fyyBcU0XsOnI9PgMMvjg+o/3JxOH75FoY6gCpsX2r2 C8Qhww9UAK9BVomdCjwbCQpdfdSEg9CeaylNBN272S4phiRL7PsHkJLRRcX9XMGTgnfV AZi9yauTzbuvFr55ASPGBTGpcBIb5spvlKdqsZ9RL6MGc0k4pxDynRkhdxcsnAGnNozI hmLDdxaKn/TnovsomZVFEdcemyOTZ1YMaD3S8EdsQDdXhskXHKvdD8ipBkRR5tzzyYLV sVrQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=fcyOAwIhOUwmLhKNz/HTYx0DO0qRlcLetsbOJXwXE/o=; b=r5OHCA5bOvOyh4bZ3iHOY5tlpMYOn46G7iwIEEha3hC3J9PRyX8Z/R7DUIG9QX/wwy oxyNSs0TRjjzHmODyr6h6yz21MB7vkfdTS5/fb0smLakkudV8xEhDriFbxwi4QgxwWxQ OMEtk9tnpJK9sl0W+uf5RDP9OcK/lOIxNYmHDGHHlQ4ZSCOKMCF+dE+faIfdqC+BqNA7 B1+mhdaMpjaT1TPx0tqEVe8gpjVPmT8fZ/S45ZYLlDpcPvRTFFbc5kbkS+6BM4o6k/u2 JHDqJj3gPiNlJbQpgmoq8CcYckJZggC6fwbyh6dbJMdxqGasLI55vrbkXkb4hdCOQSZj SYnw== X-Gm-Message-State: AElRT7G/34NCQGKhyrz73CybLncstO8ecrL8bLOgzTQFJ0c5CZT7deeo gml41JwQALvJXKvjHdlztPkPfJO37X0SOh5mprk= X-Received: by 10.46.133.69 with SMTP id u5mr5303689ljj.25.1522320825553; Thu, 29 Mar 2018 03:53:45 -0700 (PDT) MIME-Version: 1.0 Received: by 10.46.133.201 with HTTP; Thu, 29 Mar 2018 03:53:25 -0700 (PDT) In-Reply-To: <798fbe60-52aa-4fb0-0cd3-e2c067bd6c04@gmail.com> References: <1522308157-26463-1-git-send-email-ji_hun.kim@samsung.com> <798fbe60-52aa-4fb0-0cd3-e2c067bd6c04@gmail.com> From: ji-hun Kim Date: Thu, 29 Mar 2018 19:53:25 +0900 Message-ID: Subject: Re: [PATCH v2] staging: vt6655: check for memory allocation failures To: Jia-Ju Bai Cc: Ji-Hun Kim , gregkh@linuxfoundation.org, forest@alittletooquiet.net, dartnorris@gmail.com, santhameena13@gmail.com, julia.lawall@lip6.fr, y.k.oh@samsung.com, devel@driverdev.osuosl.org, linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 2018-03-29 17:00 GMT+09:00 Jia-Ju Bai : > > > > On 2018/3/29 15:22, Ji-Hun Kim wrote: >> >> There are no null pointer checking on rd_info and td_info values which >> are allocated by kzalloc. It has potential null pointer dereferencing >> issues. Add return when allocation is failed. >> >> Signed-off-by: Ji-Hun Kim >> --- >> >> Change: since v1: >> >> - Delete WARN_ON which can makes crashes on some machines. >> - Instead of return directly, goto freeing function for freeing previously >> allocated memory in the for loop after kzalloc() failed. >> - In the freeing function, if td_info and rd_info are not allocated, no >> needs to free. >> >> drivers/staging/vt6655/device_main.c | 64 +++++++++++++++++++++++++----------- >> 1 file changed, 44 insertions(+), 20 deletions(-) >> >> diff --git a/drivers/staging/vt6655/device_main.c b/drivers/staging/vt6655/device_main.c >> index fbc4bc6..ecbba43 100644 >> --- a/drivers/staging/vt6655/device_main.c >> +++ b/drivers/staging/vt6655/device_main.c >> @@ -539,7 +539,8 @@ static void device_init_rd0_ring(struct vnt_private *priv) >> i ++, curr += sizeof(struct vnt_rx_desc)) { >> desc = &priv->aRD0Ring[i]; >> desc->rd_info = kzalloc(sizeof(*desc->rd_info), GFP_KERNEL); >> - >> + if (!desc->rd_info) >> + goto error; >> if (!device_alloc_rx_buf(priv, desc)) >> dev_err(&priv->pcid->dev, "can not alloc rx bufs\n"); >> @@ -550,6 +551,10 @@ static void device_init_rd0_ring(struct vnt_private *priv) >> if (i > 0) >> priv->aRD0Ring[i-1].next_desc = cpu_to_le32(priv->rd0_pool_dma); >> priv->pCurrRD[0] = &priv->aRD0Ring[0]; >> + >> + return; >> +error: >> + device_free_rd0_ring(priv); >> } >> > > > I think you should return an error number here, because device_init_rd0_ring() is called by vnt_start(). > You should also implement error handling code in vnt_start(), and let vnt_start() returns an error number too. > The same for device_init_rd1_ring(), device_init_td0_ring() and device_init_td1_ring(). > Hi Jia-Ju, Thanks for the feedback. All right, those function looks that needs returns an error number. I will implement error handling code and send a patch v3 tomorrow Best regards, Ji-Hun