Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp4272956imu; Mon, 14 Jan 2019 19:09:36 -0800 (PST) X-Google-Smtp-Source: ALg8bN5rHibI+cA74xP4J43JYZiKzH4f9NweLjQVdq/ojFF3bwn1m2Trl8782maJurDnh5RUlN5c X-Received: by 2002:a17:902:bb98:: with SMTP id m24mr1766093pls.71.1547521776040; Mon, 14 Jan 2019 19:09:36 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1547521776; cv=none; d=google.com; s=arc-20160816; b=KFv9158cRG/Hri6VyuPu69zQfa5fbYnI3lzbtxdCubHwOkN1cINplRx9PTLi8sodr2 ujlkXUwTc6opzlJKru2ztuMHPIrtHisUEgFp3fCcgzLjN8Z1WoHrzDSBKBPPfoG3AxcQ TO/AhVugQAwfhqg9i5Ww7Jq+hamtJlFiqEjFM0yTOsB1S6IH9OfJCI9itmR5dhUdy+cG MzWXh1rDnM7utJgi1I/BgVurjp9KA+Pg86+y5wuS2kpzRiRzrCVSZRc7ZounGyjm3dMA q24x1Z/vkVIXbO48IbBizlR7kVylswdtzKmWB2rXUA2U5UDCIHdD0d+bZWhTo6zSptN6 owWg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from; bh=e8iMYGbcH2qm8eIJ2NlXu+AEVadQKmmaA9G0smXdr6w=; b=XyC7TkOajovrLo/bBtzXxWUM0680PbD2rLN3ujuuTbkArWo3c0WUX5qmitqg6kOCew EZWGN+x3THkfPjWlr4HZ1Ekkz40je4ww27vdFwB48AmmGZPpG3bwjoT5L8CY+jv6HVFp 9xBJsFWKSbpuuXIRNzajz3k4zboLlglX20dTdHUe6c3u9pIUi3QrNaV2NDdkIx9NVGQx JnMqbGMjdqt9L4zNg+qKwvgzm8D9BrftGbcX+6OZO90Yzl+oazguQup0rozBTBSTk2wz EKT9R3GtXswTvEmtQ27IQRY7q+NasTmR6hBYy5+VlrMqn1sIQxvDHlRbr8mhc1VdqNbP oY/w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 3si2047302plv.258.2019.01.14.19.09.20; Mon, 14 Jan 2019 19:09:36 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727899AbfAOCci (ORCPT + 99 others); Mon, 14 Jan 2019 21:32:38 -0500 Received: from out1.zte.com.cn ([202.103.147.172]:44912 "EHLO mxct.zte.com.cn" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727336AbfAOCch (ORCPT ); Mon, 14 Jan 2019 21:32:37 -0500 Received: from mse01.zte.com.cn (unknown [10.30.3.20]) by Forcepoint Email with ESMTPS id 9D0FBEA33DFF15018DEE; Tue, 15 Jan 2019 10:32:02 +0800 (CST) Received: from notes_smtp.zte.com.cn ([10.30.1.239]) by mse01.zte.com.cn with ESMTP id x0F2VuRl045233; Tue, 15 Jan 2019 10:31:56 +0800 (GMT-8) (envelope-from wen.yang99@zte.com.cn) Received: from fox-host8.localdomain ([10.74.120.8]) by szsmtp06.zte.com.cn (Lotus Domino Release 8.5.3FP6) with ESMTP id 2019011510320810-22290381 ; Tue, 15 Jan 2019 10:32:08 +0800 From: Wen Yang To: boris.ostrovsky@oracle.com Cc: jgross@suse.com, sstabellini@kernel.org, xen-devel@lists.xenproject.org, linux-kernel@vger.kernel.org, xue.zhihong@zte.com.cn, wang.yi59@zte.com.cn, Wen Yang , Dan Carpenter Subject: [PATCH v2] pvcalls-front: fix potential null dereference Date: Tue, 15 Jan 2019 10:31:27 +0800 Message-Id: <1547519487-27586-1-git-send-email-wen.yang99@zte.com.cn> X-Mailer: git-send-email 1.8.3.1 X-MIMETrack: Itemize by SMTP Server on SZSMTP06/server/zte_ltd(Release 8.5.3FP6|November 21, 2013) at 2019-01-15 10:32:08, Serialize by Router on notes_smtp/zte_ltd(Release 9.0.1FP7|August 17, 2016) at 2019-01-15 10:31:53, Serialize complete at 2019-01-15 10:31:53 X-MAIL: mse01.zte.com.cn x0F2VuRl045233 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org static checker warning: drivers/xen/pvcalls-front.c:373 alloc_active_ring() error: we previously assumed 'map->active.ring' could be null (see line 357) drivers/xen/pvcalls-front.c 351 static int alloc_active_ring(struct sock_mapping *map) 352 { 353 void *bytes; 354 355 map->active.ring = (struct pvcalls_data_intf *) 356 get_zeroed_page(GFP_KERNEL); 357 if (!map->active.ring) ^^^^^^^^^^^^^^^^^ Check 358 goto out; 359 360 map->active.ring->ring_order = PVCALLS_RING_ORDER; 361 bytes = (void *)__get_free_pages(GFP_KERNEL | __GFP_ZERO, 362 PVCALLS_RING_ORDER); 363 if (!bytes) 364 goto out; 365 366 map->active.data.in = bytes; 367 map->active.data.out = bytes + 368 XEN_FLEX_RING_SIZE(PVCALLS_RING_ORDER); 369 370 return 0; 371 372 out: --> 373 free_active_ring(map); ^^^ Add null check on map->active.ring before dereferencing it to avoid any NULL pointer dereferences. Fixes: 9f51c05dc41a ("pvcalls-front: Avoid get_free_pages(GFP_KERNEL) under spinlock") Reported-by: Dan Carpenter Suggested-by: Boris Ostrovsky Signed-off-by: Wen Yang CC: Boris Ostrovsky CC: Juergen Gross CC: Stefano Stabellini CC: Dan Carpenter CC: xen-devel@lists.xenproject.org CC: linux-kernel@vger.kernel.org --- v2->v1: - Add NULL check on map->active.ring and return immediately if it is. drivers/xen/pvcalls-front.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/xen/pvcalls-front.c b/drivers/xen/pvcalls-front.c index 307861f..8a249c9 100644 --- a/drivers/xen/pvcalls-front.c +++ b/drivers/xen/pvcalls-front.c @@ -343,6 +343,9 @@ int pvcalls_front_socket(struct socket *sock) static void free_active_ring(struct sock_mapping *map) { + if (!map->active.ring) + return; + free_pages((unsigned long)map->active.data.in, map->active.ring->ring_order); free_page((unsigned long)map->active.ring); -- 2.9.5