Received: by 2002:a25:86ce:0:0:0:0:0 with SMTP id y14csp2524601ybm;
        Thu, 23 May 2019 19:18:43 -0700 (PDT)
X-Google-Smtp-Source: APXvYqyQc2H9scsa6mK/ghErvarnpa3HTRWLG6xe9WvAzDZNZWNCHnm+UCx15w/i38c+RFQaAyns
X-Received: by 2002:a17:90a:1ac8:: with SMTP id p66mr6006831pjp.1.1558664323729;
        Thu, 23 May 2019 19:18:43 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1558664323; cv=none;
        d=google.com; s=arc-20160816;
        b=Pg2p/ZoLq9PdxLfYgP/jg29fivYzNmqdHOQWGIHa00NS0H2Za3V5cfF7RygQeExIsy
         d54JUCAb5tGRhoUrPhjdiyJbOKm/9hs8aonWqd0ooWP57se4dqiey1E8x4reWRZxBuLT
         UxfgDqe/vn/I7HCqZUTr8iu476BRIx7TpltYV7f0yciwEp26rPQfW2RciT+TSugnt8vD
         EV4t0gkH4d4uXIDZF08nNruKu4geAo/GDnwiIuaZwPsEB3IgziLokS+a0hwwJwPGxFSW
         kHhpcBn/d3uQeh/7L6sa1maWk6VZXsI1co0J7n1C+alvFKHH2R0HX4iOB8C6Lo79BFXO
         Pk4A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date:dkim-signature;
        bh=jmvJu0mVgTdzaX+eZTqpCianhRMHfBYRrsQSK2cXAeE=;
        b=Zkv/IMmx19uB/fdOj2nciuFZQp2ehgdIbIH0l9nGTbBq3eSfthAiywd5VHF6NyJZb7
         HPbdtwJ5QqD9eNYQ999Pag9Qmq6dS8AHG/O83K5hy/j/mNSB6vyWKB+TcpIHc4QAy7Q1
         /dIJRA3Lt25Fm8W3O26B1XQxUcascL42HvElVjLzdTI4XBYpMuGI7KJbsgbU3r4Xcrc3
         0QpV6hyf4IVYEcJYf3exS2YKVzP0PyWJnV+Wy6HRY0m0WufMT/G0fYqEVLVr4hwHlTsz
         vPpmB4BTIPezlNWU6LEkayfVq0AdZt3ejTRoDbPXieE+/pYFvF9CHUC/9AQkDXNERY+G
         IQaQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=Slu70HmP;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id w35si2090881pga.490.2019.05.23.19.18.23;
        Thu, 23 May 2019 19:18:43 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=Slu70HmP;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2388307AbfEXCOy (ORCPT <rfc822;daisukeokaopensource@gmail.com>
        + 99 others); Thu, 23 May 2019 22:14:54 -0400
Received: from mail-pl1-f196.google.com ([209.85.214.196]:41954 "EHLO
        mail-pl1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S2387732AbfEXCOy (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 23 May 2019 22:14:54 -0400
Received: by mail-pl1-f196.google.com with SMTP id f12so3489437plt.8
        for <linux-kernel@vger.kernel.org>; Thu, 23 May 2019 19:14:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=date:from:to:cc:subject:message-id:references:mime-version
         :content-disposition:in-reply-to:user-agent;
        bh=jmvJu0mVgTdzaX+eZTqpCianhRMHfBYRrsQSK2cXAeE=;
        b=Slu70HmP2ntiocmUfQbxEXahovLTdiaX0HqVwnXndLfws/OES+/wlv+Ygk2UcxYmnZ
         4p9TePnf+Zh5SS9i9tontIKGrmaGYYBze0r/6CdRAcmGToabR3u51S0BiCuFESajyQHv
         Uj2BavhPCbCcFwftPDK7OgVpQTq+QDIxTMo84u/LGBvR1xDvTIFWT0ENSb7tApt7X7gD
         PZBHqhOXeY1d+h/NyASHGod78rqbOxbqWwlawYHCLzizi4RLzN3ctQDKjsXu7CFyVs/r
         YEd06C3iOAtC7LICGXSYmCeOVS/hjO9zBG98nXdkl47FaffveUkdf2qAWWkrzFVpbsVZ
         YxUw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:from:to:cc:subject:message-id:references
         :mime-version:content-disposition:in-reply-to:user-agent;
        bh=jmvJu0mVgTdzaX+eZTqpCianhRMHfBYRrsQSK2cXAeE=;
        b=p9dbnYh5Vd6mY1TPd5heqyG707FMoof3in0KkCMCwvoU+IfjZRHp6AL1kZqOmSi6tS
         kH2DwJmF0W6pZWACbQ7zYiUbaW9N4iqcjR+X4U47gsmKLa7GrFNQZTUJ+zTEhAR6J1ID
         oCjyf8h2lZxSdDcJlISng/A6Rw8FKOzBXxuJ8clmj1mdCkuaFCQQVw5K9dcU9gzAEd2n
         0fgsT+02NpnBbu0j9tulZH26oZGTQh6jYmGQdCRUXgQ9XJg9G2r/I+rxS/XW2FiBy4Ws
         D14TKsFi8c1GxR5ewodABzKArKLjXXE9PJbaOJAK5npb2giy9vpH2GTByvn2aBjHEsPH
         W6rw==
X-Gm-Message-State: APjAAAVeJd9XrbjvwwSedJi76+pJnCrCGnUcRpT7m2lb8AOijatfDLFM
        ELAvJc4KJg4q/RSR4/UzrYU=
X-Received: by 2002:a17:902:8c8f:: with SMTP id t15mr47169620plo.87.1558664093265;
        Thu, 23 May 2019 19:14:53 -0700 (PDT)
Received: from zhanggen-UX430UQ ([66.42.35.75])
        by smtp.gmail.com with ESMTPSA id q27sm777678pfg.49.2019.05.23.19.14.34
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Thu, 23 May 2019 19:14:52 -0700 (PDT)
Date:   Fri, 24 May 2019 10:14:22 +0800
From:   Gen Zhang <blackgod016574@gmail.com>
To:     Kees Cook <keescook@chromium.org>
Cc:     linux-kernel@vger.kernel.org
Subject: Re: [PATCH v2] consolemap: Fix a memory leaking bug in
 drivers/tty/vt/consolemap.c
Message-ID: <20190524021422.GB4753@zhanggen-UX430UQ>
References: <20190521092935.GA2297@zhanggen-UX430UQ>
 <201905211342.DE554F0D@keescook>
 <20190522015055.GC4093@zhanggen-UX430UQ>
 <201905221353.AD8E585E6D@keescook>
 <20190523003452.GB14060@zhanggen-UX430UQ>
 <201905230952.B47ADA17A@keescook>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <201905230952.B47ADA17A@keescook>
User-Agent: Mutt/1.5.24 (2015-08-30)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, May 23, 2019 at 09:54:18AM -0700, Kees Cook wrote:
> On Thu, May 23, 2019 at 08:34:52AM +0800, Gen Zhang wrote:
> > In function con_insert_unipair(), when allocation for p2 and p1[n]
> > fails, ENOMEM is returned, but previously allocated p1 is not freed, 
> > remains as leaking memory. Thus we should free p1 as well when this
> > allocation fails.
> > 
> > Signed-off-by: Gen Zhang <blackgod016574@gmail.com>
> 
> As far as I can see this is correct, as it's just restoring the prior
> state before the p1 allocation.
> 
> Reviewed-by: Kees Cook <keescook@chromium.org>
> 
Thanks for your review, Kees!

Thanks
Gen
> > ---
> > diff --git a/drivers/tty/vt/consolemap.c b/drivers/tty/vt/consolemap.c
> > index b28aa0d..79fcc96 100644
> > --- a/drivers/tty/vt/consolemap.c
> > +++ b/drivers/tty/vt/consolemap.c
> > @@ -489,7 +489,11 @@ con_insert_unipair(struct uni_pagedir *p, u_short unicode, u_short fontpos)
> >  	p2 = p1[n = (unicode >> 6) & 0x1f];
> >  	if (!p2) {
> >  		p2 = p1[n] = kmalloc_array(64, sizeof(u16), GFP_KERNEL);
> > -		if (!p2) return -ENOMEM;
> > +		if (!p2) {
> > +			kfree(p1);
> > +			p->uni_pgdir[n] = NULL;
> > +			return -ENOMEM;
> > +		}
> >  		memset(p2, 0xff, 64*sizeof(u16)); /* No glyphs for the characters (yet) */
> >  	}
> >  
> > ---
> 
> -- 
> Kees Cook