Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp4016944ybi; Tue, 18 Jun 2019 10:15:44 -0700 (PDT) X-Google-Smtp-Source: APXvYqzO20mclYM+lfYmnbaraX12oGq8Vcz57Fj8G2FiemNgi+w+nk4+yiVbo+5PqpGVgERop+DM X-Received: by 2002:a17:902:f216:: with SMTP id gn22mr96331341plb.118.1560878143926; Tue, 18 Jun 2019 10:15:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1560878143; cv=none; d=google.com; s=arc-20160816; b=cdudcqOY59lkxABcphPZnbu/VioB+j37oCkq+abyfrwe5pzU6SgayTrDPrYJQEaKnH TCggqBlnJZvw252vmCfVkHLhlEi4qOzDwlUnx2LrJbZR+dlKKpUhABzk5BVOGhLM1jKA J/IZkhFHgFH9usws3ODJwbKgcHX4Y3703s5hE5VMvY7zp07bLWm8qrFnaEu/+/Nk4yp1 gyHpZLlS1EqjvRPl/2ssFZ8nn5uzQYsrMkpx1tXxCOniC9sDqI8Zn7vlBh6mn8uC7v57 pQd4dzx2slj7JPm3IcRBHpRM0XqyBqSj7XMZ21TaoAUK9YQDMjUJH5zRkTARg5NBnUqj 2qyg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=xf9JaMcfMTpA+95buSp6V+RKo2piqDxI9Pf5r4xWOgw=; b=zBx7VKMPTbTZ+vwViuJNBfuILI5Gjs/Bymkzpxw7r85GWcNVe2G4NN73K81PdnYRDN xXjqW365pLW0pPTbW0hoXjpdW/1IpT2o0qcK7i8u3BrCUNPvdvF828QbATCp9P/Xo53b M5Ufl/nKR+sMcpoAMlIJPo9pC8Jlp9uX3D7ed99BAqpcs5CDqgDKwPa6n/XGPfaeNeol tdfC5WKFNVKacLKNqTLp0BFX69etsYUj9b+b1i7YhEmhG/zJXM2AjtxlJPAukbpfAF8b MX3VAJWJU6CrR6OkjByMziShxPOEX56T6Dt8ieR+QnKEOed014bKcn7CQHf1DJbeAgzM rFXw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b="DQ/prbm6"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y1si14130060pfb.264.2019.06.18.10.15.28; Tue, 18 Jun 2019 10:15:43 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b="DQ/prbm6"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729743AbfFRRPR (ORCPT + 99 others); Tue, 18 Jun 2019 13:15:17 -0400 Received: from mail-ot1-f65.google.com ([209.85.210.65]:39240 "EHLO mail-ot1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728572AbfFRRPR (ORCPT ); Tue, 18 Jun 2019 13:15:17 -0400 Received: by mail-ot1-f65.google.com with SMTP id r21so13078551otq.6 for ; Tue, 18 Jun 2019 10:15:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=xf9JaMcfMTpA+95buSp6V+RKo2piqDxI9Pf5r4xWOgw=; b=DQ/prbm6F/jVALB23o1UX7hNkF+klFj23vBoHAQ0naQTfSoTf2YsYc4H+xShOvuJ/I wii73VN4+ZQ8Sflop7Vp3eleYkzqlaMuNgBF38D3NACNU4Vk86EV5lPAaA2nA8Kq+tvG 8lc5ZSXaDohScGj3b3YdhrjE02Cz5WEBLJZDQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=xf9JaMcfMTpA+95buSp6V+RKo2piqDxI9Pf5r4xWOgw=; b=q0QiqwD13xXYMqsqB+NcayrziZpCnJ+R55YflC4D2y4JWviXz74PdLHTRJqVpZY62x 3QV0AyMSSOaKFngguEen2C4MlE4ph5z9OJ7IjdYQ+oRbn1zrkWo8rk7f8ZcMspImDERs jkxZ8AHJ3QRLnXFWxMPby6kV3w8FaO1vuUOmmCU4zEYcy/A4YmT+RywXwxQjzeqF2QAW AC+U2elwajCqkJLxfG3EezFVKwcu744N0aR/8BiokajQ3VTLpkB0BGM3GwMPgfSrar0V KQq+Ls+aVLpjKWaYmpN/g206aOl2hKyIiN49JAsCQNoul2d6ichNdY37bqPP37ROCAzY VDpQ== X-Gm-Message-State: APjAAAXoD12+vdA+zvsvoEsUQcyPNZ2nmkfoChj1omFo0Sai9j1BKWJD qffY9HvbeyGJIF7mINLrb7dEQpG7J9Y= X-Received: by 2002:a9d:591a:: with SMTP id t26mr1400786oth.170.1560878116121; Tue, 18 Jun 2019 10:15:16 -0700 (PDT) Received: from mail-ot1-f53.google.com (mail-ot1-f53.google.com. [209.85.210.53]) by smtp.gmail.com with ESMTPSA id t30sm5924108otb.50.2019.06.18.10.15.15 for (version=TLS1_3 cipher=AEAD-AES128-GCM-SHA256 bits=128/128); Tue, 18 Jun 2019 10:15:15 -0700 (PDT) Received: by mail-ot1-f53.google.com with SMTP id b7so15950413otl.11 for ; Tue, 18 Jun 2019 10:15:15 -0700 (PDT) X-Received: by 2002:a9d:2c41:: with SMTP id f59mr40634751otb.268.1560878114700; Tue, 18 Jun 2019 10:15:14 -0700 (PDT) MIME-Version: 1.0 References: <20190618153924.19491-1-colin.king@canonical.com> In-Reply-To: <20190618153924.19491-1-colin.king@canonical.com> From: Nick Crews Date: Tue, 18 Jun 2019 11:15:03 -0600 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH][next] platform/chrome: wilco_ec: fix null pointer dereference on failed kzalloc To: Colin King Cc: Benson Leung , Enric Balletbo i Serra , kernel-janitors@vger.kernel.org, linux-kernel Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Thanks Colin, good catch. Enric, could you squash this into the real commit? On Tue, Jun 18, 2019 at 9:39 AM Colin King wrote: > > From: Colin Ian King > > If the kzalloc of the entries queue q fails a null pointer dereference > occurs when accessing q->capacity and q->lock. Add a kzalloc failure > check and handle the null return case in the calling function > event_device_add. > > Addresses-Coverity: ("Dereference null return") > Fixes: 75589e37d1dc ("platform/chrome: wilco_ec: Add circular buffer as event queue") > Signed-off-by: Colin Ian King > --- > drivers/platform/chrome/wilco_ec/event.c | 12 ++++++++++-- > 1 file changed, 10 insertions(+), 2 deletions(-) > > diff --git a/drivers/platform/chrome/wilco_ec/event.c b/drivers/platform/chrome/wilco_ec/event.c > index c975b76e6255..e251a989b152 100644 > --- a/drivers/platform/chrome/wilco_ec/event.c > +++ b/drivers/platform/chrome/wilco_ec/event.c > @@ -112,8 +112,11 @@ module_param(queue_size, int, 0644); > static struct ec_event_queue *event_queue_new(int capacity) > { > size_t entries_size = sizeof(struct ec_event *) * capacity; > - struct ec_event_queue *q = kzalloc(sizeof(*q) + entries_size, > - GFP_KERNEL); > + struct ec_event_queue *q; > + > + q = kzalloc(sizeof(*q) + entries_size, GFP_KERNEL); > + if (!q) > + return NULL; > > q->capacity = capacity; > spin_lock_init(&q->lock); > @@ -474,6 +477,11 @@ static int event_device_add(struct acpi_device *adev) > /* Initialize the device data. */ > adev->driver_data = dev_data; > dev_data->events = event_queue_new(queue_size); > + if (!dev_data->events) { > + kfree(dev_data); > + error = -ENOMEM; > + goto free_minor; > + } > init_waitqueue_head(&dev_data->wq); > dev_data->exist = true; > atomic_set(&dev_data->available, 1); Signed-off-by: Nick Crews > -- > 2.20.1 >