2010-10-28 04:44:13

by Dan Carpenter

[permalink] [raw]
Subject: [patch] nfs: check kmalloc() return

The decode_and_add_ds() should return NULL on failure.

Signed-off-by: Dan Carpenter <[email protected]>

diff --git a/fs/nfs/nfs4filelayoutdev.c b/fs/nfs/nfs4filelayoutdev.c
index 51fe64a..098113c 100644
--- a/fs/nfs/nfs4filelayoutdev.c
+++ b/fs/nfs/nfs4filelayoutdev.c
@@ -219,6 +219,8 @@ decode_and_add_ds(__be32 **pp, struct inode *inode)
goto out_err;
}
buf = kmalloc(rlen + 1, GFP_KERNEL);
+ if (!buf)
+ goto out_err;
buf[rlen] = '\0';
memcpy(buf, r_addr, rlen);



2010-10-28 14:14:17

by Benny Halevy

[permalink] [raw]
Subject: Re: [patch] nfs: check kmalloc() return

On 2010-10-28 15:41, Trond Myklebust wrote:
> On Thu, 2010-10-28 at 09:16 +0200, walter harms wrote:
>>
>> Dan Carpenter schrieb:
>>> The decode_and_add_ds() should return NULL on failure.
>>>
>>> Signed-off-by: Dan Carpenter <[email protected]>
>>>
>>> diff --git a/fs/nfs/nfs4filelayoutdev.c b/fs/nfs/nfs4filelayoutdev.c
>>> index 51fe64a..098113c 100644
>>> --- a/fs/nfs/nfs4filelayoutdev.c
>>> +++ b/fs/nfs/nfs4filelayoutdev.c
>>> @@ -219,6 +219,8 @@ decode_and_add_ds(__be32 **pp, struct inode *inode)
>>> goto out_err;
>>> }
>>> buf = kmalloc(rlen + 1, GFP_KERNEL);
>>> + if (!buf)
>>> + goto out_err;
>>> buf[rlen] = '\0';
>>> memcpy(buf, r_addr, rlen);
>>>
>>
>> it seems that r_addr is a string, then kstdup() is emulated here.
>>
>> re,
>> wh
>
> Not quite. kstrdup() requires that the argument be a NUL-terminated
> string. The above code doesn't.

Right. kmemdup is the right one.

Benny

>
> Trond
> --
> To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html

2010-10-28 16:57:22

by Dan Carpenter

[permalink] [raw]
Subject: Re: [patch] nfs: check kmalloc() return

On Thu, Oct 28, 2010 at 04:14:12PM +0200, Benny Halevy wrote:
> >>> diff --git a/fs/nfs/nfs4filelayoutdev.c b/fs/nfs/nfs4filelayoutdev.c
> >>> index 51fe64a..098113c 100644
> >>> --- a/fs/nfs/nfs4filelayoutdev.c
> >>> +++ b/fs/nfs/nfs4filelayoutdev.c
> >>> @@ -219,6 +219,8 @@ decode_and_add_ds(__be32 **pp, struct inode *inode)
> >>> goto out_err;
> >>> }
> >>> buf = kmalloc(rlen + 1, GFP_KERNEL);
> >>> + if (!buf)
> >>> + goto out_err;
> >>> buf[rlen] = '\0';
> >>> memcpy(buf, r_addr, rlen);
> >>>
> >>
> >> it seems that r_addr is a string, then kstdup() is emulated here.
> >>
> >> re,
> >> wh
> >
> > Not quite. kstrdup() requires that the argument be a NUL-terminated
> > string. The above code doesn't.
>
> Right. kmemdup is the right one.
>

We need to duplicate the data and also add a NUL char on the end.
kmemdup() only does the first bit. You could copy one char past the end
so you have space for the NUL but that's not the right idea.

Anyway, I'm out of here for the next few days. :) See you after the
weekend.

regards,
dan carpenter


2010-10-28 07:16:11

by walter harms

[permalink] [raw]
Subject: Re: [patch] nfs: check kmalloc() return



Dan Carpenter schrieb:
> The decode_and_add_ds() should return NULL on failure.
>
> Signed-off-by: Dan Carpenter <[email protected]>
>
> diff --git a/fs/nfs/nfs4filelayoutdev.c b/fs/nfs/nfs4filelayoutdev.c
> index 51fe64a..098113c 100644
> --- a/fs/nfs/nfs4filelayoutdev.c
> +++ b/fs/nfs/nfs4filelayoutdev.c
> @@ -219,6 +219,8 @@ decode_and_add_ds(__be32 **pp, struct inode *inode)
> goto out_err;
> }
> buf = kmalloc(rlen + 1, GFP_KERNEL);
> + if (!buf)
> + goto out_err;
> buf[rlen] = '\0';
> memcpy(buf, r_addr, rlen);
>

it seems that r_addr is a string, then kstdup() is emulated here.

re,
wh



> --
> To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
>

2010-10-29 07:33:33

by Benny Halevy

[permalink] [raw]
Subject: Re: [patch] nfs: check kmalloc() return

On 2010-10-28 18:57, Dan Carpenter wrote:
> On Thu, Oct 28, 2010 at 04:14:12PM +0200, Benny Halevy wrote:
>>>>> diff --git a/fs/nfs/nfs4filelayoutdev.c b/fs/nfs/nfs4filelayoutdev.c
>>>>> index 51fe64a..098113c 100644
>>>>> --- a/fs/nfs/nfs4filelayoutdev.c
>>>>> +++ b/fs/nfs/nfs4filelayoutdev.c
>>>>> @@ -219,6 +219,8 @@ decode_and_add_ds(__be32 **pp, struct inode *inode)
>>>>> goto out_err;
>>>>> }
>>>>> buf = kmalloc(rlen + 1, GFP_KERNEL);
>>>>> + if (!buf)
>>>>> + goto out_err;
>>>>> buf[rlen] = '\0';
>>>>> memcpy(buf, r_addr, rlen);
>>>>>
>>>>
>>>> it seems that r_addr is a string, then kstdup() is emulated here.
>>>>
>>>> re,
>>>> wh
>>>
>>> Not quite. kstrdup() requires that the argument be a NUL-terminated
>>> string. The above code doesn't.
>>
>> Right. kmemdup is the right one.
>>
>
> We need to duplicate the data and also add a NUL char on the end.

You're right.

> kmemdup() only does the first bit. You could copy one char past the end
> so you have space for the NUL but that's not the right idea.

If rlen is divisible by 4 you can't be sure you'll have an extra character to
copy.

So the check you added is probably the simplest solution.

Benny

>
> Anyway, I'm out of here for the next few days. :) See you after the
> weekend.
>
> regards,
> dan carpenter
>

2010-10-28 13:41:22

by Myklebust, Trond

[permalink] [raw]
Subject: Re: [patch] nfs: check kmalloc() return

On Thu, 2010-10-28 at 09:16 +0200, walter harms wrote:
>
> Dan Carpenter schrieb:
> > The decode_and_add_ds() should return NULL on failure.
> >
> > Signed-off-by: Dan Carpenter <[email protected]>
> >
> > diff --git a/fs/nfs/nfs4filelayoutdev.c b/fs/nfs/nfs4filelayoutdev.c
> > index 51fe64a..098113c 100644
> > --- a/fs/nfs/nfs4filelayoutdev.c
> > +++ b/fs/nfs/nfs4filelayoutdev.c
> > @@ -219,6 +219,8 @@ decode_and_add_ds(__be32 **pp, struct inode *inode)
> > goto out_err;
> > }
> > buf = kmalloc(rlen + 1, GFP_KERNEL);
> > + if (!buf)
> > + goto out_err;
> > buf[rlen] = '\0';
> > memcpy(buf, r_addr, rlen);
> >
>
> it seems that r_addr is a string, then kstdup() is emulated here.
>
> re,
> wh

Not quite. kstrdup() requires that the argument be a NUL-terminated
string. The above code doesn't.

Trond