| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 14 Sep 2016 16:01:28 +0200
From: SF Markus Elfring <elfring@...rs.sourceforge.net>
To: virtualization@...ts.linux-foundation.org,
Amit Shah <amit.shah@...hat.com>,
Arnd Bergmann <arnd@...db.de>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
"Michael S. Tsirkin" <mst@...hat.com>,
Rusty Russell <rusty@...tcorp.com.au>
Cc: LKML <linux-kernel@...r.kernel.org>,
kernel-janitors@...r.kernel.org,
Julia Lawall <julia.lawall@...6.fr>
Subject: [PATCH 02/11] virtio_console: Less function calls in init_vqs() after
error detection
From: Markus Elfring <elfring@...rs.sourceforge.net>
Date: Wed, 14 Sep 2016 14:00:35 +0200
The kfree() function was called in up to five cases
by the init_vqs() function during error handling even if
the passed variable contained a null pointer.
* Return directly after a call of the function "kmalloc_array" failed
at the beginning.
* Split a condition check for memory allocation failures so that
each pointer from these function calls will be checked immediately.
See also background information:
Topic "CWE-754: Improper check for unusual or exceptional conditions"
Link: https://cwe.mitre.org/data/definitions/754.html
* Adjust jump targets according to the Linux coding style convention.
Signed-off-by: Markus Elfring <elfring@...rs.sourceforge.net>
---
drivers/char/virtio_console.c | 32 ++++++++++++++++++++++++++------
1 file changed, 26 insertions(+), 6 deletions(-)
diff --git a/drivers/char/virtio_console.c b/drivers/char/virtio_console.c
index 325ebc6..bf0ad57 100644
--- a/drivers/char/virtio_console.c
+++ b/drivers/char/virtio_console.c
@@ -1882,20 +1882,37 @@ static int init_vqs(struct ports_device *portdev)
nr_queues = use_multiport(portdev) ? (nr_ports + 1) * 2 : 2;
vqs = kmalloc_array(nr_queues, sizeof(*vqs), GFP_KERNEL);
+ if (!vqs)
+ return -ENOMEM;
+
io_callbacks = kmalloc_array(nr_queues,
sizeof(*io_callbacks),
GFP_KERNEL);
+ if (!io_callbacks) {
+ err = -ENOMEM;
+ goto free_vqs;
+ }
+
io_names = kmalloc_array(nr_queues, sizeof(*io_names), GFP_KERNEL);
+ if (!io_names) {
+ err = -ENOMEM;
+ goto free_callbacks;
+ }
+
portdev->in_vqs = kmalloc_array(nr_ports,
sizeof(*portdev->in_vqs),
GFP_KERNEL);
+ if (!portdev->in_vqs) {
+ err = -ENOMEM;
+ goto free_names;
+ }
+
portdev->out_vqs = kmalloc_array(nr_ports,
sizeof(*portdev->out_vqs),
GFP_KERNEL);
- if (!vqs || !io_callbacks || !io_names || !portdev->in_vqs ||
- !portdev->out_vqs) {
+ if (!portdev->out_vqs) {
err = -ENOMEM;
- goto free;
+ goto free_in_vqs;
}
/*
@@ -1929,7 +1946,7 @@ static int init_vqs(struct ports_device *portdev)
io_callbacks,
(const char **)io_names);
if (err)
- goto free;
+ goto free_out_vqs;
j = 0;
portdev->in_vqs[0] = vqs[0];
@@ -1950,12 +1967,15 @@ static int init_vqs(struct ports_device *portdev)
kfree(vqs);
return 0;
-
-free:
+ free_out_vqs:
kfree(portdev->out_vqs);
+ free_in_vqs:
kfree(portdev->in_vqs);
+ free_names:
kfree(io_names);
+ free_callbacks:
kfree(io_callbacks);
+ free_vqs:
kfree(vqs);
return err;
--
2.10.0
Powered by blists - more mailing lists