Re: [PATCH] vt: Fix a missing-check bug in drivers/tty/vt/vt.c file of Linux 5.0.14

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Greg KH <gregkh@linuxfoundation.org>
To: Gen Zhang <blackgod016574@gmail.com>
Cc: linux-kernel <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] vt: Fix a missing-check bug in drivers/tty/vt/vt.c file of Linux 5.0.14
Date: Fri, 10 May 2019 17:12:06 +0200	[thread overview]
Message-ID: <20190510151206.GA31186@kroah.com> (raw)
In-Reply-To: <CAAie0ao_O0hcUOuUf67oog+dSswdQRpAtX8NyQvDAr_XQr=xQg@mail.gmail.com>

On Fri, May 10, 2019 at 10:24:50PM +0800, Gen Zhang wrote:
> On Fri, May 10, 2019 at 13:14:02PM +0800, Greg KH <
> gregkh@linuxfoundation.org> wrote:
> >Note, your email client ate all of the tabs and made the patch
> >impossible to apply, so please fix this up before you resend it.
> >
> >thanks,
> >
> >greg k-h
> From: Gen Zhang <blackgod016574@gmail.com>
> Date: Fri, 10 May 2019 09:31:30 +0000
> Subject: [PATCH] vt: Fix a missing-check bug in drivers/tty/vt/vt.c file of
> Linux 5.0.14
> 
> Hi,
> I found this missing-check bug in Linux-5.0.14/drivers/tty/vt/vt.c when I
> was examining the source code.
> 
> In function con_init(), the pointer variable vc_cons[currcons].d, vc and
> vc->vc_screenbuf is allocated a memory space via kzalloc().
> And they are used in the following codes.
> 
> However, when there is a memory allocation error, kzalloc can  be failed.
> Thus null pointer (vc_cons[currcons].d, vc and vc->vc_screenbuf)
> dereference may happen.
> And it will cause the kernel to crash. Therefore, we should check return
> value and handle an error.
> 
> Below is the patch file, and I am ready to sumbit it to the kernel tree.
> I am looking forward to a reply on this, thank you!
> 
> Kind regards
> Gen
> 
> Signed-off-by: Gen Zhang <blackgod016574@gmail.com>
> ---
> 
> --- a/drivers/tty/vt/vt.c
> +++ b/drivers/tty/vt/vt.c
> @@ -3322,10 +3322,14 @@ static int __init con_init(void)
> 
>   for (currcons = 0; currcons < MIN_NR_CONSOLES; currcons++) {
>   vc_cons[currcons].d = vc = kzalloc(sizeof(struct vc_data), GFP_NOWAIT);
> + if (!vc_cons[currcons].d || !vc)
> + goto err_vc;
>   INIT_WORK(&vc_cons[currcons].SAK_work, vc_SAK);
>   tty_port_init(&vc->port);
>   visual_init(vc, currcons, 1);
>   vc->vc_screenbuf = kzalloc(vc->vc_screenbuf_size, GFP_NOWAIT);
> + if (!vc->vc_screenbuf)
> + goto err_vc_screenbuf;
>   vc_init(vc, vc->vc_rows, vc->vc_cols,
>   currcons || !vc->vc_sw->con_save_screen);
>   }
> @@ -3347,6 +3351,14 @@ static int __init con_init(void)
>   register_console(&vt_console_driver);
>  #endif
>   return 0;
> +err_vc:
> + console_unlock();
> + return -ENOMEM;
> +err_vc_screenbuf:
> + console_unlock();
> + kfree(vc);
> + vc_cons[currcons].d = NULL;
> + return -ENOMEM;
>  }
>  console_initcall(con_init);

Still impossible to apply :(

Also, what about Dave's response to you?  This really can never be hit,
like other early-init tty allocations that we do not check because of
this issue, correct?

thanks,

greg k-h

next      parent reply	other threads:[~2019-05-10 15:12 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <CAAie0ar11_mPipN=d=mrgnVdEMO1Np0cCYdqcRfZrij_d-5zaQ@mail.gmail.com>
     [not found] ` <20190510051415.GA6073@kroah.com>
     [not found]   ` <CAAie0ao_O0hcUOuUf67oog+dSswdQRpAtX8NyQvDAr_XQr=xQg@mail.gmail.com>
2019-05-10 15:12     ` Greg KH [this message]
     [not found]       ` <CAAie0arnSxFvkNE1KSxD1a19_PQy03Q4RSiLZo9t7C9LeKkA9w@mail.gmail.com>
2019-05-11  6:07         ` [PATCH] vt: Fix a missing-check bug in drivers/tty/vt/vt.c file of Linux 5.0.14 Greg KH
2019-05-12  3:27           ` Gen Zhang
2019-05-12  6:20             ` Greg KH
2019-05-12  8:49               ` Gen Zhang
2019-05-13  7:36                 ` Greg KH
2019-05-13  9:37                   ` Gen Zhang
2019-05-13  9:58                     ` Greg KH
2019-05-13 11:33                       ` Gen Zhang
2019-05-16  9:07                       ` Gen Zhang

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190510151206.GA31186@kroah.com \
    --to=gregkh@linuxfoundation.org \
    --cc=blackgod016574@gmail.com \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.