Re: [PATCH] vt: Fix a missing-check bug in drivers/tty/vt/vt.c file of Linux 5.0.14

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Greg KH <gregkh@linuxfoundation.org>
To: Gen Zhang <blackgod016574@gmail.com>
Cc: linux-kernel <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] vt: Fix a missing-check bug in drivers/tty/vt/vt.c file of Linux 5.0.14
Date: Mon, 13 May 2019 11:58:09 +0200	[thread overview]
Message-ID: <20190513095809.GA4588@kroah.com> (raw)
In-Reply-To: <20190513093730.GA4487@zhanggen-UX430UQ>

On Mon, May 13, 2019 at 05:37:41PM +0800, Gen Zhang wrote:
> On Mon, May 13, 2019 at 09:36:19AM +0200, Greg KH wrote:
> > > Signed-off-by: Gen Zhang <blackgod016574@gmail.com>
> > > ---
> > > --- drivers/tty/vt/vt.c
> > > +++ drivers/tty/vt/vt.c
> > > @@ -3349,10 +3349,14 @@ static int __init con_init(void)
> > >  
> > >  	for (currcons = 0; currcons < MIN_NR_CONSOLES; currcons++) {
> > >  		vc_cons[currcons].d = vc = kzalloc(sizeof(struct vc_data), GFP_NOWAIT);
> > > +		if (!vc_cons[currcons].d || !vc)
> > > +			goto err_vc;
> > 
> > What about the other memory that was allocated?  You never free that.
> > 
> > >  		INIT_WORK(&vc_cons[currcons].SAK_work, vc_SAK);
> > >  		tty_port_init(&vc->port);
> > >  		visual_init(vc, currcons, 1);
> > >  		vc->vc_screenbuf = kzalloc(vc->vc_screenbuf_size, GFP_NOWAIT);
> > > +		if (!vc->vc_screenbuf)
> > > +			goto err_vc_screenbuf;
> > 
> > Same here, you are now leaking memory.
> > 
> > Did you test this patch out with a kmalloc function that can fail?  If
> > not, please try to do so.
> > 
> > thanks,
> > 
> > greg k-h
> Hi, Greg
> 1. I re-examined the source code.
> For vc_cons[currcons].d and vc allocation fail, we may need to free
> vc->vc_screenbuf from the previous loop. So kfree(vc->vc_screenbuf) 
> need to be added to err_vc;
> As for vc->vc_screenbuf allocation fail, I don't think there is other
> memory need to be freed. Because in function con_init, there's no other 
> allocation operations except this two kzalloc functions. And in
> err_vc_screenbuf, vc_cons[currcons].d and vc is freed in the patch.

You have to unwind the loop and free and uninitialize all of the other
things you just created as well.

> 2. I tried to test this patch with a compiled kernel in QEMU but 
> failed. Testing this is out of my skills. So is there any other ways
> to test this patch?

qemu should work just fine, I don't know what else to suggest.  Run it
on "real hardware" with a kmalloc function modified to fail this
allocation?

good luck!

greg k-h

next prev parent reply	other threads:[~2019-05-13  9:58 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <CAAie0ar11_mPipN=d=mrgnVdEMO1Np0cCYdqcRfZrij_d-5zaQ@mail.gmail.com>
     [not found] ` <20190510051415.GA6073@kroah.com>
     [not found]   ` <CAAie0ao_O0hcUOuUf67oog+dSswdQRpAtX8NyQvDAr_XQr=xQg@mail.gmail.com>
2019-05-10 15:12     ` [PATCH] vt: Fix a missing-check bug in drivers/tty/vt/vt.c file of Linux 5.0.14 Greg KH
     [not found]       ` <CAAie0arnSxFvkNE1KSxD1a19_PQy03Q4RSiLZo9t7C9LeKkA9w@mail.gmail.com>
2019-05-11  6:07         ` Greg KH
2019-05-12  3:27           ` Gen Zhang
2019-05-12  6:20             ` Greg KH
2019-05-12  8:49               ` Gen Zhang
2019-05-13  7:36                 ` Greg KH
2019-05-13  9:37                   ` Gen Zhang
2019-05-13  9:58                     ` Greg KH [this message]
2019-05-13 11:33                       ` Gen Zhang
2019-05-16  9:07                       ` Gen Zhang

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190513095809.GA4588@kroah.com \
    --to=gregkh@linuxfoundation.org \
    --cc=blackgod016574@gmail.com \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.