From: Hou Tao <houtao@huaweicloud.com>
To: Markus Elfring <Markus.Elfring@web.de>,
bpf@vger.kernel.org, linux-input@vger.kernel.org,
kernel-janitors@vger.kernel.org,
Alexei Starovoitov <ast@kernel.org>,
Benjamin Tissoires <benjamin.tissoires@redhat.com>,
David Vernet <void@manifault.com>, Jiri Kosina <jikos@kernel.org>
Cc: LKML <linux-kernel@vger.kernel.org>, cocci@inria.fr
Subject: Re: [PATCH] HID: bpf: One function call less in call_hid_bpf_rdesc_fixup() after error detection
Date: Wed, 27 Dec 2023 09:13:56 +0800 [thread overview]
Message-ID: <618f886f-b2ff-4d50-cf74-e8478a7e8547@huaweicloud.com> (raw)
In-Reply-To: <3203eb44-6e69-4bda-b585-426408cb75ee@web.de>
Hi,
On 12/27/2023 2:24 AM, Markus Elfring wrote:
> From: Markus Elfring <elfring@users.sourceforge.net>
> Date: Tue, 26 Dec 2023 19:13:25 +0100
>
> The kfree() function was called in one case by the
> call_hid_bpf_rdesc_fixup() function during error handling
> even if the passed data structure member contained a null pointer.
> This issue was detected by using the Coccinelle software.
It is totally OK to free a null pointer through kfree() and the ENOMEM
case is an unlikely case, so I don't think the patch is necessary.
>
> Thus adjust jump targets.
>
> Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
> ---
> drivers/hid/bpf/hid_bpf_dispatch.c | 9 +++++----
> 1 file changed, 5 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/hid/bpf/hid_bpf_dispatch.c b/drivers/hid/bpf/hid_bpf_dispatch.c
> index d9ef45fcaeab..c84fe55be5ed 100644
> --- a/drivers/hid/bpf/hid_bpf_dispatch.c
> +++ b/drivers/hid/bpf/hid_bpf_dispatch.c
> @@ -118,17 +118,17 @@ u8 *call_hid_bpf_rdesc_fixup(struct hid_device *hdev, u8 *rdesc, unsigned int *s
>
> ctx_kern.data = kzalloc(ctx_kern.ctx.allocated_size, GFP_KERNEL);
> if (!ctx_kern.data)
> - goto ignore_bpf;
> + goto dup_mem;
>
> memcpy(ctx_kern.data, rdesc, min_t(unsigned int, *size, HID_MAX_DESCRIPTOR_SIZE));
>
> ret = hid_bpf_prog_run(hdev, HID_BPF_PROG_TYPE_RDESC_FIXUP, &ctx_kern);
> if (ret < 0)
> - goto ignore_bpf;
> + goto free_data;
>
> if (ret) {
> if (ret > ctx_kern.ctx.allocated_size)
> - goto ignore_bpf;
> + goto free_data;
>
> *size = ret;
> }
> @@ -137,8 +137,9 @@ u8 *call_hid_bpf_rdesc_fixup(struct hid_device *hdev, u8 *rdesc, unsigned int *s
>
> return rdesc;
>
> - ignore_bpf:
> +free_data:
> kfree(ctx_kern.data);
> +dup_mem:
> return kmemdup(rdesc, *size, GFP_KERNEL);
> }
> EXPORT_SYMBOL_GPL(call_hid_bpf_rdesc_fixup);
> --
> 2.43.0
>
>
> .
next prev parent reply other threads:[~2023-12-27 1:14 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-26 18:24 [PATCH] HID: bpf: One function call less in call_hid_bpf_rdesc_fixup() after error detection Markus Elfring
2023-12-27 1:13 ` Hou Tao [this message]
2023-12-27 8:19 ` Markus Elfring
2023-12-27 15:46 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=618f886f-b2ff-4d50-cf74-e8478a7e8547@huaweicloud.com \
--to=houtao@huaweicloud.com \
--cc=Markus.Elfring@web.de \
--cc=ast@kernel.org \
--cc=benjamin.tissoires@redhat.com \
--cc=bpf@vger.kernel.org \
--cc=cocci@inria.fr \
--cc=jikos@kernel.org \
--cc=kernel-janitors@vger.kernel.org \
--cc=linux-input@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=void@manifault.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox