From: SF Markus Elfring <elfring@users.sourceforge.net>
To: virtualization@lists.linux-foundation.org,
Amit Shah <amit.shah@redhat.com>, Arnd Bergmann <arnd@arndb.de>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
"Michael S. Tsirkin" <mst@redhat.com>,
Rusty Russell <rusty@rustcorp.com.au>
Cc: Julia Lawall <julia.lawall@lip6.fr>,
kernel-janitors@vger.kernel.org,
LKML <linux-kernel@vger.kernel.org>
Subject: [PATCH 02/11] virtio_console: Less function calls in init_vqs() after error detection
Date: Wed, 14 Sep 2016 16:01:28 +0200 [thread overview]
Message-ID: <490b98e1-6129-f11f-55ff-94219ebce6d6@users.sourceforge.net> (raw)
In-Reply-To: <020438b9-a7f8-0050-04c1-43382ba60b75@users.sourceforge.net>
From: Markus Elfring <elfring@users.sourceforge.net>
Date: Wed, 14 Sep 2016 14:00:35 +0200
The kfree() function was called in up to five cases
by the init_vqs() function during error handling even if
the passed variable contained a null pointer.
* Return directly after a call of the function "kmalloc_array" failed
at the beginning.
* Split a condition check for memory allocation failures so that
each pointer from these function calls will be checked immediately.
See also background information:
Topic "CWE-754: Improper check for unusual or exceptional conditions"
Link: https://cwe.mitre.org/data/definitions/754.html
* Adjust jump targets according to the Linux coding style convention.
Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
---
drivers/char/virtio_console.c | 32 ++++++++++++++++++++++++++------
1 file changed, 26 insertions(+), 6 deletions(-)
diff --git a/drivers/char/virtio_console.c b/drivers/char/virtio_console.c
index 325ebc6..bf0ad57 100644
--- a/drivers/char/virtio_console.c
+++ b/drivers/char/virtio_console.c
@@ -1882,20 +1882,37 @@ static int init_vqs(struct ports_device *portdev)
nr_queues = use_multiport(portdev) ? (nr_ports + 1) * 2 : 2;
vqs = kmalloc_array(nr_queues, sizeof(*vqs), GFP_KERNEL);
+ if (!vqs)
+ return -ENOMEM;
+
io_callbacks = kmalloc_array(nr_queues,
sizeof(*io_callbacks),
GFP_KERNEL);
+ if (!io_callbacks) {
+ err = -ENOMEM;
+ goto free_vqs;
+ }
+
io_names = kmalloc_array(nr_queues, sizeof(*io_names), GFP_KERNEL);
+ if (!io_names) {
+ err = -ENOMEM;
+ goto free_callbacks;
+ }
+
portdev->in_vqs = kmalloc_array(nr_ports,
sizeof(*portdev->in_vqs),
GFP_KERNEL);
+ if (!portdev->in_vqs) {
+ err = -ENOMEM;
+ goto free_names;
+ }
+
portdev->out_vqs = kmalloc_array(nr_ports,
sizeof(*portdev->out_vqs),
GFP_KERNEL);
- if (!vqs || !io_callbacks || !io_names || !portdev->in_vqs ||
- !portdev->out_vqs) {
+ if (!portdev->out_vqs) {
err = -ENOMEM;
- goto free;
+ goto free_in_vqs;
}
/*
@@ -1929,7 +1946,7 @@ static int init_vqs(struct ports_device *portdev)
io_callbacks,
(const char **)io_names);
if (err)
- goto free;
+ goto free_out_vqs;
j = 0;
portdev->in_vqs[0] = vqs[0];
@@ -1950,12 +1967,15 @@ static int init_vqs(struct ports_device *portdev)
kfree(vqs);
return 0;
-
-free:
+ free_out_vqs:
kfree(portdev->out_vqs);
+ free_in_vqs:
kfree(portdev->in_vqs);
+ free_names:
kfree(io_names);
+ free_callbacks:
kfree(io_callbacks);
+ free_vqs:
kfree(vqs);
return err;
--
2.10.0
next prev parent reply other threads:[~2016-09-14 14:01 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <566ABCD9.1060404@users.sourceforge.net>
2016-09-13 12:10 ` [PATCH 0/4] block-virtio: Fine-tuning for two function implementations SF Markus Elfring
2016-09-13 12:12 ` [PATCH 1/4] virtio_blk: Use kmalloc_array() in init_vq() SF Markus Elfring
2016-09-13 12:13 ` [PATCH 2/4] virtio_blk: Less function calls in init_vq() after error detection SF Markus Elfring
2016-09-13 12:14 ` [PATCH 3/4] virtio_blk: Delete an unnecessary initialisation in init_vq() SF Markus Elfring
2016-09-13 12:15 ` [PATCH 4/4] virtio_blk: Rename a jump label in virtblk_get_id() SF Markus Elfring
[not found] ` <f56845a8-03c6-d3f7-6091-99dba9835780@users.sourceforge.net>
2016-09-13 12:54 ` [PATCH 2/4] virtio_blk: Less function calls in init_vq() after error detection Christian Borntraeger
[not found] ` <e918e655-cd86-c3c8-d911-9dfc03b03e19@de.ibm.com>
2016-09-13 14:33 ` SF Markus Elfring
2016-09-13 17:30 ` SF Markus Elfring
[not found] ` <7da823eb-939c-9ee6-32bf-db296e6a96f6@users.sourceforge.net>
2016-09-13 18:24 ` Christian Borntraeger
2016-09-14 6:56 ` SF Markus Elfring
2016-09-14 8:10 ` Cornelia Huck
[not found] ` <20160914101009.6abef9f0.cornelia.huck@de.ibm.com>
2016-09-14 9:09 ` virtio_blk: Clarification for communication difficulties? SF Markus Elfring
[not found] ` <a1642c2a-c013-2dec-29fb-1748a52e1c24@users.sourceforge.net>
2016-10-03 9:20 ` Stefan Hajnoczi
[not found] ` <CAJSP0QV_V-aEvdE76PnOH6TNJPJCuf+6N7SkySDAnrhbNNhv3w@mail.gmail.com>
2016-10-03 12:00 ` SF Markus Elfring
[not found] ` <a303f7a6-c675-5228-99bd-a03c9e9252e9@users.sourceforge.net>
2016-10-03 9:07 ` [PATCH 4/4] virtio_blk: Rename a jump label in virtblk_get_id() Stefan Hajnoczi
[not found] ` <CAJSP0QV2WUJPqeiSKcWiXWk+AoJ2MGo2zG4=JQ2tfpTprAyV=g@mail.gmail.com>
2016-10-03 12:12 ` SF Markus Elfring
2016-10-09 23:30 ` [PATCH 4/4] " Michael S. Tsirkin
2016-10-10 8:18 ` SF Markus Elfring
[not found] ` <52a07fc8-21a0-8f98-fa9d-5751fbf95afa@users.sourceforge.net>
2016-10-03 9:09 ` [PATCH 3/4] virtio_blk: Delete an unnecessary initialisation in init_vq() Stefan Hajnoczi
[not found] ` <7a8dd874-3700-1445-2143-2a604cd043ab@users.sourceforge.net>
2016-10-03 9:11 ` [PATCH 1/4] virtio_blk: Use kmalloc_array() " Stefan Hajnoczi
2016-09-14 13:56 ` [PATCH 00/11] virtio-console: Fine-tuning for 14 function implementations SF Markus Elfring
2016-09-14 14:00 ` [PATCH 01/11] virtio_console: Use kmalloc_array() in init_vqs() SF Markus Elfring
2016-09-14 14:01 ` SF Markus Elfring [this message]
2016-09-21 12:10 ` [PATCH 02/11] virtio_console: Less function calls in init_vqs() after error detection Amit Shah
2016-09-21 13:06 ` SF Markus Elfring
2016-09-14 14:02 ` [PATCH 03/11] virtio_console: Rename a jump label in init() SF Markus Elfring
2016-09-14 14:03 ` [PATCH 04/11] virtio_console: Rename jump labels in virtcons_probe() SF Markus Elfring
2016-09-14 14:04 ` [PATCH 05/11] virtio_console: Rename jump labels in add_port() SF Markus Elfring
2016-09-14 14:05 ` [PATCH 06/11] virtio_console: Rename a jump label in port_fops_open() SF Markus Elfring
2016-09-14 14:06 ` [PATCH 07/11] virtio_console: Rename a jump label in port_fops_splice_write() SF Markus Elfring
2016-09-14 14:07 ` [PATCH 08/11] virtio_console: Rename jump labels in port_fops_write() SF Markus Elfring
2016-09-14 14:08 ` [PATCH 09/11] virtio_console: Rename a jump label in __send_to_port() SF Markus Elfring
2016-09-14 14:09 ` [PATCH 10/11] virtio_console: Rename jump labels in alloc_buf() SF Markus Elfring
2016-09-14 14:10 ` [PATCH 11/11] virtio_console: Rename a jump label in five functions SF Markus Elfring
2017-08-06 10:56 ` [PATCH 00/11] virtio-console: Fine-tuning for 14 function implementations SF Markus Elfring
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=490b98e1-6129-f11f-55ff-94219ebce6d6@users.sourceforge.net \
--to=elfring@users.sourceforge.net \
--cc=amit.shah@redhat.com \
--cc=arnd@arndb.de \
--cc=gregkh@linuxfoundation.org \
--cc=julia.lawall@lip6.fr \
--cc=kernel-janitors@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mst@redhat.com \
--cc=rusty@rustcorp.com.au \
--cc=virtualization@lists.linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).