| Message ID | 8666cc78-3e15-435e-9c4e-15502ac75bcd@moroto.mountain (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | accel/qaic: Improve bounds checking in encode/decode | expand |
On 11.07.2023 09:13, Dan Carpenter wrote: >If get_user_pages_fast() allocates some pages but not as many as we >wanted, then the current code leaks those pages. Call put_page() on >the pages before returning. > >Fixes: 129776ac2e38 ("accel/qaic: Add control path") >Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org> Reviewed-by: Dafna Hirschfeld <dhirschfeld@habana.ai> >--- >no change > > drivers/accel/qaic/qaic_control.c | 7 +++++-- > 1 file changed, 5 insertions(+), 2 deletions(-) > >diff --git a/drivers/accel/qaic/qaic_control.c b/drivers/accel/qaic/qaic_control.c >index d5ce36cb351f..9a6f80f31c65 100644 >--- a/drivers/accel/qaic/qaic_control.c >+++ b/drivers/accel/qaic/qaic_control.c >@@ -425,9 +425,12 @@ static int find_and_map_user_pages(struct qaic_device *qdev, > } > > ret = get_user_pages_fast(xfer_start_addr, nr_pages, 0, page_list); >- if (ret < 0 || ret != nr_pages) { >- ret = -EFAULT; >+ if (ret < 0) > goto free_page_list; >+ if (ret != nr_pages) { >+ nr_pages = ret; >+ ret = -EFAULT; >+ goto put_pages; > } > > sgt = kmalloc(sizeof(*sgt), GFP_KERNEL); >-- >2.39.2 >
diff --git a/drivers/accel/qaic/qaic_control.c b/drivers/accel/qaic/qaic_control.c index d5ce36cb351f..9a6f80f31c65 100644 --- a/drivers/accel/qaic/qaic_control.c +++ b/drivers/accel/qaic/qaic_control.c @@ -425,9 +425,12 @@ static int find_and_map_user_pages(struct qaic_device *qdev, } ret = get_user_pages_fast(xfer_start_addr, nr_pages, 0, page_list); - if (ret < 0 || ret != nr_pages) { - ret = -EFAULT; + if (ret < 0) goto free_page_list; + if (ret != nr_pages) { + nr_pages = ret; + ret = -EFAULT; + goto put_pages; } sgt = kmalloc(sizeof(*sgt), GFP_KERNEL);
If get_user_pages_fast() allocates some pages but not as many as we wanted, then the current code leaks those pages. Call put_page() on the pages before returning. Fixes: 129776ac2e38 ("accel/qaic: Add control path") Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org> --- no change drivers/accel/qaic/qaic_control.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-)