| Message ID | 20220105082634.2410596-1-jiasheng@iscas.ac.cn (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | thunderbolt: Check for null pointer after calling kmemdup in icm_handle_event | expand |
Hi, On Wed, Jan 05, 2022 at 04:26:34PM +0800, Jiasheng Jiang wrote: > As the possible failure of the allocation, kmemdup() may return NULL > pointer. > Like alloc_switch(), it might be better to check it. > Therefore, icm_handle_event() should also check the return value of > kmemdup(). > If fails, just free 'n' and directly return is enough, same as the way > to handle the failure of kmalloc(). > > Fixes: f67cf491175a ("thunderbolt: Add support for Internal Connection Manager (ICM)") > Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn> Thanks for the patch but I realized that this has been fixed already: https://git.kernel.org/pub/scm/linux/kernel/git/westeri/thunderbolt.git/commit/?h=next&id=3cc1c6de458e0e58c413c3c35802ca96e55bbdbe
On Wed, Jan 05, 2022 at 04:26:34PM +0800, Jiasheng Jiang wrote: > As the possible failure of the allocation, kmemdup() may return NULL > pointer. > Like alloc_switch(), it might be better to check it. > Therefore, icm_handle_event() should also check the return value of > kmemdup(). > If fails, just free 'n' and directly return is enough, same as the way > to handle the failure of kmalloc(). I can not understand this changelog text at all, sorry. Please read the documentation for how to write a good changelog text. And most importantly, how did you test this change? thanks, greg k-h
diff --git a/drivers/thunderbolt/icm.c b/drivers/thunderbolt/icm.c index 2f30b816705a..514a77a02985 100644 --- a/drivers/thunderbolt/icm.c +++ b/drivers/thunderbolt/icm.c @@ -1739,6 +1739,11 @@ static void icm_handle_event(struct tb *tb, enum tb_cfg_pkg_type type, INIT_WORK(&n->work, icm_handle_notification); n->pkg = kmemdup(buf, size, GFP_KERNEL); + if (!n->pkg) { + kfree(n); + return; + } + n->tb = tb; queue_work(tb->wq, &n->work);
As the possible failure of the allocation, kmemdup() may return NULL pointer. Like alloc_switch(), it might be better to check it. Therefore, icm_handle_event() should also check the return value of kmemdup(). If fails, just free 'n' and directly return is enough, same as the way to handle the failure of kmalloc(). Fixes: f67cf491175a ("thunderbolt: Add support for Internal Connection Manager (ICM)") Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn> --- drivers/thunderbolt/icm.c | 5 +++++ 1 file changed, 5 insertions(+)