| Message ID | 20190302210905.13032-1-pakki001@umn.edu (mailing list archive) |
|---|---|
| State | Deferred, archived |
| Delegated to: | Andy Shevchenko |
| Headers | show |
| Series | x86: uv: Fix potential NULL pointer dereference of kmalloc_node | expand |
Hi Aditya, On 3/2/19 3:09 PM, Aditya Pakki wrote: > kmalloc_node might fail to allocate memory for thp field. This fix > attempts to avoid a potential NULL pointer dereference. > If this was detected by any static analyzer, please mention the tool in the commit log. Also, notice that this code does not apply to linux-next. Thanks -- Gustavo > Signed-off-by: Aditya Pakki <pakki001@umn.edu> > --- > arch/x86/platform/uv/tlb_uv.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/arch/x86/platform/uv/tlb_uv.c b/arch/x86/platform/uv/tlb_uv.c > index a4130b84d1ff..5a6d51e30a36 100644 > --- a/arch/x86/platform/uv/tlb_uv.c > +++ b/arch/x86/platform/uv/tlb_uv.c > @@ -2011,6 +2011,9 @@ static void make_per_cpu_thp(struct bau_control *smaster) > size_t hpsz = sizeof(struct hub_and_pnode) * num_possible_cpus(); > > smaster->thp = kmalloc_node(hpsz, GFP_KERNEL, smaster->osnode); > + if (!smaster->thp) > + return; > + > memset(smaster->thp, 0, hpsz); > for_each_present_cpu(cpu) { > smaster->thp[cpu].pnode = uv_cpu_hub_info(cpu)->pnode; >
On Sat, Mar 02, 2019 at 03:09:04PM -0600, Aditya Pakki wrote: > kmalloc_node might fail to allocate memory for thp field. This fix > attempts to avoid a potential NULL pointer dereference. > > Signed-off-by: Aditya Pakki <pakki001@umn.edu> > --- > arch/x86/platform/uv/tlb_uv.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/arch/x86/platform/uv/tlb_uv.c b/arch/x86/platform/uv/tlb_uv.c > index a4130b84d1ff..5a6d51e30a36 100644 > --- a/arch/x86/platform/uv/tlb_uv.c > +++ b/arch/x86/platform/uv/tlb_uv.c > @@ -2011,6 +2011,9 @@ static void make_per_cpu_thp(struct bau_control *smaster) > size_t hpsz = sizeof(struct hub_and_pnode) * num_possible_cpus(); > > smaster->thp = kmalloc_node(hpsz, GFP_KERNEL, smaster->osnode); > + if (!smaster->thp) > + return; This is init code; memeory allocation is 'unlikely' to fail. If it were to fail, we'd have gotten a nice crash pinpointing the failure. Now, we boot but get weird crashes later. Note how the rest of the code assumes smaster->thp to be set. How is that any better?
diff --git a/arch/x86/platform/uv/tlb_uv.c b/arch/x86/platform/uv/tlb_uv.c index a4130b84d1ff..5a6d51e30a36 100644 --- a/arch/x86/platform/uv/tlb_uv.c +++ b/arch/x86/platform/uv/tlb_uv.c @@ -2011,6 +2011,9 @@ static void make_per_cpu_thp(struct bau_control *smaster) size_t hpsz = sizeof(struct hub_and_pnode) * num_possible_cpus(); smaster->thp = kmalloc_node(hpsz, GFP_KERNEL, smaster->osnode); + if (!smaster->thp) + return; + memset(smaster->thp, 0, hpsz); for_each_present_cpu(cpu) { smaster->thp[cpu].pnode = uv_cpu_hub_info(cpu)->pnode;
kmalloc_node might fail to allocate memory for thp field. This fix attempts to avoid a potential NULL pointer dereference. Signed-off-by: Aditya Pakki <pakki001@umn.edu> --- arch/x86/platform/uv/tlb_uv.c | 3 +++ 1 file changed, 3 insertions(+)