[PATCH] cxl: Fix null pointer dereference in cxl_get_fd
Kunwu Chan
chentao at kylinos.cn
Tue Dec 5 20:28:30 AEDT 2023
Hi Fred,
Thanks for your reply.
But there is a question, whether we should return an error code in error
path so that the caller of the 'cxl_get_fd' can know the specific
reason. rather than just return NULL.
Such as:
- int rc, flags, fdtmp;
+ int rc = 0, flags, fdtmp;
char *name = NULL;
/* only allow one per context */
- if (ctx->mapping)
- return ERR_PTR(-EEXIST);
+ if (ctx->mapping) {
+ rc = -EEXIST;
+ goto err;
+ }
flags = O_RDWR | O_CLOEXEC;
/* This code is similar to anon_inode_getfd() */
rc = get_unused_fd_flags(flags);
- if (rc < 0)
- return ERR_PTR(rc);
+ if (rc < 0) {
+ goto err;
+ }
fdtmp = rc;
name = kasprintf(GFP_KERNEL, "cxl:%d", ctx->pe);
+ if (!name) {
+ rc = -ENOMEM;
+ goto err_fd;
+ }
file = cxl_getfile(name, fops, ctx, flags);
kfree(name);
@@ -434,6 +437,9 @@ struct file *cxl_get_fd(struct cxl_context *ctx,
struct file_operations *fops,
err_fd:
put_unused_fd(fdtmp);
+err:
+ if (rc)
+ return ERR_PTR(rc);
return NULL;
Thanks again,
Kunwu
On 2023/12/4 18:43, Frederic Barrat wrote:
>
>
> On 04/12/2023 03:07, Kunwu Chan wrote:
>> kasprintf() returns a pointer to dynamically allocated memory
>> which can be NULL upon failure.
>>
>> Fixes: bdecf76e319a ("cxl: Fix coredump generation when cxl_get_fd()
>> is used")
>> Signed-off-by: Kunwu Chan <chentao at kylinos.cn>
>> ---
>> drivers/misc/cxl/api.c | 4 ++++
>> 1 file changed, 4 insertions(+)
>>
>> diff --git a/drivers/misc/cxl/api.c b/drivers/misc/cxl/api.c
>> index d85c56530863..bfd7ccd4d7e1 100644
>> --- a/drivers/misc/cxl/api.c
>> +++ b/drivers/misc/cxl/api.c
>> @@ -419,6 +419,10 @@ struct file *cxl_get_fd(struct cxl_context *ctx,
>> struct file_operations *fops,
>> fops = (struct file_operations *)&afu_fops;
>> name = kasprintf(GFP_KERNEL, "cxl:%d", ctx->pe);
>> + if (!name) {
>> + put_unused_fd(fdtmp);
>> + return ERR_PTR(-ENOMEM);
>> + }
>
>
> That works, but you might as well follow the existing error path:
>
> name = kasprintf(GFP_KERNEL, "cxl:%d", ctx->pe);
> if (!name)
> goto err_fd;
>
> Fred
>
>
>> file = cxl_getfile(name, fops, ctx, flags);
>> kfree(name);
>> if (IS_ERR(file))
More information about the Linuxppc-dev
mailing list