On Mon, Feb 13, 2017 at 6:07 PM, David Laight <David.Laight@xxxxxxxxxx> wrote:
> From: Arnd Bergmann
>> Sent: 13 February 2017 17:02
> ...
>> >> > + ioctl_ptr = memdup_user(arg, _IOC_SIZE(cmd));
>> >> > + if (IS_ERR_OR_NULL(ioctl_ptr)) {
>> >> > + ret = PTR_ERR(ioctl_ptr);
>> >> > + goto out;
>> >> ...
>> >> > + out:
>> >> > + kfree(ioctl_ptr);
>> >> > + return ret;
> ...
>> >> That error path doesn't look quite right to me.
> ...
>> > good god, this is a mess this morning. Thanks for the catch, I'll review these
>> > more aggressively before sending out.
>>
>> memdup_user() never returns NULL, and generally speaking any use of
>> IS_ERR_OR_NULL() indicates that there is something wrong with the
>> interface, so aside from passing the right pointer (or NULL) into kfree()
>> I think using IS_ERR() is the correct solution.
>
> You missed the problem entirely.
> Code needs to be:
> if (IS_ERR(ioctl_ptr))
> return PTR_ERR(ioctl_ptr);
Sorry if that wasn't clear, I expected the part about the kfree(errptr) to be
obvious but was trying to avoid having Scott go through another revision
for removing the IS_ERR_OR_NULL() after fixing the first problem.
Arnd
