The return from k*alloc() should be checked and action taking for when
the allocation fails. In many places hv did this with an ASSERT()
call or didn't check the value at all.
Signed-off-by: Bill Pemberton <wfp5p@xxxxxxxxxxxx>
---
drivers/staging/hv/Channel.c | 50 ++++++++++++++++++++++++++++----------
drivers/staging/hv/ChannelMgmt.c | 6 ++++-
drivers/staging/hv/Connection.c | 4 +++
3 files changed, 46 insertions(+), 14 deletions(-)
diff --git a/drivers/staging/hv/Channel.c b/drivers/staging/hv/Channel.c
index 328d3a0..94e5214 100644
--- a/drivers/staging/hv/Channel.c
+++ b/drivers/staging/hv/Channel.c
@@ -181,6 +181,13 @@ int VmbusChannelOpen(struct vmbus_channel *NewChannel, u32 SendRingBufferSize,
DPRINT_ENTER(VMBUS);
+ /* Create and init the channel open message */
+ openInfo = kmalloc(sizeof(*openInfo) +
+ sizeof(struct vmbus_channel_open_channel),
+ GFP_KERNEL);
+ if (!openInfo)
+ return -ENOMEM;
+
/* Aligned to page size */
ASSERT(!(SendRingBufferSize & (PAGE_SIZE - 1)));
ASSERT(!(RecvRingBufferSize & (PAGE_SIZE - 1)));
@@ -226,12 +233,6 @@ int VmbusChannelOpen(struct vmbus_channel *NewChannel, u32 SendRingBufferSize,
NewChannel->Inbound.RingSize,
SendRingBufferSize);
- /* Create and init the channel open message */
- openInfo = kmalloc(sizeof(*openInfo) +
- sizeof(struct vmbus_channel_open_channel),
- GFP_KERNEL);
- ASSERT(openInfo != NULL);
-
openInfo->WaitEvent = osd_WaitEventCreate();
openMsg = (struct vmbus_channel_open_channel *)openInfo->Msg;
@@ -335,6 +336,7 @@ static int VmbusChannelCreateGpadlHeader(void *Kbuffer, u32 Size,
struct vmbus_channel_msginfo **MsgInfo,
u32 *MessageCount)
{
+ int err = 0;
int i;
int pageCount;
unsigned long long pfn;
@@ -365,6 +367,8 @@ static int VmbusChannelCreateGpadlHeader(void *Kbuffer, u32 Size,
sizeof(struct vmbus_channel_gpadl_header) +
sizeof(struct gpa_range) + pfnCount * sizeof(u64);
msgHeader = kzalloc(msgSize, GFP_KERNEL);
+ if (!msgHeader)
+ goto nomem;
INIT_LIST_HEAD(&msgHeader->SubMsgList);
msgHeader->MessageSize = msgSize;
@@ -399,7 +403,8 @@ static int VmbusChannelCreateGpadlHeader(void *Kbuffer, u32 Size,
sizeof(struct vmbus_channel_gpadl_body) +
pfnCurr * sizeof(u64);
msgBody = kzalloc(msgSize, GFP_KERNEL);
- ASSERT(msgBody);
+ if (!msgBody)
+ goto nomem;
msgBody->MessageSize = msgSize;
(*MessageCount)++;
gpadlBody =
@@ -426,6 +431,9 @@ static int VmbusChannelCreateGpadlHeader(void *Kbuffer, u32 Size,
sizeof(struct vmbus_channel_gpadl_header) +
sizeof(struct gpa_range) + pageCount * sizeof(u64);
msgHeader = kzalloc(msgSize, GFP_KERNEL);
+ if (!msgHeader)
+ goto nomem;
+
msgHeader->MessageSize = msgSize;
gpaHeader = (struct vmbus_channel_gpadl_header *)msgHeader->Msg;
@@ -442,6 +450,11 @@ static int VmbusChannelCreateGpadlHeader(void *Kbuffer, u32 Size,
}
return 0;
+nomem:
+ kfree(msgHeader);
+ kfree(msgBody);
+ return err;
+
}
/*
@@ -458,9 +471,9 @@ int VmbusChannelEstablishGpadl(struct vmbus_channel *Channel, void *Kbuffer,
struct vmbus_channel_gpadl_header *gpadlMsg;
struct vmbus_channel_gpadl_body *gpadlBody;
/* struct vmbus_channel_gpadl_created *gpadlCreated; */
- struct vmbus_channel_msginfo *msgInfo;
+ struct vmbus_channel_msginfo *msgInfo = NULL;
struct vmbus_channel_msginfo *subMsgInfo;
- u32 msgCount;
+ u32 msgCount = 0;
struct list_head *curr;
u32 nextGpadlHandle;
unsigned long flags;
@@ -471,8 +484,10 @@ int VmbusChannelEstablishGpadl(struct vmbus_channel *Channel, void *Kbuffer,
nextGpadlHandle = atomic_read(&gVmbusConnection.NextGpadlHandle);
atomic_inc(&gVmbusConnection.NextGpadlHandle);
- VmbusChannelCreateGpadlHeader(Kbuffer, Size, &msgInfo, &msgCount);
- ASSERT(msgInfo != NULL);
+ ret = VmbusChannelCreateGpadlHeader(Kbuffer, Size, &msgInfo, &msgCount);
+ if (ret)
+ goto nomemCleanup;
+
ASSERT(msgCount > 0);
msgInfo->WaitEvent = osd_WaitEventCreate();
@@ -540,6 +555,7 @@ Cleanup:
list_del(&msgInfo->MsgListEntry);
spin_unlock_irqrestore(&gVmbusConnection.channelmsg_lock, flags);
+nomemCleanup:
kfree(msgInfo->WaitEvent);
kfree(msgInfo);
@@ -564,7 +580,10 @@ int VmbusChannelTeardownGpadl(struct vmbus_channel *Channel, u32 GpadlHandle)
info = kmalloc(sizeof(*info) +
sizeof(struct vmbus_channel_gpadl_teardown), GFP_KERNEL);
- ASSERT(info != NULL);
+ if (!info) {
+ ret = -ENOMEM;
+ goto nomem_info;
+ }
info->WaitEvent = osd_WaitEventCreate();
@@ -594,6 +613,7 @@ int VmbusChannelTeardownGpadl(struct vmbus_channel *Channel, u32 GpadlHandle)
spin_unlock_irqrestore(&gVmbusConnection.channelmsg_lock, flags);
kfree(info->WaitEvent);
+nomem_info:
kfree(info);
DPRINT_EXIT(VMBUS);
@@ -620,7 +640,10 @@ void VmbusChannelClose(struct vmbus_channel *Channel)
/* Send a closing message */
info = kmalloc(sizeof(*info) +
sizeof(struct vmbus_channel_close_channel), GFP_KERNEL);
- ASSERT(info != NULL);
+ if (!info) {
+ ret = -ENOMEM;
+ goto nomem_info2;
+ }
/* info->waitEvent = osd_WaitEventCreate(); */
@@ -647,6 +670,7 @@ void VmbusChannelClose(struct vmbus_channel *Channel)
osd_PageFree(Channel->RingBufferPages, Channel->RingBufferPageCount);
+nomem_info2:
kfree(info);
/*
diff --git a/drivers/staging/hv/ChannelMgmt.c b/drivers/staging/hv/ChannelMgmt.c
index 8d5f305..d35be2f 100644
--- a/drivers/staging/hv/ChannelMgmt.c
+++ b/drivers/staging/hv/ChannelMgmt.c
@@ -611,7 +611,10 @@ int VmbusChannelRequestOffers(void)
msgInfo = kmalloc(sizeof(*msgInfo) +
sizeof(struct vmbus_channel_message_header),
GFP_KERNEL);
- ASSERT(msgInfo != NULL);
+ if (!msgInfo) {
+ ret = -ENOMEM;
+ goto nomem;
+ }
msgInfo->WaitEvent = osd_WaitEventCreate();
msg = (struct vmbus_channel_message_header *)msgInfo->Msg;
@@ -643,6 +646,7 @@ int VmbusChannelRequestOffers(void)
Cleanup:
kfree(msgInfo->WaitEvent);
+nomem:
kfree(msgInfo);
DPRINT_EXIT(VMBUS);
diff --git a/drivers/staging/hv/Connection.c b/drivers/staging/hv/Connection.c
index dbf0056..bca2b21 100644
--- a/drivers/staging/hv/Connection.c
+++ b/drivers/staging/hv/Connection.c
@@ -195,6 +195,10 @@ int VmbusDisconnect(void)
return -1;
msg = kzalloc(sizeof(struct vmbus_channel_message_header), GFP_KERNEL);
+ if (!msg) {
+ ret = -ENOMEM;
+ goto Cleanup;
+ }
msg->MessageType = ChannelMessageUnload;
--
1.7.1
_______________________________________________
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxx
http://driverdev.linuxdriverproject.org/mailman/listinfo/devel
