On Thu, Nov 06, 2014 at 01:11:17AM +0900, Daniel Dressler wrote: > Kernel space allocations can fail. This patch > fixes a crash condition upon allocation failure. > > Should this condition occur init_firmware() will > goto its error handler and declare download failure. > > Of interesting note is that prior to this patch > fw_download_code() could never fail yet our caller > checked the return value. > > Reported-by: RUC_Soft_Sec <rucsoftsec@xxxxxxxxx> > Signed-off-by: Daniel Dressler <danieru.dressler@xxxxxxxxx> > --- > drivers/staging/rtl8192e/rtl8192e/r8192E_firmware.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/drivers/staging/rtl8192e/rtl8192e/r8192E_firmware.c b/drivers/staging/rtl8192e/rtl8192e/r8192E_firmware.c > index 2e28744..e4257fe 100644 > --- a/drivers/staging/rtl8192e/rtl8192e/r8192E_firmware.c > +++ b/drivers/staging/rtl8192e/rtl8192e/r8192E_firmware.c > @@ -61,6 +61,9 @@ static bool fw_download_code(struct net_device *dev, u8 *code_virtual_address, > } > > skb = dev_alloc_skb(frag_length + 4); > + if (!skb) > + return false; Lots of people try to fix this "warning" in this manner. But you have to do more work here than just a simple "return false;", you need to unwind all of the work you have done up to this point, which is a non-trivial task... I'd recommend looking at how other drivers of this manufacturer handle this type of operation to get a better idea of how to rewrite this function. good luck, greg k-h _______________________________________________ devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxx http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
