On Tue, Jun 04, 2024 at 04:02:28PM +0100, Simon Horman wrote:
> On Fri, May 31, 2024 at 12:14:56PM -0700, Kees Cook wrote:
> > + for (idx = 0; idx < ARRAY_SIZE(kmalloc_caches[KMALLOC_NORMAL]); idx++) {
> > + char *short_size, *cache_name;
> > + unsigned int cache_useroffset, cache_usersize;
> > + unsigned int size;
> > +
> > + if (!kmalloc_caches[KMALLOC_NORMAL][idx])
> > + continue;
> > +
> > + size = kmalloc_caches[KMALLOC_NORMAL][idx]->object_size;
> > + if (!size)
> > + continue;
> > +
> > + short_size = strchr(kmalloc_caches[KMALLOC_NORMAL][idx]->name, '-');
> > + if (WARN_ON(!short_size))
> > + goto fail;
> > +
> > + cache_name = kasprintf(GFP_KERNEL, "%s-%s", name, short_size + 1);
> > + if (WARN_ON(!cache_name))
> > + goto fail;
> > +
> > + if (useroffset >= size) {
> > + cache_useroffset = 0;
> > + cache_usersize = 0;
> > + } else {
> > + cache_useroffset = useroffset;
> > + cache_usersize = min(size - cache_useroffset, usersize);
> > + }
> > + (*b)[idx] = kmem_cache_create_usercopy(cache_name, size,
> > + align, flags, cache_useroffset,
> > + cache_usersize, ctor);
> > + kfree(cache_name);
> > + if (WARN_ON(!(*b)[idx]))
> > + goto fail;
> > + }
> > +
> > + return b;
> > +
> > +fail:
> > + for (idx = 0; idx < ARRAY_SIZE(kmalloc_caches[KMALLOC_NORMAL]); idx++) {
> > + if ((*b)[idx])
> > + kmem_cache_destroy((*b)[idx]);
>
> nit: I don't think it is necessary to guard this with a check for NULL.
Isn't it? What if a kasprintf() fails halfway through the loop?
Tycho
