Re: [PATCH v2] IB/hfi1: Fix possible null-pointer dereference in _extend_sdma_tx_descs()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Aug 06, 2021 at 01:39:53AM -0700, Tuo Li wrote:
> kmalloc_array() is called to allocate memory for tx->descp. If it fails,
> the function __sdma_txclean() is called:
>   __sdma_txclean(dd, tx);
> 
> However, in the function __sdma_txclean(), tx-descp is dereferenced if
> tx->num_desc is not zero:
>   sdma_unmap_desc(dd, &tx->descp[0]);
> 
> To fix this possible null-pointer dereference, assign the return value of
> kmalloc_array() to a local variable descp, and then assign it to tx->descp
> if it is not NULL. Otherwise, go to enomem.
> 
> Reported-by: TOTE Robot <oslab@xxxxxxxxxxxxxxx>
> Signed-off-by: Tuo Li <islituo@xxxxxxxxx>
> ---
> v2:
> * Assign the return value of kmalloc_array() to a local variable and then
> check it instead of assigning 0 to tx->num_desc when memory allocation
> fails.
>   Thank Mike Marciniszyn for helpful advice.
> ---
>  drivers/infiniband/hw/hfi1/sdma.c | 11 ++++++-----
>  1 file changed, 6 insertions(+), 5 deletions(-)

Fixes line?

Jason



[Index of Archives]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Photo]     [Yosemite News]     [Yosemite Photos]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux