[PATCH 02/11] virtio_console: Less function calls in init_vqs() after error detection

From: SF Markus Elfring
Date: Wed Sep 14 2016 - 10:01:56 EST

Next message: Tom Lendacky: "Re: [RFC PATCH v2 18/20] x86/kvm: Enable Secure Memory Encryption of nested page tables"
Previous message: Richard Cochran: "Re: [PATCH 5/9] net: ethernet: ti: cpts: add return value to tx and rx timestamp funcitons"
In reply to: SF Markus Elfring: "[PATCH 01/11] virtio_console: Use kmalloc_array() in init_vqs()"
Next in thread: SF Markus Elfring: "[PATCH 03/11] virtio_console: Rename a jump label in init()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Markus Elfring <elfring@xxxxxxxxxxxxxxxxxxxxx>
Date: Wed, 14 Sep 2016 14:00:35 +0200

The kfree() function was called in up to five cases
by the init_vqs() function during error handling even if
the passed variable contained a null pointer.

* Return directly after a call of the function "kmalloc_array" failed
at the beginning.

* Split a condition check for memory allocation failures so that
each pointer from these function calls will be checked immediately.

See also background information:
Topic "CWE-754: Improper check for unusual or exceptional conditions"
Link: https://cwe.mitre.org/data/definitions/754.html

* Adjust jump targets according to the Linux coding style convention.

Signed-off-by: Markus Elfring <elfring@xxxxxxxxxxxxxxxxxxxxx>
---
drivers/char/virtio_console.c | 32 ++++++++++++++++++++++++++------
1 file changed, 26 insertions(+), 6 deletions(-)

diff --git a/drivers/char/virtio_console.c b/drivers/char/virtio_console.c
index 325ebc6..bf0ad57 100644
--- a/drivers/char/virtio_console.c
+++ b/drivers/char/virtio_console.c
@@ -1882,20 +1882,37 @@ static int init_vqs(struct ports_device *portdev)
nr_queues = use_multiport(portdev) ? (nr_ports + 1) * 2 : 2;

vqs = kmalloc_array(nr_queues, sizeof(*vqs), GFP_KERNEL);
+ if (!vqs)
+ return -ENOMEM;
+
io_callbacks = kmalloc_array(nr_queues,
sizeof(*io_callbacks),
GFP_KERNEL);
+ if (!io_callbacks) {
+ err = -ENOMEM;
+ goto free_vqs;
+ }
+
io_names = kmalloc_array(nr_queues, sizeof(*io_names), GFP_KERNEL);
+ if (!io_names) {
+ err = -ENOMEM;
+ goto free_callbacks;
+ }
+
portdev->in_vqs = kmalloc_array(nr_ports,
sizeof(*portdev->in_vqs),
GFP_KERNEL);
+ if (!portdev->in_vqs) {
+ err = -ENOMEM;
+ goto free_names;
+ }
+
portdev->out_vqs = kmalloc_array(nr_ports,
sizeof(*portdev->out_vqs),
GFP_KERNEL);
- if (!vqs || !io_callbacks || !io_names || !portdev->in_vqs ||
- !portdev->out_vqs) {
+ if (!portdev->out_vqs) {
err = -ENOMEM;
- goto free;
+ goto free_in_vqs;
}

/*
@@ -1929,7 +1946,7 @@ static int init_vqs(struct ports_device *portdev)
io_callbacks,
(const char **)io_names);
if (err)
- goto free;
+ goto free_out_vqs;

j = 0;
portdev->in_vqs[0] = vqs[0];
@@ -1950,12 +1967,15 @@ static int init_vqs(struct ports_device *portdev)
kfree(vqs);

return 0;
-
-free:
+ free_out_vqs:
kfree(portdev->out_vqs);
+ free_in_vqs:
kfree(portdev->in_vqs);
+ free_names:
kfree(io_names);
+ free_callbacks:
kfree(io_callbacks);
+ free_vqs:
kfree(vqs);

return err;
--
2.10.0

Next message: Tom Lendacky: "Re: [RFC PATCH v2 18/20] x86/kvm: Enable Secure Memory Encryption of nested page tables"
Previous message: Richard Cochran: "Re: [PATCH 5/9] net: ethernet: ti: cpts: add return value to tx and rx timestamp funcitons"
In reply to: SF Markus Elfring: "[PATCH 01/11] virtio_console: Use kmalloc_array() in init_vqs()"
Next in thread: SF Markus Elfring: "[PATCH 03/11] virtio_console: Rename a jump label in init()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]