Re: [PATCH v2] lkdtm/bugs: Check for the NULL pointer after calling kmalloc

From: Kees Cook
Date: Wed Jan 19 2022 - 13:45:37 EST


On Wed, Jan 19, 2022 at 08:20:55PM +0800, Jiasheng Jiang wrote:
> As the possible failure of the kmalloc(), the not_checked and checked
> could be NULL pointer.
> Therefore, it should be better to check it in order to avoid the
> dereference of the NULL pointer.
> Also, we need to kfree the 'not_checked' and 'checked' to avoid
> the memory leak if fails.
> And since it is just a test, it may directly return without error
> number.
>
> Fixes: ae2e1aad3e48 ("drivers/misc/lkdtm/bugs.c: add arithmetic overflow and array bounds checks")
> Signed-off-by: Jiasheng Jiang <jiasheng@xxxxxxxxxxx>
> ---
> Changelog
>
> v1 -> v2
>
> * Change 1. Add the kfree if fails.
> ---
> drivers/misc/lkdtm/bugs.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/drivers/misc/lkdtm/bugs.c b/drivers/misc/lkdtm/bugs.c
> index f4cb94a9aa9c..c35ea54824ac 100644
> --- a/drivers/misc/lkdtm/bugs.c
> +++ b/drivers/misc/lkdtm/bugs.c
> @@ -325,6 +325,11 @@ void lkdtm_ARRAY_BOUNDS(void)
>
> not_checked = kmalloc(sizeof(*not_checked) * 2, GFP_KERNEL);
> checked = kmalloc(sizeof(*checked) * 2, GFP_KERNEL);
> + if (!not_checked || !checked) {
> + kfree(not_checked);
> + kfree(checked);
> + return;
> + }

This should explicitly yell about the memory failure. See the other
error cases for examples. I'd expect something like this before the
return:

pr_err("FAIL: could not allocate required buffers\n");

-Kees

>
> pr_info("Array access within bounds ...\n");
> /* For both, touch all bytes in the actual member size. */
> --
> 2.25.1
>

--
Kees Cook