LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
From: Gen Zhang <blackgod016574@gmail.com>
To: Greg KH <gregkh@linuxfoundation.org>
Cc: linux-kernel <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] vt: Fix a missing-check bug in drivers/tty/vt/vt.c file of Linux 5.0.14
Date: Sun, 12 May 2019 16:49:39 +0800	[thread overview]
Message-ID: <20190512084916.GA4615@zhanggen-UX430UQ> (raw)
In-Reply-To: <20190512062009.GA25153@kroah.com>

On Sun, May 12, 2019 at 08:20:09AM +0200, Greg KH wrote:
> Yes, that worked!  Now, can you resend it in a proper format that I can
> apply it in?  (with changelog text, signed-off-by, etc.) as described in
> Documentation/SubmittingPatches, I will be glad to review it after the
> 5.2-rc1 release happens.
> 
> thanks,
> 
> greg k-h
From: Gen Zhang <blackgod016574@gmail.com>
Date: Sun, 11 May 2019 15:31:30 +0000
Subject: [PATCH] vt: Fix a missing-check bug in drivers/tty/vt/vt.c file of Linux 5.0.14

Hi,
I found this missing-check bug in drivers/tty/vt/vt.c when I was examining the source code. 

In function con_init(), the pointer variable vc_cons[currcons].d, vc and vc->vc_screenbuf is allocated a memory space via kzalloc(). 
And they are used in the following codes. 

However, when there is a memory allocation error, kzalloc can  be failed. 
Thus null pointer (vc_cons[currcons].d, vc and vc->vc_screenbuf) dereference may happen. 
And it will cause the kernel to crash. Therefore, we should check return value and handle an error.

And this patch works in 5.1.1.

Thank you!

Kind regards
Gen

Signed-off-by: Gen Zhang <blackgod016574@gmail.com>
---
--- drivers/tty/vt/vt.c
+++ drivers/tty/vt/vt.c
@@ -3349,10 +3349,14 @@ static int __init con_init(void)
 
 	for (currcons = 0; currcons < MIN_NR_CONSOLES; currcons++) {
 		vc_cons[currcons].d = vc = kzalloc(sizeof(struct vc_data), GFP_NOWAIT);
+		if (!vc_cons[currcons].d || !vc)
+			goto err_vc;
 		INIT_WORK(&vc_cons[currcons].SAK_work, vc_SAK);
 		tty_port_init(&vc->port);
 		visual_init(vc, currcons, 1);
 		vc->vc_screenbuf = kzalloc(vc->vc_screenbuf_size, GFP_NOWAIT);
+		if (!vc->vc_screenbuf)
+			goto err_vc_screenbuf;
 		vc_init(vc, vc->vc_rows, vc->vc_cols,
 			currcons || !vc->vc_sw->con_save_screen);
 	}
@@ -3374,6 +3378,14 @@ static int __init con_init(void)
 	register_console(&vt_console_driver);
 #endif
 	return 0;
+err_vc:
+	console_unlock();
+	return -ENOMEM;
+err_vc_screenbuf:
+	console_unlock();
+	kfree(vc);
+	vc_cons[currcons].d = NULL;
+	return -ENOMEM;
 }
 console_initcall(con_init);
 
---

  reply	other threads:[~2019-05-12  8:49 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <CAAie0ar11_mPipN=d=mrgnVdEMO1Np0cCYdqcRfZrij_d-5zaQ@mail.gmail.com>
     [not found] ` <20190510051415.GA6073@kroah.com>
     [not found]   ` <CAAie0ao_O0hcUOuUf67oog+dSswdQRpAtX8NyQvDAr_XQr=xQg@mail.gmail.com>
2019-05-10 15:12     ` Greg KH
     [not found]       ` <CAAie0arnSxFvkNE1KSxD1a19_PQy03Q4RSiLZo9t7C9LeKkA9w@mail.gmail.com>
2019-05-11  6:07         ` Greg KH
2019-05-12  3:27           ` Gen Zhang
2019-05-12  6:20             ` Greg KH
2019-05-12  8:49               ` Gen Zhang [this message]
2019-05-13  7:36                 ` Greg KH
2019-05-13  9:37                   ` Gen Zhang
2019-05-13  9:58                     ` Greg KH
2019-05-13 11:33                       ` Gen Zhang
2019-05-16  9:07                       ` Gen Zhang

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190512084916.GA4615@zhanggen-UX430UQ \
    --to=blackgod016574@gmail.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=linux-kernel@vger.kernel.org \
    --subject='Re: [PATCH] vt: Fix a missing-check bug in drivers/tty/vt/vt.c file of Linux 5.0.14' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).