LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
From: Gen Zhang <blackgod016574@gmail.com>
To: Nicolas Pitre <nico@fluxnic.net>
Cc: linux-kernel@vger.kernel.org
Subject: Re: [PATCH v2] vt: Fix a missing-check bug in drivers/tty/vt/vt.c
Date: Tue, 21 May 2019 12:00:19 +0800 [thread overview]
Message-ID: <20190521040019.GD5263@zhanggen-UX430UQ> (raw)
In-Reply-To: <nycvar.YSQ.7.76.1905202323290.1558@knanqh.ubzr>
On Mon, May 20, 2019 at 11:26:20PM -0400, Nicolas Pitre wrote:
> On Tue, 21 May 2019, Gen Zhang wrote:
>
> > On Mon, May 20, 2019 at 10:55:40PM -0400, Nicolas Pitre wrote:
> > > On Tue, 21 May 2019, Gen Zhang wrote:
> > >
> > > > In function con_init(), the pointer variable vc_cons[currcons].d, vc and
> > > > vc->vc_screenbuf is allocated a memory space via kzalloc(). And they are
> > > > used in the following codes.
> > > > However, when there is a memory allocation error, kzalloc() can fail.
> > > > Thus null pointer (vc_cons[currcons].d, vc and vc->vc_screenbuf)
> > > > dereference may happen. And it will cause the kernel to crash. Therefore,
> > > > we should check return value and handle the error.
> > > > Further,the loop condition MIN_NR_CONSOLES is defined as 1 in
> > > > include/uapi/linux/vt.h. So there is no need to unwind the loop.
> > >
> > > But what if someone changes that define? It won't be obvious that some
> > > code did rely on it to be defined to 1.
> > I re-examine the source code. MIN_NR_CONSOLES is only defined once and
> > no other changes to it.
>
> Yes, that is true today. But if someone changes that in the future, how
> will that person know that you relied on it to be 1 for not needing to
> unwind the loop?
>
>
> Nicolas
Hi Nicolas,
Thanks for your explaination! And I got your point. And is this way
proper?
err_vc_screenbuf:
kfree(vc);
for (currcons = 0; currcons < MIN_NR_CONSOLES; currcons++)
vc_cons[currcons].d = NULL;
return -ENOMEM;
err_vc:
console_unlock();
return -ENOMEM;
Thanks
Gen
next prev parent reply other threads:[~2019-05-21 4:00 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-21 2:29 Gen Zhang
2019-05-21 2:55 ` Nicolas Pitre
2019-05-21 3:09 ` Gen Zhang
2019-05-21 3:26 ` Nicolas Pitre
2019-05-21 4:00 ` Gen Zhang [this message]
2019-05-21 4:30 ` Nicolas Pitre
2019-05-21 7:39 ` Gen Zhang
2019-05-22 2:43 ` Nicolas Pitre
2019-05-22 8:10 ` Gen Zhang
2019-05-22 12:19 ` [PATCH v3] " Gen Zhang
2019-05-22 14:18 ` Nicolas Pitre
2019-05-24 2:27 ` [PATCH v3] vt: Fix a missing-check bug in con_init() Gen Zhang
2019-05-21 3:21 ` [PATCH v3] vt: Fix a missing-check bug in drivers/tty/vt/vt.c Gen Zhang
2019-05-21 6:46 ` Oleksandr Natalenko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190521040019.GD5263@zhanggen-UX430UQ \
--to=blackgod016574@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=nico@fluxnic.net \
--subject='Re: [PATCH v2] vt: Fix a missing-check bug in drivers/tty/vt/vt.c' \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).