The return from k*alloc() should be checked and action taking for when the allocation fails. In many places hv did this with an ASSERT() call or didn't check the value at all.
Signed-off-by: Bill Pemberton <[email protected]> --- drivers/staging/hv/Channel.c | 50 ++++++++++++++++++++++++++++---------- drivers/staging/hv/ChannelMgmt.c | 6 ++++- drivers/staging/hv/Connection.c | 4 +++ 3 files changed, 46 insertions(+), 14 deletions(-) diff --git a/drivers/staging/hv/Channel.c b/drivers/staging/hv/Channel.c index 328d3a0..94e5214 100644 --- a/drivers/staging/hv/Channel.c +++ b/drivers/staging/hv/Channel.c @@ -181,6 +181,13 @@ int VmbusChannelOpen(struct vmbus_channel *NewChannel, u32 SendRingBufferSize, DPRINT_ENTER(VMBUS); + /* Create and init the channel open message */ + openInfo = kmalloc(sizeof(*openInfo) + + sizeof(struct vmbus_channel_open_channel), + GFP_KERNEL); + if (!openInfo) + return -ENOMEM; + /* Aligned to page size */ ASSERT(!(SendRingBufferSize & (PAGE_SIZE - 1))); ASSERT(!(RecvRingBufferSize & (PAGE_SIZE - 1))); @@ -226,12 +233,6 @@ int VmbusChannelOpen(struct vmbus_channel *NewChannel, u32 SendRingBufferSize, NewChannel->Inbound.RingSize, SendRingBufferSize); - /* Create and init the channel open message */ - openInfo = kmalloc(sizeof(*openInfo) + - sizeof(struct vmbus_channel_open_channel), - GFP_KERNEL); - ASSERT(openInfo != NULL); - openInfo->WaitEvent = osd_WaitEventCreate(); openMsg = (struct vmbus_channel_open_channel *)openInfo->Msg; @@ -335,6 +336,7 @@ static int VmbusChannelCreateGpadlHeader(void *Kbuffer, u32 Size, struct vmbus_channel_msginfo **MsgInfo, u32 *MessageCount) { + int err = 0; int i; int pageCount; unsigned long long pfn; @@ -365,6 +367,8 @@ static int VmbusChannelCreateGpadlHeader(void *Kbuffer, u32 Size, sizeof(struct vmbus_channel_gpadl_header) + sizeof(struct gpa_range) + pfnCount * sizeof(u64); msgHeader = kzalloc(msgSize, GFP_KERNEL); + if (!msgHeader) + goto nomem; INIT_LIST_HEAD(&msgHeader->SubMsgList); msgHeader->MessageSize = msgSize; @@ -399,7 +403,8 @@ static int VmbusChannelCreateGpadlHeader(void *Kbuffer, u32 Size, sizeof(struct vmbus_channel_gpadl_body) + pfnCurr * sizeof(u64); msgBody = kzalloc(msgSize, GFP_KERNEL); - ASSERT(msgBody); + if (!msgBody) + goto nomem; msgBody->MessageSize = msgSize; (*MessageCount)++; gpadlBody = @@ -426,6 +431,9 @@ static int VmbusChannelCreateGpadlHeader(void *Kbuffer, u32 Size, sizeof(struct vmbus_channel_gpadl_header) + sizeof(struct gpa_range) + pageCount * sizeof(u64); msgHeader = kzalloc(msgSize, GFP_KERNEL); + if (!msgHeader) + goto nomem; + msgHeader->MessageSize = msgSize; gpaHeader = (struct vmbus_channel_gpadl_header *)msgHeader->Msg; @@ -442,6 +450,11 @@ static int VmbusChannelCreateGpadlHeader(void *Kbuffer, u32 Size, } return 0; +nomem: + kfree(msgHeader); + kfree(msgBody); + return err; + } /* @@ -458,9 +471,9 @@ int VmbusChannelEstablishGpadl(struct vmbus_channel *Channel, void *Kbuffer, struct vmbus_channel_gpadl_header *gpadlMsg; struct vmbus_channel_gpadl_body *gpadlBody; /* struct vmbus_channel_gpadl_created *gpadlCreated; */ - struct vmbus_channel_msginfo *msgInfo; + struct vmbus_channel_msginfo *msgInfo = NULL; struct vmbus_channel_msginfo *subMsgInfo; - u32 msgCount; + u32 msgCount = 0; struct list_head *curr; u32 nextGpadlHandle; unsigned long flags; @@ -471,8 +484,10 @@ int VmbusChannelEstablishGpadl(struct vmbus_channel *Channel, void *Kbuffer, nextGpadlHandle = atomic_read(&gVmbusConnection.NextGpadlHandle); atomic_inc(&gVmbusConnection.NextGpadlHandle); - VmbusChannelCreateGpadlHeader(Kbuffer, Size, &msgInfo, &msgCount); - ASSERT(msgInfo != NULL); + ret = VmbusChannelCreateGpadlHeader(Kbuffer, Size, &msgInfo, &msgCount); + if (ret) + goto nomemCleanup; + ASSERT(msgCount > 0); msgInfo->WaitEvent = osd_WaitEventCreate(); @@ -540,6 +555,7 @@ Cleanup: list_del(&msgInfo->MsgListEntry); spin_unlock_irqrestore(&gVmbusConnection.channelmsg_lock, flags); +nomemCleanup: kfree(msgInfo->WaitEvent); kfree(msgInfo); @@ -564,7 +580,10 @@ int VmbusChannelTeardownGpadl(struct vmbus_channel *Channel, u32 GpadlHandle) info = kmalloc(sizeof(*info) + sizeof(struct vmbus_channel_gpadl_teardown), GFP_KERNEL); - ASSERT(info != NULL); + if (!info) { + ret = -ENOMEM; + goto nomem_info; + } info->WaitEvent = osd_WaitEventCreate(); @@ -594,6 +613,7 @@ int VmbusChannelTeardownGpadl(struct vmbus_channel *Channel, u32 GpadlHandle) spin_unlock_irqrestore(&gVmbusConnection.channelmsg_lock, flags); kfree(info->WaitEvent); +nomem_info: kfree(info); DPRINT_EXIT(VMBUS); @@ -620,7 +640,10 @@ void VmbusChannelClose(struct vmbus_channel *Channel) /* Send a closing message */ info = kmalloc(sizeof(*info) + sizeof(struct vmbus_channel_close_channel), GFP_KERNEL); - ASSERT(info != NULL); + if (!info) { + ret = -ENOMEM; + goto nomem_info2; + } /* info->waitEvent = osd_WaitEventCreate(); */ @@ -647,6 +670,7 @@ void VmbusChannelClose(struct vmbus_channel *Channel) osd_PageFree(Channel->RingBufferPages, Channel->RingBufferPageCount); +nomem_info2: kfree(info); /* diff --git a/drivers/staging/hv/ChannelMgmt.c b/drivers/staging/hv/ChannelMgmt.c index 8d5f305..d35be2f 100644 --- a/drivers/staging/hv/ChannelMgmt.c +++ b/drivers/staging/hv/ChannelMgmt.c @@ -611,7 +611,10 @@ int VmbusChannelRequestOffers(void) msgInfo = kmalloc(sizeof(*msgInfo) + sizeof(struct vmbus_channel_message_header), GFP_KERNEL); - ASSERT(msgInfo != NULL); + if (!msgInfo) { + ret = -ENOMEM; + goto nomem; + } msgInfo->WaitEvent = osd_WaitEventCreate(); msg = (struct vmbus_channel_message_header *)msgInfo->Msg; @@ -643,6 +646,7 @@ int VmbusChannelRequestOffers(void) Cleanup: kfree(msgInfo->WaitEvent); +nomem: kfree(msgInfo); DPRINT_EXIT(VMBUS); diff --git a/drivers/staging/hv/Connection.c b/drivers/staging/hv/Connection.c index dbf0056..bca2b21 100644 --- a/drivers/staging/hv/Connection.c +++ b/drivers/staging/hv/Connection.c @@ -195,6 +195,10 @@ int VmbusDisconnect(void) return -1; msg = kzalloc(sizeof(struct vmbus_channel_message_header), GFP_KERNEL); + if (!msg) { + ret = -ENOMEM; + goto Cleanup; + } msg->MessageType = ChannelMessageUnload; -- 1.7.1 _______________________________________________ devel mailing list [email protected] http://driverdev.linuxdriverproject.org/mailman/listinfo/devel
