On Sun, May 12, 2019 at 04:49:39PM +0800, Gen Zhang wrote: > On Sun, May 12, 2019 at 08:20:09AM +0200, Greg KH wrote: > > Yes, that worked! Now, can you resend it in a proper format that I can > > apply it in? (with changelog text, signed-off-by, etc.) as described in > > Documentation/SubmittingPatches, I will be glad to review it after the > > 5.2-rc1 release happens. > > > > thanks, > > > > greg k-h > From: Gen Zhang <blackgod016...@gmail.com> > Date: Sun, 11 May 2019 15:31:30 +0000 > Subject: [PATCH] vt: Fix a missing-check bug in drivers/tty/vt/vt.c file of > Linux 5.0.14
Better, but no need for this to be in the body, just send it like any other patch on the mailing list. > > Hi, > I found this missing-check bug in drivers/tty/vt/vt.c when I was examining > the source code. That doesn't need to be in the changelog text. > > In function con_init(), the pointer variable vc_cons[currcons].d, vc and > vc->vc_screenbuf is allocated a memory space via kzalloc(). > And they are used in the following codes. Properly wrap your lines at 72 columns please. > > However, when there is a memory allocation error, kzalloc can be failed. > Thus null pointer (vc_cons[currcons].d, vc and vc->vc_screenbuf) dereference > may happen. > And it will cause the kernel to crash. Therefore, we should check return > value and handle an error. > > And this patch works in 5.1.1. No need to say that. > > Thank you! > > Kind regards > Gen Or that :) > > Signed-off-by: Gen Zhang <blackgod016...@gmail.com> > --- > --- drivers/tty/vt/vt.c > +++ drivers/tty/vt/vt.c > @@ -3349,10 +3349,14 @@ static int __init con_init(void) > > for (currcons = 0; currcons < MIN_NR_CONSOLES; currcons++) { > vc_cons[currcons].d = vc = kzalloc(sizeof(struct vc_data), > GFP_NOWAIT); > + if (!vc_cons[currcons].d || !vc) > + goto err_vc; What about the other memory that was allocated? You never free that. > INIT_WORK(&vc_cons[currcons].SAK_work, vc_SAK); > tty_port_init(&vc->port); > visual_init(vc, currcons, 1); > vc->vc_screenbuf = kzalloc(vc->vc_screenbuf_size, GFP_NOWAIT); > + if (!vc->vc_screenbuf) > + goto err_vc_screenbuf; Same here, you are now leaking memory. Did you test this patch out with a kmalloc function that can fail? If not, please try to do so. thanks, greg k-h