arch/x86/xen/spinlock.c | 2 ++ 1 file changed, 2 insertions(+)
kasprintf() is used for formatting strings and dynamically allocating
memory space. If memory allocation fails, kasprintf() will return NULL.
We should add a check to ensure that failure does not occur.
Fixes: d5de8841355a ("x86: split spinlock implementations out into their own files")
Signed-off-by: Ma Ke <make24@iscas.ac.cn>
---
Found this error through static analysis.
---
arch/x86/xen/spinlock.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/x86/xen/spinlock.c b/arch/x86/xen/spinlock.c
index 5c6fc16e4b92..fe3cd95c1604 100644
--- a/arch/x86/xen/spinlock.c
+++ b/arch/x86/xen/spinlock.c
@@ -75,6 +75,8 @@ void xen_init_lock_cpu(int cpu)
cpu, per_cpu(lock_kicker_irq, cpu));
name = kasprintf(GFP_KERNEL, "spinlock%d", cpu);
+ if (!name)
+ return;
per_cpu(irq_name, cpu) = name;
irq = bind_ipi_to_irqhandler(XEN_SPIN_UNLOCK_VECTOR,
cpu,
--
2.25.1On Wed, Jun 26, 2024 at 03:43:39PM +0800, Ma Ke wrote:
> kasprintf() is used for formatting strings and dynamically allocating
> memory space. If memory allocation fails, kasprintf() will return NULL.
> We should add a check to ensure that failure does not occur.
Did you also consider what happens to the machine if you omit the rest
of this function at init?
As is, it is *extremely* unlikely the machine will fail the allocation
at boot (it has all the memory unused after all) and if for some
mysterious reason it does fail, we get a nice bug halting the boot and
telling us where shit hit fan.
Now we silently continue with undefined state and will likely run into
trouble later because we failed to setup things, like that irqhandler.
At which point everybody will be needing to buy a new WTF'o'meter to
figure out WTF happened to get in that insane position.
> Fixes: d5de8841355a ("x86: split spinlock implementations out into their own files")
> Signed-off-by: Ma Ke <make24@iscas.ac.cn>
> ---
> Found this error through static analysis.
Just because your tool found something, doesn't mean you have to be a
tool and also not think about things.
Please use brain don't be a tool.
> ---
> arch/x86/xen/spinlock.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/arch/x86/xen/spinlock.c b/arch/x86/xen/spinlock.c
> index 5c6fc16e4b92..fe3cd95c1604 100644
> --- a/arch/x86/xen/spinlock.c
> +++ b/arch/x86/xen/spinlock.c
> @@ -75,6 +75,8 @@ void xen_init_lock_cpu(int cpu)
> cpu, per_cpu(lock_kicker_irq, cpu));
>
> name = kasprintf(GFP_KERNEL, "spinlock%d", cpu);
> + if (!name)
> + return;
> per_cpu(irq_name, cpu) = name;
> irq = bind_ipi_to_irqhandler(XEN_SPIN_UNLOCK_VECTOR,
> cpu,
> --
> 2.25.1
>
On 26.06.2024 09:43, Ma Ke wrote:
> kasprintf() is used for formatting strings and dynamically allocating
> memory space. If memory allocation fails, kasprintf() will return NULL.
> We should add a check to ensure that failure does not occur.
>
> Fixes: d5de8841355a ("x86: split spinlock implementations out into their own files")
> Signed-off-by: Ma Ke <make24@iscas.ac.cn>
> ---
> Found this error through static analysis.
> ---
> arch/x86/xen/spinlock.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/arch/x86/xen/spinlock.c b/arch/x86/xen/spinlock.c
> index 5c6fc16e4b92..fe3cd95c1604 100644
> --- a/arch/x86/xen/spinlock.c
> +++ b/arch/x86/xen/spinlock.c
> @@ -75,6 +75,8 @@ void xen_init_lock_cpu(int cpu)
> cpu, per_cpu(lock_kicker_irq, cpu));
>
> name = kasprintf(GFP_KERNEL, "spinlock%d", cpu);
> + if (!name)
> + return;
> per_cpu(irq_name, cpu) = name;
> irq = bind_ipi_to_irqhandler(XEN_SPIN_UNLOCK_VECTOR,
> cpu,
While yes, error checking would better be added here, this isn't enough.
You're treating an easy to diagnose issue (at the point where the NULL
would be attempted to be de-referenced) for a possibly more difficult to
diagnose issue: Any such failure will also need propagating back up the
call stack.
Jan
© 2016 - 2024 Red Hat, Inc.