1. Patchew
  2. linux
  3. View series

[PATCH] s390/sclp: Add check for get_zeroed_page()

Haoxiang Li posted 1 patch 10 months ago
There is a newer version of this series
drivers/s390/char/sclp_con.c | 2 ++
1 file changed, 2 insertions(+)
[PATCH] s390/sclp: Add check for get_zeroed_page()
Posted by Haoxiang Li 10 months ago 
Add check for the return value of get_zeroed_page() in
sclp_console_init() to prevent null pointer dereference.

Fixes: 4c8f4794b61e ("[S390] sclp console: convert from bootmem to slab")
Cc: stable@vger.kernel.org
Signed-off-by: Haoxiang Li <haoxiang_li2024@163.com>
---
 drivers/s390/char/sclp_con.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/s390/char/sclp_con.c b/drivers/s390/char/sclp_con.c
index e5d947c763ea..7447076b1ec1 100644
--- a/drivers/s390/char/sclp_con.c
+++ b/drivers/s390/char/sclp_con.c
@@ -282,6 +282,8 @@ sclp_console_init(void)
 	/* Allocate pages for output buffering */
 	for (i = 0; i < sclp_console_pages; i++) {
 		page = (void *) get_zeroed_page(GFP_KERNEL | GFP_DMA);
+		if (!page)
+			return -ENOMEM;
 		list_add_tail(page, &sclp_con_pages);
 	}
 	sclp_conbuf = NULL;
-- 
2.25.1
Re: [PATCH] s390/sclp: Add check for get_zeroed_page()
Posted by Heiko Carstens 10 months ago 
On Mon, Feb 17, 2025 at 11:31:46PM +0800, Haoxiang Li wrote:
> Add check for the return value of get_zeroed_page() in
> sclp_console_init() to prevent null pointer dereference.
> 
> Fixes: 4c8f4794b61e ("[S390] sclp console: convert from bootmem to slab")
> Cc: stable@vger.kernel.org
> Signed-off-by: Haoxiang Li <haoxiang_li2024@163.com>
> ---
>  drivers/s390/char/sclp_con.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/drivers/s390/char/sclp_con.c b/drivers/s390/char/sclp_con.c
> index e5d947c763ea..7447076b1ec1 100644
> --- a/drivers/s390/char/sclp_con.c
> +++ b/drivers/s390/char/sclp_con.c
> @@ -282,6 +282,8 @@ sclp_console_init(void)
>  	/* Allocate pages for output buffering */
>  	for (i = 0; i < sclp_console_pages; i++) {
>  		page = (void *) get_zeroed_page(GFP_KERNEL | GFP_DMA);
> +		if (!page)
> +			return -ENOMEM;
>  		list_add_tail(page, &sclp_con_pages);

We can add this check, however if this early allocation would fail a
null pointer dereference would be the last problem we would have to
think about.

Anyway:
Acked-by: Heiko Carstens <hca@linux.ibm.com>
Re: [PATCH] s390/sclp: Add check for get_zeroed_page()
Posted by Heiko Carstens 10 months ago 
On Mon, Feb 17, 2025 at 05:01:17PM +0100, Heiko Carstens wrote:
> On Mon, Feb 17, 2025 at 11:31:46PM +0800, Haoxiang Li wrote:
> > diff --git a/drivers/s390/char/sclp_con.c b/drivers/s390/char/sclp_con.c
> > index e5d947c763ea..7447076b1ec1 100644
> > --- a/drivers/s390/char/sclp_con.c
> > +++ b/drivers/s390/char/sclp_con.c
> > @@ -282,6 +282,8 @@ sclp_console_init(void)
> >  	/* Allocate pages for output buffering */
> >  	for (i = 0; i < sclp_console_pages; i++) {
> >  		page = (void *) get_zeroed_page(GFP_KERNEL | GFP_DMA);
> > +		if (!page)
> > +			return -ENOMEM;
> >  		list_add_tail(page, &sclp_con_pages);
> 
> We can add this check, however if this early allocation would fail a
> null pointer dereference would be the last problem we would have to
> think about.
> 
> Anyway:
> Acked-by: Heiko Carstens <hca@linux.ibm.com>

Wait, I take that back. Now I think I remember why I didn't add error
handling back then: the above exit would also indicate a potential
memory leak, since this is a loop allocating several pages; so all
already allocated pages must be freed, which would ask for even more
completely pointless error handling.

This is very early code where any allocation failure would lead to a
crash in any case. So either do the full exercise or we leave the code
as it is.

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.