diff options
author | Julia Lawall <julia@diku.dk> | 2009-08-07 09:00:34 +0200 |
---|---|---|
committer | Benjamin Herrenschmidt <benh@kernel.crashing.org> | 2009-08-20 02:27:17 +0200 |
commit | 6c75933c00049bee59562a18843a4f133ec2bfe4 (patch) | |
tree | 57618062dd88af2c186610a5f880df48257f8d24 /arch/powerpc/sysdev | |
parent | powerpc/fsl-booke: read buffer overflow (diff) | |
download | linux-6c75933c00049bee59562a18843a4f133ec2bfe4.tar.xz linux-6c75933c00049bee59562a18843a4f133ec2bfe4.zip |
powerpc/fsl_rio: Add kmalloc NULL tests
Check that the result of kmalloc/kzalloc is not NULL before dereferencing it.
The semantic match that finds this problem is as follows:
(http://coccinelle.lip6.fr/)
// <smpl>
@@
expression *x;
identifier f;
constant char *C;
@@
x = \(kmalloc\|kcalloc\|kzalloc\)(...);
... when != x == NULL
when != x != NULL
when != (x || ...)
(
kfree(x)
|
f(...,C,...,x,...)
|
*f(...,x,...)
|
*x->f
)
// </smpl>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Kumar Gala <galak@kernel.crashing.org>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Diffstat (limited to 'arch/powerpc/sysdev')
-rw-r--r-- | arch/powerpc/sysdev/fsl_rio.c | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/arch/powerpc/sysdev/fsl_rio.c b/arch/powerpc/sysdev/fsl_rio.c index cbb3bed75d3c..757a83fe5e59 100644 --- a/arch/powerpc/sysdev/fsl_rio.c +++ b/arch/powerpc/sysdev/fsl_rio.c @@ -1057,6 +1057,10 @@ int fsl_rio_setup(struct of_device *dev) law_start, law_size); ops = kmalloc(sizeof(struct rio_ops), GFP_KERNEL); + if (!ops) { + rc = -ENOMEM; + goto err_ops; + } ops->lcread = fsl_local_config_read; ops->lcwrite = fsl_local_config_write; ops->cread = fsl_rio_config_read; @@ -1064,6 +1068,10 @@ int fsl_rio_setup(struct of_device *dev) ops->dsend = fsl_rio_doorbell_send; port = kzalloc(sizeof(struct rio_mport), GFP_KERNEL); + if (!port) { + rc = -ENOMEM; + goto err_port; + } port->id = 0; port->index = 0; @@ -1071,7 +1079,7 @@ int fsl_rio_setup(struct of_device *dev) if (!priv) { printk(KERN_ERR "Can't alloc memory for 'priv'\n"); rc = -ENOMEM; - goto err; + goto err_priv; } INIT_LIST_HEAD(&port->dbells); @@ -1169,11 +1177,13 @@ int fsl_rio_setup(struct of_device *dev) return 0; err: - if (priv) - iounmap(priv->regs_win); - kfree(ops); + iounmap(priv->regs_win); kfree(priv); +err_priv: kfree(port); +err_port: + kfree(ops); +err_ops: return rc; } |