Message ID | 20221110025834.1624394-1-linmq006@gmail.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | module: Fix NULL vs IS_ERR checking for module_get_next_page | expand |
On Thu, Nov 10, 2022 at 06:58:34AM +0400, Miaoqian Lin wrote: > The module_get_next_page() function return error pointers on error > instead of NULL. > Use IS_ERR() to check the return value to fix this. > > Fixes: b1ae6dc41eaa ("module: add in-kernel support for decompressing") > Signed-off-by: Miaoqian Lin <linmq006@gmail.com> > --- Thanks queued up. How did you find out? Just code inspection? I see chances are low of this triggering, but just curious how you found it. Luis
Hi, On 2022/11/10 12:09, Luis Chamberlain wrote: > On Thu, Nov 10, 2022 at 06:58:34AM +0400, Miaoqian Lin wrote: >> The module_get_next_page() function return error pointers on error >> instead of NULL. >> Use IS_ERR() to check the return value to fix this. >> >> Fixes: b1ae6dc41eaa ("module: add in-kernel support for decompressing") >> Signed-off-by: Miaoqian Lin <linmq006@gmail.com> >> --- > Thanks queued up. How did you find out? Just code inspection? I see > chances are low of this triggering, but just curious how you found it. I found this by static analysis, specifically, I obtained functions that return error pointers and inspected whether their callers followed the correct specification. > Luis
On Thu, Nov 10, 2022 at 12:18:50PM +0800, Miaoqian Lin wrote: > Hi, > > On 2022/11/10 12:09, Luis Chamberlain wrote: > > On Thu, Nov 10, 2022 at 06:58:34AM +0400, Miaoqian Lin wrote: > >> The module_get_next_page() function return error pointers on error > >> instead of NULL. > >> Use IS_ERR() to check the return value to fix this. > >> > >> Fixes: b1ae6dc41eaa ("module: add in-kernel support for decompressing") > >> Signed-off-by: Miaoqian Lin <linmq006@gmail.com> > >> --- > > Thanks queued up. How did you find out? Just code inspection? I see > > chances are low of this triggering, but just curious how you found it. > I found this by static analysis, specifically, I obtained functions that return error pointers and > inspected whether their callers followed the correct specification. Which one did you use? Luis
On 2022/11/10 14:05, Luis Chamberlain wrote: > On Thu, Nov 10, 2022 at 12:18:50PM +0800, Miaoqian Lin wrote: >> Hi, >> >> On 2022/11/10 12:09, Luis Chamberlain wrote: >>> On Thu, Nov 10, 2022 at 06:58:34AM +0400, Miaoqian Lin wrote: >>>> The module_get_next_page() function return error pointers on error >>>> instead of NULL. >>>> Use IS_ERR() to check the return value to fix this. >>>> >>>> Fixes: b1ae6dc41eaa ("module: add in-kernel support for decompressing") >>>> Signed-off-by: Miaoqian Lin <linmq006@gmail.com> >>>> --- >>> Thanks queued up. How did you find out? Just code inspection? I see >>> chances are low of this triggering, but just curious how you found it. >> I found this by static analysis, specifically, I obtained functions that return error pointers and >> inspected whether their callers followed the correct specification. > Which one did you use? I wrote custom checker based on the weggli tool (https://github.com/googleprojectzero/weggli). > Luis
On Thu, Nov 10, 2022 at 06:58:34AM +0400, Miaoqian Lin wrote: > The module_get_next_page() function return error pointers on error > instead of NULL. > Use IS_ERR() to check the return value to fix this. > > Fixes: b1ae6dc41eaa ("module: add in-kernel support for decompressing") > Signed-off-by: Miaoqian Lin <linmq006@gmail.com> Reviewed-by: Dmitry Torokhov <dmitry.torokhov@gmail.com> Thank you for spotting this.
diff --git a/kernel/module/decompress.c b/kernel/module/decompress.c index c033572d83f0..720e719253cd 100644 --- a/kernel/module/decompress.c +++ b/kernel/module/decompress.c @@ -114,8 +114,8 @@ static ssize_t module_gzip_decompress(struct load_info *info, do { struct page *page = module_get_next_page(info); - if (!page) { - retval = -ENOMEM; + if (IS_ERR(page)) { + retval = PTR_ERR(page); goto out_inflate_end; } @@ -173,8 +173,8 @@ static ssize_t module_xz_decompress(struct load_info *info, do { struct page *page = module_get_next_page(info); - if (!page) { - retval = -ENOMEM; + if (IS_ERR(page)) { + retval = PTR_ERR(page); goto out; }
The module_get_next_page() function return error pointers on error instead of NULL. Use IS_ERR() to check the return value to fix this. Fixes: b1ae6dc41eaa ("module: add in-kernel support for decompressing") Signed-off-by: Miaoqian Lin <linmq006@gmail.com> --- kernel/module/decompress.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)