diff mbox

[bluetooth-next,V2] ieee802154: ca8210: Add checks for kmalloc allocation failures

Message ID 20170329170540.21011-1-colin.king@canonical.com
State Awaiting Upstream, archived
Delegated to: David Miller
Headers show

Commit Message

Colin Ian King March 29, 2017, 5:05 p.m. UTC 
From: Colin Ian King <colin.king@canonical.com>

Ensure we don't end up with a null pointer dereferences by checking
for for allocation failures.  Allocate by sizeof(*ptr) rather than
the type to fix checkpack warnings.  Also merge multiple lines into
one line for the kmalloc call.

Detected by CoverityScan, CID#1422435 ("Dereference null return value")

Signed-off-by: Colin Ian King <colin.king@canonical.com>
---
 drivers/net/ieee802154/ca8210.c | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

Comments

David Miller March 29, 2017, 5:17 p.m. UTC | #1 
From: Colin King <colin.king@canonical.com>
Date: Wed, 29 Mar 2017 18:05:40 +0100

>  drivers/net/ieee802154/ca8210.c | 18 ++++++++++--------

This file doesn't exist in any of my trees.
Marcel Holtmann March 29, 2017, 6:51 p.m. UTC | #2 
Hi Dave,

>> drivers/net/ieee802154/ca8210.c | 18 ++++++++++--------
> 
> This file doesn't exist in any of my trees.
> 

because we have not send you a bluetooth-next pull request yet. I review it and take it through my tree first.

Regards

Marcel
Marcel Holtmann March 29, 2017, 6:54 p.m. UTC | #3 
Hi Colin,

> Ensure we don't end up with a null pointer dereferences by checking
> for for allocation failures.  Allocate by sizeof(*ptr) rather than
> the type to fix checkpack warnings.  Also merge multiple lines into
> one line for the kmalloc call.
> 
> Detected by CoverityScan, CID#1422435 ("Dereference null return value")
> 
> Signed-off-by: Colin Ian King <colin.king@canonical.com>
> ---
> drivers/net/ieee802154/ca8210.c | 18 ++++++++++--------
> 1 file changed, 10 insertions(+), 8 deletions(-)

patch has been applied to bluetooth-next tree.

Regards

Marcel
diff mbox

Patch

diff --git a/drivers/net/ieee802154/ca8210.c b/drivers/net/ieee802154/ca8210.c
index 53fa87bfede0..25fd3b04b3c0 100644
--- a/drivers/net/ieee802154/ca8210.c
+++ b/drivers/net/ieee802154/ca8210.c
@@ -634,6 +634,8 @@  static int ca8210_test_int_driver_write(
 		dev_dbg(&priv->spi->dev, "%#03x\n", buf[i]);
 
 	fifo_buffer = kmalloc(len, GFP_KERNEL);
+	if (!fifo_buffer)
+		return -ENOMEM;
 	memcpy(fifo_buffer, buf, len);
 	kfifo_in(&test->up_fifo, &fifo_buffer, 4);
 	wake_up_interruptible(&priv->test.readq);
@@ -759,10 +761,10 @@  static void ca8210_rx_done(struct cas_control *cas_ctl)
 				&priv->spi->dev,
 				"Resetting MAC...\n");
 
-			mlme_reset_wpc = kmalloc(
-				sizeof(struct work_priv_container),
-				GFP_KERNEL
-			);
+			mlme_reset_wpc = kmalloc(sizeof(*mlme_reset_wpc),
+						 GFP_KERNEL);
+			if (!mlme_reset_wpc)
+				goto finish;
 			INIT_WORK(
 				&mlme_reset_wpc->work,
 				ca8210_mlme_reset_worker
@@ -925,10 +927,10 @@  static int ca8210_spi_transfer(
 
 	dev_dbg(&spi->dev, "ca8210_spi_transfer called\n");
 
-	cas_ctl = kmalloc(
-		sizeof(struct cas_control),
-		GFP_ATOMIC
-	);
+	cas_ctl = kmalloc(sizeof(*cas_ctl), GFP_ATOMIC);
+	if (!cas_ctl)
+		return -ENOMEM;
+
 	cas_ctl->priv = priv;
 	memset(cas_ctl->tx_buf, SPI_IDLE, CA8210_SPI_BUF_SIZE);
 	memset(cas_ctl->tx_in_buf, SPI_IDLE, CA8210_SPI_BUF_SIZE);