Message ID | 20170124141629.9200-1-colin.king@canonical.com |
---|---|
State | Not Applicable, archived |
Delegated to: | David Miller |
Headers | show |
On Tue, Jan 24, 2017 at 6:16 AM, Colin King <colin.king@canonical.com> wrote: > From: Colin Ian King <colin.king@canonical.com> > > There are some error exit paths to the label 'out' that end up > kfree'ing an uninitialized im_node. Fix this by inititializing > im_node to NULL to avoid kfree'ing a garbage address. this fix already landed. See: commit d140199af510 ("bpf, lpm: fix kfree of im_node in trie_update_elem") > Issue found by CoverityScan, CID#1398022 ("Uninitialized pointer read") Nice. Good to know that static analysis can do such checks.
diff --git a/kernel/bpf/lpm_trie.c b/kernel/bpf/lpm_trie.c index ba19241d..144e976 100644 --- a/kernel/bpf/lpm_trie.c +++ b/kernel/bpf/lpm_trie.c @@ -262,7 +262,7 @@ static int trie_update_elem(struct bpf_map *map, void *_key, void *value, u64 flags) { struct lpm_trie *trie = container_of(map, struct lpm_trie, map); - struct lpm_trie_node *node, *im_node, *new_node = NULL; + struct lpm_trie_node *node, *im_node = NULL, *new_node = NULL; struct lpm_trie_node __rcu **slot; struct bpf_lpm_trie_key *key = _key; unsigned long irq_flags;