[PATCH v3 1/3] Drivers: hv: check vmbus_device_create() return value in vmbus_process_offer()

Jason Wang jasowang at redhat.com
Wed Jan 21 03:10:50 UTC 2015



On Tue, Jan 20, 2015 at 11:45 PM, Vitaly Kuznetsov 
<vkuznets at redhat.com> wrote:
> vmbus_device_create() result is not being checked in 
> vmbus_process_offer() and
> it can fail if kzalloc() fails. Add the check and do minor cleanup to 
> avoid
> additional duplication of "free_channel(); return;" block.
> 
> Reported-by: Jason Wang <jasowang at redhat.com>
> Signed-off-by: Vitaly Kuznetsov <vkuznets at redhat.com>
> ---
>  drivers/hv/channel_mgmt.c | 14 +++++++++-----
>  1 file changed, 9 insertions(+), 5 deletions(-)

Acked-by: Jason Wang <jasowang at redhat.com>
> 
> diff --git a/drivers/hv/channel_mgmt.c b/drivers/hv/channel_mgmt.c
> index 2c59f03..01f2c2b 100644
> --- a/drivers/hv/channel_mgmt.c
> +++ b/drivers/hv/channel_mgmt.c
> @@ -341,11 +341,10 @@ static void vmbus_process_offer(struct 
> work_struct *work)
>  			if (channel->sc_creation_callback != NULL)
>  				channel->sc_creation_callback(newchannel);
>  
> -			return;
> +			goto out;
>  		}
>  
> -		free_channel(newchannel);
> -		return;
> +		goto err_free_chan;
>  	}
>  
>  	/*
> @@ -364,6 +363,8 @@ static void vmbus_process_offer(struct 
> work_struct *work)
>  		&newchannel->offermsg.offer.if_type,
>  		&newchannel->offermsg.offer.if_instance,
>  		newchannel);
> +	if (!newchannel->device_obj)
> +		goto err_free_chan;
>  
>  	/*
>  	 * Add the new device to the bus. This will kick off device-driver
> @@ -379,9 +380,12 @@ static void vmbus_process_offer(struct 
> work_struct *work)
>  		list_del(&newchannel->listentry);
>  		spin_unlock_irqrestore(&vmbus_connection.channel_lock, flags);
>  		kfree(newchannel->device_obj);
> -
> -		free_channel(newchannel);
> +		goto err_free_chan;
>  	}
> +out:
> +	return;
> +err_free_chan:
> +	free_channel(newchannel);
>  }
>  
>  enum {
> -- 
> 1.9.3
> 



More information about the devel mailing list