Add check for the return value of get_zeroed_page() in sclp_console_init() to prevent null pointer dereference.
Fixes: 4c8f4794b61e ("[S390] sclp console: convert from bootmem to slab") Cc: stable@vger.kernel.org Signed-off-by: Haoxiang Li haoxiang_li2024@163.com --- drivers/s390/char/sclp_con.c | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/drivers/s390/char/sclp_con.c b/drivers/s390/char/sclp_con.c index e5d947c763ea..7447076b1ec1 100644 --- a/drivers/s390/char/sclp_con.c +++ b/drivers/s390/char/sclp_con.c @@ -282,6 +282,8 @@ sclp_console_init(void) /* Allocate pages for output buffering */ for (i = 0; i < sclp_console_pages; i++) { page = (void *) get_zeroed_page(GFP_KERNEL | GFP_DMA); + if (!page) + return -ENOMEM; list_add_tail(page, &sclp_con_pages); } sclp_conbuf = NULL;
On Mon, Feb 17, 2025 at 11:31:46PM +0800, Haoxiang Li wrote:
Add check for the return value of get_zeroed_page() in sclp_console_init() to prevent null pointer dereference.
Fixes: 4c8f4794b61e ("[S390] sclp console: convert from bootmem to slab") Cc: stable@vger.kernel.org Signed-off-by: Haoxiang Li haoxiang_li2024@163.com
drivers/s390/char/sclp_con.c | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/drivers/s390/char/sclp_con.c b/drivers/s390/char/sclp_con.c index e5d947c763ea..7447076b1ec1 100644 --- a/drivers/s390/char/sclp_con.c +++ b/drivers/s390/char/sclp_con.c @@ -282,6 +282,8 @@ sclp_console_init(void) /* Allocate pages for output buffering */ for (i = 0; i < sclp_console_pages; i++) { page = (void *) get_zeroed_page(GFP_KERNEL | GFP_DMA);
if (!page)return -ENOMEM;
We can add this check, however if this early allocation would fail a null pointer dereference would be the last problem we would have to think about.
Anyway: Acked-by: Heiko Carstens hca@linux.ibm.com
On Mon, Feb 17, 2025 at 05:01:17PM +0100, Heiko Carstens wrote:
On Mon, Feb 17, 2025 at 11:31:46PM +0800, Haoxiang Li wrote:
diff --git a/drivers/s390/char/sclp_con.c b/drivers/s390/char/sclp_con.c index e5d947c763ea..7447076b1ec1 100644 --- a/drivers/s390/char/sclp_con.c +++ b/drivers/s390/char/sclp_con.c @@ -282,6 +282,8 @@ sclp_console_init(void) /* Allocate pages for output buffering */ for (i = 0; i < sclp_console_pages; i++) { page = (void *) get_zeroed_page(GFP_KERNEL | GFP_DMA);
if (!page)return -ENOMEM;We can add this check, however if this early allocation would fail a null pointer dereference would be the last problem we would have to think about.
Anyway: Acked-by: Heiko Carstens hca@linux.ibm.com
Wait, I take that back. Now I think I remember why I didn't add error handling back then: the above exit would also indicate a potential memory leak, since this is a loop allocating several pages; so all already allocated pages must be freed, which would ask for even more completely pointless error handling.
This is very early code where any allocation failure would lead to a crash in any case. So either do the full exercise or we leave the code as it is.
linux-stable-mirror@lists.linaro.org
-
Haoxiang Li -
Heiko Carstens