As kcalloc() may fail, check its return value to avoid a NULL pointer dereference when passing it to of_property_read_u32_array().
Fixes: 790a1662d3a26 ("powerpc/smp: Parse ibm,thread-groups with multiple properties") Cc: stable@vger.kernel.org --- changelog: v2: - Return -ENOMEM directly on allocation failure.
Signed-off-by: Guangshuo Li lgs201920130244@gmail.com --- arch/powerpc/kernel/smp.c | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/arch/powerpc/kernel/smp.c b/arch/powerpc/kernel/smp.c index 5ac7084eebc0..cfccb9389760 100644 --- a/arch/powerpc/kernel/smp.c +++ b/arch/powerpc/kernel/smp.c @@ -822,6 +822,8 @@ static int parse_thread_groups(struct device_node *dn,
count = of_property_count_u32_elems(dn, "ibm,thread-groups"); thread_group_array = kcalloc(count, sizeof(u32), GFP_KERNEL); + if (!thread_group_array) + return -ENOMEM; ret = of_property_read_u32_array(dn, "ibm,thread-groups", thread_group_array, count); if (ret)
Le 22/09/2025 à 17:10, Guangshuo Li a écrit :
As kcalloc() may fail, check its return value to avoid a NULL pointer dereference when passing it to of_property_read_u32_array().
Fixes: 790a1662d3a26 ("powerpc/smp: Parse ibm,thread-groups with multiple properties") Cc: stable@vger.kernel.org
Signed-off-by that was part of v1, is missing in v2.
changelog: v2:
- Return -ENOMEM directly on allocation failure.
Except for a newline that is removed, v2 is the same as v1, or I miss something?
CJ
Signed-off-by: Guangshuo Li lgs201920130244@gmail.com
arch/powerpc/kernel/smp.c | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/arch/powerpc/kernel/smp.c b/arch/powerpc/kernel/smp.c index 5ac7084eebc0..cfccb9389760 100644 --- a/arch/powerpc/kernel/smp.c +++ b/arch/powerpc/kernel/smp.c @@ -822,6 +822,8 @@ static int parse_thread_groups(struct device_node *dn, count = of_property_count_u32_elems(dn, "ibm,thread-groups"); thread_group_array = kcalloc(count, sizeof(u32), GFP_KERNEL);
- if (!thread_group_array)
return -ENOMEM;
Le 22/09/2025 à 17:38, Christophe JAILLET a écrit :
Le 22/09/2025 à 17:10, Guangshuo Li a écrit :
As kcalloc() may fail, check its return value to avoid a NULL pointer dereference when passing it to of_property_read_u32_array().
Fixes: 790a1662d3a26 ("powerpc/smp: Parse ibm,thread-groups with multiple properties") Cc: stable@vger.kernel.org
Signed-off-by that was part of v1, is missing in v2.
I see it below the ---
changelog: v2:
- Return -ENOMEM directly on allocation failure.
Except for a newline that is removed, v2 is the same as v1, or I miss something?
v1 was:
+ if (!thread_group_array) { + ret = -ENOMEM; + goto out_free; + }
Which was wrong.
Well maybe there was several v1, I'm talking about https://lore.kernel.org/all/20250918131513.3557422-1-lgs201920130244@gmail.c...
CJ
Signed-off-by: Guangshuo Li lgs201920130244@gmail.com
arch/powerpc/kernel/smp.c | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/arch/powerpc/kernel/smp.c b/arch/powerpc/kernel/smp.c index 5ac7084eebc0..cfccb9389760 100644 --- a/arch/powerpc/kernel/smp.c +++ b/arch/powerpc/kernel/smp.c @@ -822,6 +822,8 @@ static int parse_thread_groups(struct device_node *dn, count = of_property_count_u32_elems(dn, "ibm,thread-groups"); thread_group_array = kcalloc(count, sizeof(u32), GFP_KERNEL); + if (!thread_group_array) + return -ENOMEM; ret = of_property_read_u32_array(dn, "ibm,thread-groups", thread_group_array, count); if (ret)
Le 22/09/2025 à 18:07, Christophe Leroy a écrit :
Le 22/09/2025 à 17:38, Christophe JAILLET a écrit :
Le 22/09/2025 à 17:10, Guangshuo Li a écrit :
As kcalloc() may fail, check its return value to avoid a NULL pointer dereference when passing it to of_property_read_u32_array().
Fixes: 790a1662d3a26 ("powerpc/smp: Parse ibm,thread-groups with multiple properties") Cc: stable@vger.kernel.org
Signed-off-by that was part of v1, is missing in v2.
I see it below the ---
changelog: v2:
- Return -ENOMEM directly on allocation failure.
Except for a newline that is removed, v2 is the same as v1, or I miss something?
v1 was:
+ if (!thread_group_array) { + ret = -ENOMEM; + goto out_free; + }
Which was wrong.
Well maybe there was several v1, I'm talking about https:// lore.kernel.org/all/20250918131513.3557422-1-lgs201920130244@gmail.com/
Mine, was https://lore.kernel.org/lkml/20250922150442.1820675-1-lgs201920130244@gmail....
and apparently, there as been 3 v1 : https://lore.kernel.org/lkml/?q=powerpc%2Fsmp%3A+Add+check+for+kcalloc%28%29...
:/
CJ
CJ
Signed-off-by: Guangshuo Li lgs201920130244@gmail.com
arch/powerpc/kernel/smp.c | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/arch/powerpc/kernel/smp.c b/arch/powerpc/kernel/smp.c index 5ac7084eebc0..cfccb9389760 100644 --- a/arch/powerpc/kernel/smp.c +++ b/arch/powerpc/kernel/smp.c @@ -822,6 +822,8 @@ static int parse_thread_groups(struct device_node *dn, count = of_property_count_u32_elems(dn, "ibm,thread-groups"); thread_group_array = kcalloc(count, sizeof(u32), GFP_KERNEL); + if (!thread_group_array) + return -ENOMEM; ret = of_property_read_u32_array(dn, "ibm,thread-groups", thread_group_array, count); if (ret)
Le 22/09/2025 à 17:10, Guangshuo Li a écrit :
[Vous ne recevez pas souvent de courriers de lgs201920130244@gmail.com. Découvrez pourquoi ceci est important à https://aka.ms/LearnAboutSenderIdentification ]
As kcalloc() may fail, check its return value to avoid a NULL pointer dereference when passing it to of_property_read_u32_array().
Fixes: 790a1662d3a26 ("powerpc/smp: Parse ibm,thread-groups with multiple properties") Cc: stable@vger.kernel.org
changelog: v2:
- Return -ENOMEM directly on allocation failure.
Signed-off-by: Guangshuo Li lgs201920130244@gmail.com
The Signed-off-by: must be above the ---, otherwise it will be lost when applying the commit.
With that fixed,
Reviewed-by: Christophe Leroy christophe.leroy@csgroup.eu
arch/powerpc/kernel/smp.c | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/arch/powerpc/kernel/smp.c b/arch/powerpc/kernel/smp.c index 5ac7084eebc0..cfccb9389760 100644 --- a/arch/powerpc/kernel/smp.c +++ b/arch/powerpc/kernel/smp.c @@ -822,6 +822,8 @@ static int parse_thread_groups(struct device_node *dn,
count = of_property_count_u32_elems(dn, "ibm,thread-groups"); thread_group_array = kcalloc(count, sizeof(u32), GFP_KERNEL);
if (!thread_group_array)return -ENOMEM; ret = of_property_read_u32_array(dn, "ibm,thread-groups", thread_group_array, count); if (ret)-- 2.43.0
linux-stable-mirror@lists.linaro.org
-
Christophe JAILLET -
Christophe Leroy -
Guangshuo Li