Re: [PATCH v2] tty: vt: keyboard: initialize "kbs" so that kfree(kbs) runs fine even if kbs is not kmalloced.
From: Pavel Skripkin
Date: Sat Nov 06 2021 - 07:05:23 EST
Hi, Ajay!
On 11/6/21 13:40, Ajay Garg wrote:
v1 patch at :
https://lore.kernel.org/linux-serial/YYZN30qfaKMskVwE@xxxxxxxxx/T/#t
Changes in v2 :
* Changes as required by scripts/checkpatch.pl
* Checking whether kbs is not NULL before kfree is not required,
as kfree(NULL) is safe. So, dropped the check.
For brevity, here is the background :
Please, don't put change log into commit message. It should go under ---
In "vt_do_kdgkb_ioctl", kbs is kmalloced, if cmd is one of KDGKBSENT or
KDSKBSENT.
If cmd is none of the above, kbs is not kmalloced, and runs
direct to kfree(kbs).
Values of local-variables on the stack can take indeterminate values,
so we initialize kbs to NULL. Then, if kbs is not kmalloced, we have
kfree(NULL) at the last.
Note that kfree(NULL) is safe.
These is only one caller of vt_do_kdgkb_ioctl, which simple does:
case KDGKBSENT:
case KDSKBSENT:
return vt_do_kdgkb_ioctl(cmd, up, perm);
It means, that cmd can not be different from KDGKBSENT and KDSKBSENT.
I guess, you found this "issue" via static analysis tool like smatch or
smth similar, but this bug is impossible right now.
Signed-off-by: Ajay Garg <ajaygargnsit@xxxxxxxxx>
---
<--- here
drivers/tty/vt/keyboard.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/tty/vt/keyboard.c b/drivers/tty/vt/keyboard.c
index dfef7de8a057..54155fc91cd2 100644
--- a/drivers/tty/vt/keyboard.c
+++ b/drivers/tty/vt/keyboard.c
@@ -2049,7 +2049,7 @@ int vt_do_kdgkb_ioctl(int cmd, struct kbsentry __user *user_kdgkb, int perm)
{
unsigned char kb_func;
unsigned long flags;
- char *kbs;
+ char *kbs = NULL;
int ret;
if (get_user(kb_func, &user_kdgkb->kb_func))
With regards,
Pavel Skripkin