From 588893e3bc084cd7d3789313fcffde75202cddcc Mon Sep 17 00:00:00 2001 From: Jiasheng Jiang Date: Fri, 28 Jan 2022 20:40:43 +0800 Subject: [PATCH] RDMA/uverbs: Check for null return of kmalloc_array stable inclusion from stable-v5.10.91 commit 16e5cad6eca1e506c38c39dc256298643fa1852a bugzilla: 186187 https://gitee.com/openeuler/kernel/issues/I4SI2C Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=16e5cad6eca1e506c38c39dc256298643fa1852a -------------------------------- commit 7694a7de22c53a312ea98960fcafc6ec62046531 upstream. Because of the possible failure of the allocation, data might be NULL pointer and will cause the dereference of the NULL pointer later. Therefore, it might be better to check it and return -ENOMEM. Fixes: 6884c6c4bd09 ("RDMA/verbs: Store the write/write_ex uapi entry points in the uverbs_api") Link: https://lore.kernel.org/r/20211231093315.1917667-1-jiasheng@iscas.ac.cn Signed-off-by: Jiasheng Jiang Reviewed-by: Leon Romanovsky Signed-off-by: Jason Gunthorpe Signed-off-by: Greg Kroah-Hartman Signed-off-by: Chen Jun Signed-off-by: Zheng Zengkai --- drivers/infiniband/core/uverbs_uapi.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/infiniband/core/uverbs_uapi.c b/drivers/infiniband/core/uverbs_uapi.c index 5addc8fae3f3..91dbcb3c252d 100644 --- a/drivers/infiniband/core/uverbs_uapi.c +++ b/drivers/infiniband/core/uverbs_uapi.c @@ -450,6 +450,9 @@ static int uapi_finalize(struct uverbs_api *uapi) uapi->num_write_ex = max_write_ex + 1; data = kmalloc_array(uapi->num_write + uapi->num_write_ex, sizeof(*uapi->write_methods), GFP_KERNEL); + if (!data) + return -ENOMEM; + for (i = 0; i != uapi->num_write + uapi->num_write_ex; i++) data[i] = &uapi->notsupp_method; uapi->write_methods = data; -- GitLab