In case octeon_alloc_soft_command fails, the fix reports the
error and returns to avoid NULL pointer dereference.
Signed-off-by: Kangjie Lu
---
drivers/net/ethernet/cavium/liquidio/lio_main.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/drivers/net/ethernet/cavium/liquidio
In case ioremap fails, the fix returns to avoid NULL pointer
dereferences.
Signed-off-by: Kangjie Lu
---
drivers/net/ethernet/8390/pcnet_cs.c | 8
1 file changed, 8 insertions(+)
diff --git a/drivers/net/ethernet/8390/pcnet_cs.c
b/drivers/net/ethernet/8390/pcnet_cs.c
index
Both lan9303_phy_write and regmap_write may fail. The fix adds
the error handling to print error messages upon failure.
Signed-off-by: Kangjie Lu
---
drivers/net/dsa/lan9303-core.c | 6 ++
1 file changed, 6 insertions(+)
diff --git a/drivers/net/dsa/lan9303-core.c b/drivers/net/dsa/lan9303
In case alloc_workqueue fails to allocate the work queue and
returns NULL, the fix releases the resources and returns
-ENOMEM.
Signed-off-by: Kangjie Lu
---
drivers/net/can/spi/mcp251x.c | 8
1 file changed, 8 insertions(+)
diff --git a/drivers/net/can/spi/mcp251x.c b/drivers/net/can
In case ioremap fails, the fix returns -ENOMEM to avoid NULL
pointer dereference.
Signed-off-by: Kangjie Lu
---
drivers/isdn/hardware/mISDN/mISDNinfineon.c | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/isdn/hardware/mISDN/mISDNinfineon.c
b/drivers/isdn
In case ioremap fails, the fix reports an error and returns.
Signed-off-by: Kangjie Lu
---
drivers/isdn/hardware/mISDN/hfcpci.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/drivers/isdn/hardware/mISDN/hfcpci.c
b/drivers/isdn/hardware/mISDN/hfcpci.c
index ebb3fa2e1d00..b400d6528a56
If ixgbevf_write_msg_read_ack fails, return its error code upstream
Signed-off-by: Kangjie Lu
---
drivers/net/ethernet/intel/ixgbevf/vf.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/drivers/net/ethernet/intel/ixgbevf/vf.c
b/drivers/net/ethernet/intel/ixgbevf/vf.c
On 3/2/19 3:26 PM, Gustavo A. R. Silva wrote:
On 3/2/19 3:20 PM, Aditya Pakki wrote:
Allocating memory via kzalloc for phi may fail and causes a
NULL pointer dereference. This patch avoids such a scenario.
Was this detected by Coccinelle?
It was detected by an LLVM-based static analyzer
sysfs_create_group() could fail. The fix checkes its return values
and issue error messages if it fails.
Signed-off-by: Kangjie Lu
---
drivers/net/wireless/marvell/libertas/mesh.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/drivers/net/wireless/marvell/libertas/mesh.c
b/drivers
Both bcm_sf2_sw_indir_rw and mdiobus_write_nested could fail, so let's
return their error codes upstream.
Signed-off-by: Kangjie Lu
---
drivers/net/dsa/bcm_sf2.c | 7 +++
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/drivers/net/dsa/bcm_sf2.c b/drivers/net/dsa/bcm_
Both bcm_sf2_sw_indir_rw and mdiobus_write_nested could fail, so let's
return their error codes upstream.
Signed-off-by: Kangjie Lu
---
drivers/net/dsa/bcm_sf2.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/drivers/net/dsa/bcm_sf2.c b/drivers/net/dsa/bcm_sf2.c
ath6kl_wmi_cmd_send could fail, so let's return its error code upstream.
Signed-off-by: Kangjie Lu
---
drivers/net/wireless/ath/ath6kl/wmi.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/drivers/net/wireless/ath/ath6kl/wmi.c
b/drivers/net/wireless/ath/ath6kl/
api_parse can fail, and if it fails, we should not use the ss_parms
which can be incorrect.
The fix checks its return value and stops using ss_parms if api_parse
fails.
Signed-off-by: Kangjie Lu
---
drivers/isdn/hardware/eicon/message.c | 8 +++-
1 file changed, 7 insertions(+), 1 deletion
When acpi_match_device fails, its return value is NULL. Directly using
the return value without a check may result in a NULL-pointer
dereference. The fix checks if acpi_match_device fails, and if so,
returns -EINVAL.
Signed-off-by: Kangjie Lu
---
drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c
genlmsg_put could fail. The fix inserts a check of its return value, and
if it fails, returns -EMSGSIZE.
Signed-off-by: Kangjie Lu
---
net/tipc/netlink_compat.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/tipc/netlink_compat.c b/net/tipc/netlink_compat.c
index 6376467e78f8
efx_mcdi_rpc() could fail. The fix checks its status and issues an error
message if it fails.
Signed-off-by: Kangjie Lu
---
drivers/net/ethernet/sfc/mcdi.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/net/ethernet/sfc/mcdi.c b/drivers/net/ethernet/sfc/mcdi.c
index dfad93fca0a6
When spi_write_then_read() fails, "data" can be uninitialized and thus
may contain a random value; the following execution checks "data" with a
mask, the result could be random.
The fix inserts a check of spi_write_then_read(): if it fails, always
returns -1.
Signe
atl1e_write_phy_reg() could fail. The fix issues an error message when
it fails.
Signed-off-by: Kangjie Lu
---
drivers/net/ethernet/atheros/atl1e/atl1e_main.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/atheros/atl1e/atl1e_main.c
b/drivers/net
Both bcm_sf2_sw_indir_rw and mdiobus_write_nested could fail, so let's
return their error codes upstream.
Signed-off-by: Kangjie Lu
---
drivers/net/dsa/bcm_sf2.c | 7 +++
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/drivers/net/dsa/bcm_sf2.c b/drivers/net/dsa/bcm_
When nla_parse fails, we should not use the results (the first
argument). The fix checks if it fails, and if so, returns its error code
upstream.
Signed-off-by: Kangjie Lu
---
net/netfilter/ipset/ip_set_core.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/net/netfilter
sysfs_create_group() could fail, so let's check its return values and
issue error messages if it fails.
Signed-off-by: Kangjie Lu
---
drivers/net/wireless/marvell/libertas/mesh.c | 4
1 file changed, 4 insertions(+)
diff --git a/drivers/net/wireless/marvell/libertas/mesh.c
b/driver
If no bytes to decode, just use "xdr->p" instead of calling
xdr_inline_decode to get it. The fix cleans up the code.
Signed-off-by: Kangjie Lu
---
net/sunrpc/xprtrdma/rpc_rdma.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/net/sunrpc/xprtrdma/rpc_rdma.c
xdr_inline_decode() could fail. When it fails, the return value is NULL
and should not be dereferenced.
The fix checks if xdr_inline_decode fails, and if so, returns.
Signed-off-by: Kangjie Lu
---
net/sunrpc/xprtrdma/backchannel.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/sunrpc
clk_prepare() could fail, so let's check its status, and if it fails,
return its error code upstream.
Signed-off-by: Kangjie Lu
---
drivers/net/ethernet/stmicro/stmmac/dwmac-sunxi.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/stmicro/stmmac/
clk_prepare() could fail, so let's check its status, and if it fails,
return its error code upstream.
Signed-off-by: Kangjie Lu
---
drivers/net/ethernet/ti/cpts.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/ti/cpts.c b/drivers/net/ethern
usb_register() may fail, so let's check its status and issue an error
message if it fails.
Signed-off-by: Kangjie Lu
---
drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/net/wireless/broadcom/brcm
niu_pci_eeprom_read() may fail, so we should check its return value
before using the read data.
Signed-off-by: Kangjie Lu
---
drivers/net/ethernet/sun/niu.c | 10 --
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/sun/niu.c b/drivers/net/ethernet/sun
e1000_write_kmrn_reg_80003es2lan() may fail. The fix checks its return
value and returns with its error code if it fails.
Signed-off-by: Kangjie Lu
---
drivers/net/ethernet/intel/e1000e/80003es2lan.c | 14 ++
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/drivers/net
check_reg_arg() may fail. This fix inserts checks for its return value.
If check_reg_arg() fails, issues an error message.
Signed-off-by: Kangjie Lu
---
kernel/bpf/verifier.c | 15 ---
1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/kernel/bpf/verifier.c b/kernel/bpf
If nla_nest_start() may fail. The fix checks its return value and goes
to nla_put_failure if it fails.
Signed-off-by: Kangjie Lu
---
net/netfilter/nf_tables_api.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index
When netxen_rom_fast_read() fails, "bios" is left uninitialized and may
contain random value, thus should not be used.
The fix ensures that if netxen_rom_fast_read() fails, we return "-EIO".
Signed-off-by: Kangjie Lu
---
drivers/net/ethernet/qlogic/netxen/netxen_nic_in
its error code if it fails.
Signed-off-by: Kangjie Lu
---
drivers/net/ethernet/intel/e1000e/80003es2lan.c | 7 +--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/intel/e1000e/80003es2lan.c
b/drivers/net/ethernet/intel/e1000e/80003es2lan.c
index 25
check_reg_arg() may fail and not mark correct data in "env". This
fix inserts a check that ensures check_reg_arg() is successful, and
if it is not, the fix stops further operations and returns an error
upstream.
Signed-off-by: Kangjie Lu
---
kernel/bpf/verifier.c | 4 +++-
1 file
The last field "flags" of object "minfo" is not initialized.
Copying this object out may leak kernel stack data.
Assign 0 to it to avoid leak.
Signed-off-by: Kangjie Lu
---
net/rds/recv.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/rds/recv.c b/net/rds/
link_info.str is a char array of size 60. Memory after the NULL
byte is not initialized. Sending the whole object out can cause
a leak.
Signed-off-by: Kangjie Lu
---
net/tipc/netlink_compat.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/tipc/netlink_compat.c b/net
link_info.str is a char array of size 60. Memory after the NULL
byte is not initialized. Sending the whole object out can cause
a leak.
Signed-off-by: Kangjie Lu
---
net/tipc/netlink_compat.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/tipc/netlink_compat.c b/net/tipc
The last field "flags" of object "minfo" is not initialized.
Copying this object out may leak kernel stack data.
Assign 0 to it to avoid leak.
Signed-off-by: Kangjie Lu
---
net/rds/recv.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/rds/recv.c b/net/rds/
The field autoneg of pauseparam is not initialized in some
implementations of get_pauseparam(), but the whole object is
copied to userland.
Signed-off-by: Kangjie Lu
---
net/core/ethtool.c | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/net/core/ethtool.c b/net/core
Stack object "dte_facilities" is allocated in x25_rx_call_request(),
which is supposed to be initialized in x25_negotiate_facilities.
However, 5 fields (8 bytes in total) are not initialized. This
object is then copied to userland via copy_to_user, thus infoleak
occurs.
Signed-off-by:
The stack object “map” has a total size of 32 bytes. Its last 4
bytes are padding generated by compiler. These padding bytes are
not initialized and sent out via “nla_put”.
Signed-off-by: Kangjie Lu
---
net/core/rtnetlink.c | 18 ++
1 file changed, 10 insertions(+), 8 deletions
The 6-bytes array “mac_addr” is not initialized in the dump_station
implementations of “drivers/staging/wilc1000/wilc_wfi_cfgoperations.c”
and “drivers/staging/rtl8723au/os_dep/ioctl_cfg80211.c”, so all 6
bytes may be leaked.
Signed-off-by: Kangjie Lu
---
net/wireless/nl80211.c | 1 +
1 file
The stack object “info” has a total size of 12 bytes. Its last byte
is padding which is not initialized and leaked via “put_cmsg”.
Signed-off-by: Kangjie Lu
---
net/llc/af_llc.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/llc/af_llc.c b/net/llc/af_llc.c
index b3c52e3..8ae3ed9 100644
42 matches
Mail list logo
