From: Colin Ian King <colin.k...@canonical.com>
There is a corner case where the sanity check of variable size fails
and branches to label fail and shift can be less than PAGE_SHIFT
causing area to never be assigned. This was picked up by static
analysis as follows:
1. var_decl: Declaring variable area without initializer.
struct vm_struct *area;
...
2. Condition !size, taking true branch.
if (!size || (size >> PAGE_SHIFT) > totalram_pages())
3. Jumping to label fail.
goto fail;
...
4. Condition shift > 12, taking false branch.
fail:
if (shift > PAGE_SHIFT) {
shift = PAGE_SHIFT;
align = real_align;
size = real_size;
goto again;
}
Uninitialized pointer read (UNINIT)
5. uninit_use: Using uninitialized value area.
if (!area) {
...
}
Fix this by setting area to NULL to avoid the uninitialized read
of area.
Addresses-Coverity: ("Uninitialized pointer read")
Fixes: 92db9fec381b ("mm/vmalloc: hugepage vmalloc mappings")
Signed-off-by: Colin Ian King <colin.k...@canonical.com>
---
mm/vmalloc.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/mm/vmalloc.c b/mm/vmalloc.c
index 96444d64129a..4b415b4bb7ae 100644
--- a/mm/vmalloc.c
+++ b/mm/vmalloc.c
@@ -2888,8 +2888,10 @@ void *__vmalloc_node_range(unsigned long size, unsigned
long align,
unsigned long real_align = align;
unsigned int shift = PAGE_SHIFT;
- if (!size || (size >> PAGE_SHIFT) > totalram_pages())
+ if (!size || (size >> PAGE_SHIFT) > totalram_pages()) {
+ area = NULL;
goto fail;
+ }
if (vmap_allow_huge && !(vm_flags & VM_NO_HUGE_VMAP) &&
arch_vmap_pmd_supported(prot)) {
--
2.30.2
