[PATCH] x86/xen: Fix some null pointer dereference issues in smp.c

2024-01-17 Thread Kunwu Chan 
kasprintf() returns a pointer to dynamically allocated memory
which can be NULL upon failure. Ensure the allocation was successful
by checking the pointer validity.

Signed-off-by: Kunwu Chan 
---
 arch/x86/xen/smp.c | 8 
 1 file changed, 8 insertions(+)

diff --git a/arch/x86/xen/smp.c b/arch/x86/xen/smp.c
index 4b0d6fff88de..f27608ed80a0 100644
--- a/arch/x86/xen/smp.c
+++ b/arch/x86/xen/smp.c
@@ -65,6 +65,8 @@ int xen_smp_intr_init(unsigned int cpu)
char *resched_name, *callfunc_name, *debug_name;
 
resched_name = kasprintf(GFP_KERNEL, "resched%d", cpu);
+   if (!resched_name)
+   goto fail;
per_cpu(xen_resched_irq, cpu).name = resched_name;
rc = bind_ipi_to_irqhandler(XEN_RESCHEDULE_VECTOR,
cpu,
@@ -77,6 +79,8 @@ int xen_smp_intr_init(unsigned int cpu)
per_cpu(xen_resched_irq, cpu).irq = rc;
 
callfunc_name = kasprintf(GFP_KERNEL, "callfunc%d", cpu);
+   if (!callfunc_name)
+   goto fail;
per_cpu(xen_callfunc_irq, cpu).name = callfunc_name;
rc = bind_ipi_to_irqhandler(XEN_CALL_FUNCTION_VECTOR,
cpu,
@@ -90,6 +94,8 @@ int xen_smp_intr_init(unsigned int cpu)
 
if (!xen_fifo_events) {
debug_name = kasprintf(GFP_KERNEL, "debug%d", cpu);
+   if (!debug_name)
+   goto fail;
per_cpu(xen_debug_irq, cpu).name = debug_name;
rc = bind_virq_to_irqhandler(VIRQ_DEBUG, cpu,
 xen_debug_interrupt,
@@ -101,6 +107,8 @@ int xen_smp_intr_init(unsigned int cpu)
}
 
callfunc_name = kasprintf(GFP_KERNEL, "callfuncsingle%d", cpu);
+   if (!callfunc_name)
+   goto fail;
per_cpu(xen_callfuncsingle_irq, cpu).name = callfunc_name;
rc = bind_ipi_to_irqhandler(XEN_CALL_FUNCTION_SINGLE_VECTOR,
cpu,
-- 
2.39.2

Re: [PATCH] x86/xen: Fix some null pointer dereference issues in smp.c

2024-01-15 Thread kernel test robot 
Hi Kunwu,

kernel test robot noticed the following build warnings:

[auto build test WARNING on tip/x86/core]
[also build test WARNING on linus/master v6.7 next-20240112]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]

url:
https://github.com/intel-lab-lkp/linux/commits/Kunwu-Chan/x86-xen-Fix-some-null-pointer-dereference-issues-in-smp-c/20240115-180429
base:   tip/x86/core
patch link:
https://lore.kernel.org/r/20240115100138.34340-1-chentao%40kylinos.cn
patch subject: [PATCH] x86/xen: Fix some null pointer dereference issues in 
smp.c
config: x86_64-rhel-8.3-rust 
(https://download.01.org/0day-ci/archive/20240116/202401161119.iof6bqsf-...@intel.com/config)
compiler: ClangBuiltLinux clang version 17.0.6 
(https://github.com/llvm/llvm-project 6009708b4367171ccdbf4b5905cb6a803753fe18)
reproduce (this is a W=1 build): 
(https://download.01.org/0day-ci/archive/20240116/202401161119.iof6bqsf-...@intel.com/reproduce)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot 
| Closes: 
https://lore.kernel.org/oe-kbuild-all/202401161119.iof6bqsf-...@intel.com/

All warnings (new ones prefixed by >>):

>> arch/x86/xen/smp.c:68:6: warning: variable 'rc' is used uninitialized 
>> whenever 'if' condition is true [-Wsometimes-uninitialized]
  68 | if (!resched_name)
 | ^
   arch/x86/xen/smp.c:127:9: note: uninitialized use occurs here
 127 | return rc;
 |^~
   arch/x86/xen/smp.c:68:2: note: remove the 'if' if its condition is always 
false
  68 | if (!resched_name)
 | ^~
  69 | goto fail;
 | ~
   arch/x86/xen/smp.c:64:8: note: initialize the variable 'rc' to silence this 
warning
  64 | int rc;
 |   ^
 |= 0
   1 warning generated.


vim +68 arch/x86/xen/smp.c

61  
62  int xen_smp_intr_init(unsigned int cpu)
63  {
64  int rc;
65  char *resched_name, *callfunc_name, *debug_name;
66  
67  resched_name = kasprintf(GFP_KERNEL, "resched%d", cpu);
  > 68  if (!resched_name)
69  goto fail;
70  per_cpu(xen_resched_irq, cpu).name = resched_name;
71  rc = bind_ipi_to_irqhandler(XEN_RESCHEDULE_VECTOR,
72  cpu,
73  xen_reschedule_interrupt,
74  IRQF_PERCPU|IRQF_NOBALANCING,
75  resched_name,
76  NULL);
77  if (rc < 0)
78  goto fail;
79  per_cpu(xen_resched_irq, cpu).irq = rc;
80  
81  callfunc_name = kasprintf(GFP_KERNEL, "callfunc%d", cpu);
82  if (!callfunc_name)
83  goto fail;
84  per_cpu(xen_callfunc_irq, cpu).name = callfunc_name;
85  rc = bind_ipi_to_irqhandler(XEN_CALL_FUNCTION_VECTOR,
86  cpu,
87  xen_call_function_interrupt,
88  IRQF_PERCPU|IRQF_NOBALANCING,
89  callfunc_name,
90  NULL);
91  if (rc < 0)
92  goto fail;
93  per_cpu(xen_callfunc_irq, cpu).irq = rc;
94  
95  if (!xen_fifo_events) {
96  debug_name = kasprintf(GFP_KERNEL, "debug%d", cpu);
97  if (!debug_name)
98  goto fail;
99  per_cpu(xen_debug_irq, cpu).name = debug_name;
   100  rc = bind_virq_to_irqhandler(VIRQ_DEBUG, cpu,
   101   xen_debug_interrupt,
   102   IRQF_PERCPU | 
IRQF_NOBALANCING,
   103   debug_name, NULL);
   104  if (rc < 0)
   105  goto fail;
   106  per_cpu(xen_debug_irq, cpu).irq = rc;
   107  }
   108  
   109  callfunc_name = kasprintf(GFP_KERNEL, "callfuncsingle%d", cpu);
   110  if (!callfunc_name)
   111  goto fail;
   112  per_cpu(xen_callfuncsingle_irq, cpu).name = callfunc_name;
   113  rc = bind_ipi_to_irqhandler(XEN_CALL_FUNCTION_SINGLE_VECTOR,
   114