Commit ecd0c762 authored by Kunwu Chan's avatar Kunwu Chan Committed by Yuntao Liu
Browse files

x86/xen: Add some null pointer checking to smp.c 

stable inclusion
from stable-v5.10.214
commit eb279074badac0bbe28749906562d648ca4bc750
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9HK0E
CVE: CVE-2024-26908

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=eb279074badac0bbe28749906562d648ca4bc750



--------------------------------

[ Upstream commit 3693bb4465e6e32a204a5b86d3ec7e6b9f7e67c2 ]

kasprintf() returns a pointer to dynamically allocated memory
which can be NULL upon failure. Ensure the allocation was successful
by checking the pointer validity.
confilct:
	arch/x86/xen/smp.c

Signed-off-by: default avatarKunwu Chan <chentao@kylinos.cn>
Reported-by: default avatarkernel test robot <lkp@intel.com>
Closes: https://lore.kernel.org/oe-kbuild-all/202401161119.iof6BQsf-lkp@intel.com/


Suggested-by: default avatarMarkus Elfring <Markus.Elfring@web.de>
Reviewed-by: default avatarJuergen Gross <jgross@suse.com>
Link: https://lore.kernel.org/r/20240119094948.275390-1-chentao@kylinos.cn


Signed-off-by: default avatarJuergen Gross <jgross@suse.com>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
Signed-off-by: default avatarYuntao Liu <liuyuntao12@huawei.com>
parent 3ef20c57

arch/x86/xen/smp.c

+10 −0
Original line number Diff line number Diff line
@@ -65,6 +65,8 @@ int xen_smp_intr_init(unsigned int cpu) 
	char *resched_name, *callfunc_name, *debug_name;



	resched_name = kasprintf(GFP_KERNEL, "resched%d", cpu);

	if (!resched_name)

		goto fail_mem;

	rc = bind_ipi_to_irqhandler(XEN_RESCHEDULE_VECTOR,

				    cpu,

				    xen_reschedule_interrupt,
@@ -77,6 +79,8 @@ int xen_smp_intr_init(unsigned int cpu) 
	per_cpu(xen_resched_irq, cpu).name = resched_name;



	callfunc_name = kasprintf(GFP_KERNEL, "callfunc%d", cpu);

	if (!callfunc_name)

		goto fail_mem;

	rc = bind_ipi_to_irqhandler(XEN_CALL_FUNCTION_VECTOR,

				    cpu,

				    xen_call_function_interrupt,
@@ -90,6 +94,8 @@ int xen_smp_intr_init(unsigned int cpu) 


	if (!xen_fifo_events) {

		debug_name = kasprintf(GFP_KERNEL, "debug%d", cpu);

		if (!debug_name)

				goto fail_mem;

		rc = bind_virq_to_irqhandler(VIRQ_DEBUG, cpu,

					     xen_debug_interrupt,

					     IRQF_PERCPU | IRQF_NOBALANCING,
@@ -101,6 +107,8 @@ int xen_smp_intr_init(unsigned int cpu) 
	}



	callfunc_name = kasprintf(GFP_KERNEL, "callfuncsingle%d", cpu);

	if (!callfunc_name)

			goto fail_mem;

	rc = bind_ipi_to_irqhandler(XEN_CALL_FUNCTION_SINGLE_VECTOR,

				    cpu,

				    xen_call_function_single_interrupt,
@@ -114,6 +122,8 @@ int xen_smp_intr_init(unsigned int cpu) 


	return 0;



 fail_mem:

	rc = -ENOMEM;

 fail:

	xen_smp_intr_free(cpu);

	return rc;