diff options
| author | Yurchenko Darya <d.urchenko@partner.samsung.com> | 2015-04-22 15:42:53 +0300 |
|---|---|---|
| committer | Yurchenko Darya <d.urchenko@partner.samsung.com> | 2015-04-24 15:02:56 +0300 |
| commit | b62a0aa5e1fc8fe434fa3f03363256b866779e76 (patch) | |
| tree | d9726ee2738214b727476c3bd805d8b716e29f5e | |
| parent | 898e1e017764c13d0dda84a1a96bee687743ee70 (diff) | |
| download | swap-modules-b62a0aa5e1fc8fe434fa3f03363256b866779e76.tar.gz swap-modules-b62a0aa5e1fc8fe434fa3f03363256b866779e76.tar.bz2 swap-modules-b62a0aa5e1fc8fe434fa3f03363256b866779e76.zip | |
[FIX] prevent issues
Change-Id: I5470a3e52e299163f9548534527175c584bcfc24
Signed-off-by: Darya Yurchenko <d.urchenko@partner.samsung.com>
| -rw-r--r-- | driver/device_driver.c | 8 | ||||
| -rw-r--r-- | kprobe/arch/arm/swap-asm/swap_kprobes.c | 2 | ||||
| -rw-r--r-- | kprobe/swap_slots.c | 16 | ||||
| -rw-r--r-- | ks_features/ks_features.c | 2 | ||||
| -rw-r--r-- | ks_manager/ks_manager.c | 14 | ||||
| -rw-r--r-- | us_manager/img/img_file.c | 10 | ||||
| -rw-r--r-- | us_manager/img/img_ip.c | 9 | ||||
| -rw-r--r-- | us_manager/img/img_proc.c | 5 | ||||
| -rw-r--r-- | us_manager/pf/pf_group.c | 23 | ||||
| -rw-r--r-- | us_manager/pf/proc_filters.c | 12 | ||||
| -rw-r--r-- | us_manager/sspt/sspt_file.c | 16 | ||||
| -rw-r--r-- | us_manager/sspt/sspt_proc.c | 3 | ||||
| -rw-r--r-- | us_manager/us_slot_manager.c | 14 | ||||
| -rw-r--r-- | writer/debugfs_writer.c | 3 |
14 files changed, 101 insertions, 36 deletions
diff --git a/driver/device_driver.c b/driver/device_driver.c index bd015195..52e46bf9 100644 --- a/driver/device_driver.c +++ b/driver/device_driver.c @@ -58,7 +58,7 @@ /** Maximum subbuffer size. Used for sanitization checks. */ #define MAXIMUM_SUBBUFFER_SIZE (64 * 1024) - +#define MAXIMUM_COUNT_SIZE 1000000 /* swap_device driver routines */ static int swap_device_open(struct inode *inode, struct file *filp); static int swap_device_release(struct inode *inode, struct file *file); @@ -346,6 +346,12 @@ static long swap_device_ioctl(struct file *filp, unsigned int cmd, break; } + if (initialize_struct.count > MAXIMUM_COUNT_SIZE) { + print_err("Wrong count size\n"); + result = -E_SD_WRONG_ARGS; + break; + } + result = driver_to_buffer_initialize(initialize_struct.size, initialize_struct.count); if (result < 0) { diff --git a/kprobe/arch/arm/swap-asm/swap_kprobes.c b/kprobe/arch/arm/swap-asm/swap_kprobes.c index e0b989b1..946c1ee7 100644 --- a/kprobe/arch/arm/swap-asm/swap_kprobes.c +++ b/kprobe/arch/arm/swap-asm/swap_kprobes.c @@ -811,6 +811,8 @@ int set_jump_cb(unsigned long ret_addr, struct pt_regs *regs, struct cb_data *cb_data; cb_data = kmalloc(sizeof(*cb_data) + size, GFP_ATOMIC); + if (cb_data == NULL) + return -ENOMEM; /* save data */ cb_data->ret_addr = ret_addr; diff --git a/kprobe/swap_slots.c b/kprobe/swap_slots.c index 2fcbb754..4bcecaba 100644 --- a/kprobe/swap_slots.c +++ b/kprobe/swap_slots.c @@ -81,7 +81,7 @@ struct fixed_alloc struct chunk chunk; }; -static void chunk_init(struct chunk *chunk, void *data, size_t size, size_t size_block) +static int chunk_init(struct chunk *chunk, void *data, size_t size, size_t size_block) { unsigned long i; unsigned long *p; @@ -93,11 +93,17 @@ static void chunk_init(struct chunk *chunk, void *data, size_t size, size_t size chunk->size = chunk->count_available; chunk->index = kmalloc(sizeof(*chunk->index)*chunk->count_available, GFP_ATOMIC); - + if (chunk->index == NULL) { + printk("ERROR: cannot allocate memory for chunk index\n"); + return -ENOMEM; + } p = chunk->index; + for (i = 0; i != chunk->count_available; ++p) { *p = ++i; } + + return 0; } static void chunk_uninit(struct chunk *chunk) @@ -164,7 +170,11 @@ static struct fixed_alloc *create_fixed_alloc(struct slot_manager *sm) return NULL; } - chunk_init(&fa->chunk, data, PAGE_SIZE/sizeof(unsigned long), sm->slot_size); + if (chunk_init(&fa->chunk, data, PAGE_SIZE/sizeof(unsigned long), sm->slot_size)) { + sm->free(sm, data); + kfree(fa); + return NULL; + } return fa; } diff --git a/ks_features/ks_features.c b/ks_features/ks_features.c index 303af2ab..7b7cb8a8 100644 --- a/ks_features/ks_features.c +++ b/ks_features/ks_features.c @@ -297,7 +297,7 @@ static int unregister_multiple_syscalls(size_t *id_p, size_t cnt) --cnt; - rpp = kmalloc(GFP_KERNEL, sizeof(&(((struct ks_probe *) 0)->rp)) * cnt); + rpp = kmalloc(sizeof(*rpp) * cnt, GFP_KERNEL); if (rpp == NULL) { for (; cnt != end; --cnt) { ret = unregister_syscall(id_p[cnt]); diff --git a/ks_manager/ks_manager.c b/ks_manager/ks_manager.c index e183a79f..5e68a549 100644 --- a/ks_manager/ks_manager.c +++ b/ks_manager/ks_manager.c @@ -39,13 +39,13 @@ static struct probe *create_probe(unsigned long addr, void *pre_handler, void *jp_handler, void *rp_handler) { struct probe *p = kzalloc(sizeof(*p), GFP_KERNEL); - - p->p.jp.kp.addr = p->p.rp.kp.addr = (void *)addr; - p->p.jp.pre_entry = pre_handler; - p->p.jp.entry = jp_handler; - p->p.rp.handler = rp_handler; - INIT_HLIST_NODE(&p->hlist); - + if (p) { + p->p.jp.kp.addr = p->p.rp.kp.addr = (void *)addr; + p->p.jp.pre_entry = pre_handler; + p->p.jp.entry = jp_handler; + p->p.rp.handler = rp_handler; + INIT_HLIST_NODE(&p->hlist); + } return p; } diff --git a/us_manager/img/img_file.c b/us_manager/img/img_file.c index 6a2d4052..1386ff0c 100644 --- a/us_manager/img/img_file.c +++ b/us_manager/img/img_file.c @@ -42,9 +42,13 @@ struct img_file *create_img_file(struct dentry *dentry) struct img_file *file; file = kmalloc(sizeof(*file), GFP_KERNEL); - file->dentry = dentry; - INIT_LIST_HEAD(&file->ip_list); - INIT_LIST_HEAD(&file->list); + if (file) { + file->dentry = dentry; + INIT_LIST_HEAD(&file->ip_list); + INIT_LIST_HEAD(&file->list); + } else { + printk("Cannot allocate memory for file\n"); + } return file; } diff --git a/us_manager/img/img_ip.c b/us_manager/img/img_ip.c index 102d9f08..218c1be5 100644 --- a/us_manager/img/img_ip.c +++ b/us_manager/img/img_ip.c @@ -41,12 +41,21 @@ struct img_ip *create_img_ip(unsigned long addr, const char *args, size_t len; ip = kmalloc(sizeof(*ip), GFP_KERNEL); + if (ip == NULL) { + printk("Error: cannot allocate memory for ip\n"); + return NULL; + } INIT_LIST_HEAD(&ip->list); ip->addr = addr; /* copy args */ len = strlen(args) + 1; ip->args = kmalloc(len, GFP_KERNEL); + if (ip->args == NULL) { + printk("Error: cannot allocate memory for ip args\n"); + kfree(ip); + return NULL; + } memcpy(ip->args, args, len); ip->ret_type = ret_type; diff --git a/us_manager/img/img_proc.c b/us_manager/img/img_proc.c index ce7749ae..3bbf0782 100644 --- a/us_manager/img/img_proc.c +++ b/us_manager/img/img_proc.c @@ -39,7 +39,10 @@ struct img_proc *create_img_proc(void) struct img_proc *proc; proc = kmalloc(sizeof(*proc), GFP_KERNEL); - INIT_LIST_HEAD(&proc->file_list); + if (proc) + INIT_LIST_HEAD(&proc->file_list); + else + printk("Cannot allocate memory for img_proc\n"); return proc; } diff --git a/us_manager/pf/pf_group.c b/us_manager/pf/pf_group.c index e5667b00..be0bfc3f 100644 --- a/us_manager/pf/pf_group.c +++ b/us_manager/pf/pf_group.c @@ -54,10 +54,12 @@ static LIST_HEAD(pfg_list); static struct pl_struct *create_pl_struct(struct sspt_proc *proc) { struct pl_struct *pls = kmalloc(sizeof(*pls), GFP_KERNEL); - - INIT_LIST_HEAD(&pls->list); - pls->proc = proc; - + if (pls) { + INIT_LIST_HEAD(&pls->list); + pls->proc = proc; + } else { + printk("Cannot allocate memory for pl_struct\n"); + } return pls; } @@ -123,12 +125,15 @@ static struct sspt_proc *new_proc_by_pfg(struct pf_group *pfg, struct sspt_proc *proc; proc = sspt_proc_get_by_task_or_new(task, pfg->filter.priv); - copy_proc_form_img_to_sspt(pfg->i_proc, proc); - sspt_proc_add_filter(proc, pfg); - - pls = create_pl_struct(proc); - add_pl_struct(pfg, pls); + if (proc) { + copy_proc_form_img_to_sspt(pfg->i_proc, proc); + sspt_proc_add_filter(proc, pfg); + pls = create_pl_struct(proc); + add_pl_struct(pfg, pls); + } else { + printk("sspt_proc_get_by_task return NULL\n"); + } return proc; } /* struct pl_struct */ diff --git a/us_manager/pf/proc_filters.c b/us_manager/pf/proc_filters.c index 210fd879..e42d7437 100644 --- a/us_manager/pf/proc_filters.c +++ b/us_manager/pf/proc_filters.c @@ -88,6 +88,9 @@ static struct task_struct *call_by_comm(struct proc_filter *self, char *comm = (char *)self->data; size_t len = strnlen(comm, TASK_COMM_LEN); + if (comm == NULL) + return NULL; + if (!strncmp(comm, task->comm, len)) return task; @@ -154,8 +157,13 @@ void set_pf_by_comm(struct proc_filter *pf, char *comm, void *priv) pf->call = &call_by_comm; pf->data = kmalloc(len, GFP_KERNEL); - memset(pf->data, 0, len); - memcpy(pf->data, comm, len - 1); + if (pf->data) { + memset(pf->data, 0, len); + memcpy(pf->data, comm, len - 1); + } else { + printk("Error: cannot allocate memory for data\n"); + } + pf->priv = priv; } diff --git a/us_manager/sspt/sspt_file.c b/us_manager/sspt/sspt_file.c index c4875503..ae664286 100644 --- a/us_manager/sspt/sspt_file.c +++ b/us_manager/sspt/sspt_file.c @@ -64,7 +64,11 @@ struct sspt_file *sspt_file_create(struct dentry *dentry, int page_cnt) table_size = (1 << obj->page_probes_hash_bits); obj->page_probes_table = kmalloc(sizeof(*obj->page_probes_table)*table_size, GFP_ATOMIC); - + if (obj->page_probes_table == NULL) { + printk("Cannot allocate memory for page probes table\n"); + kfree(obj); + return NULL; + } for (i = 0; i < table_size; ++i) { INIT_HLIST_HEAD(&obj->page_probes_table[i]); } @@ -128,6 +132,10 @@ static struct sspt_page *sspt_find_page_or_new(struct sspt_file *file, unsigned if (page == NULL) { page = sspt_page_create(offset); + if (page == NULL) { + printk("Cannot create new page\n"); + return NULL; + } sspt_add_page(file, page); } @@ -173,8 +181,10 @@ void sspt_file_add_ip(struct sspt_file *file, unsigned long offset, // FIXME: delete ip struct us_ip *ip = create_ip(offset, args, ret_type); - - sspt_add_ip(page, ip); + if (ip) + sspt_add_ip(page, ip); + else + printk("ERROR: cannot create ip \n"); } /** diff --git a/us_manager/sspt/sspt_proc.c b/us_manager/sspt/sspt_proc.c index b76b136e..cf112418 100644 --- a/us_manager/sspt/sspt_proc.c +++ b/us_manager/sspt/sspt_proc.c @@ -276,7 +276,8 @@ struct sspt_file *sspt_proc_find_file_or_new(struct sspt_proc *proc, file = sspt_proc_find_file(proc, dentry); if (file == NULL) { file = sspt_file_create(dentry, 10); - sspt_proc_add_file(proc, file); + if (file) + sspt_proc_add_file(proc, file); } return file; diff --git a/us_manager/us_slot_manager.c b/us_manager/us_slot_manager.c index 126b5df8..0deeee3b 100644 --- a/us_manager/us_slot_manager.c +++ b/us_manager/us_slot_manager.c @@ -76,11 +76,15 @@ static void sm_free_us(struct slot_manager *sm, void *ptr) struct slot_manager *create_sm_us(struct task_struct *task) { struct slot_manager *sm = kmalloc(sizeof(*sm), GFP_ATOMIC); - sm->slot_size = UPROBES_TRAMP_LEN; - sm->alloc = sm_alloc_us; - sm->free = sm_free_us; - INIT_HLIST_HEAD(&sm->page_list); - sm->data = task; + if (sm) { + sm->slot_size = UPROBES_TRAMP_LEN; + sm->alloc = sm_alloc_us; + sm->free = sm_free_us; + INIT_HLIST_HEAD(&sm->page_list); + sm->data = task; + } else { + printk("Can't allocate memory for slot manager \n"); + } return sm; } diff --git a/writer/debugfs_writer.c b/writer/debugfs_writer.c index a09cd373..65347b0e 100644 --- a/writer/debugfs_writer.c +++ b/writer/debugfs_writer.c @@ -178,6 +178,9 @@ static ssize_t read_filter(struct file *file, char __user *user_buf, ssize_t ret; buf = kmalloc(len + 2, GFP_KERNEL); + if (buf == NULL) + return -ENOMEM; + memcpy(buf, name, len); buf[len] = '\0'; |