irqbalance/prevent-NULL-pointer-dereference-when-memory-allocat.patch

From f37fe357b21ffd7ab210b088c36300d9562406cb Mon Sep 17 00:00:00 2001
From: liuchao173 <liuchao173@huawei.com>
Date: Thu, 7 Nov 2019 09:26:30 +0000
Subject: [PATCH 4/8] backport: prevent NULL pointer dereference when memory
 allocation failure

There are several places where memory allocation does not check return
values, adding null pointer checks.

Signed-off-by: Yunfeng Ye <yeyunfeng@huawei.com>
---
 cputree.c    |  2 ++
 irqbalance.c | 20 ++++++++++++++++++++
 2 files changed, 22 insertions(+)

diff --git a/cputree.c b/cputree.c
index 91919ec..9cd2db8 100644
--- a/cputree.c
+++ b/cputree.c
@@ -432,6 +432,8 @@ static void dump_irq(struct irq_info *info, void *data)
 	int i;
 	char * indent = malloc (sizeof(char) * (spaces + 1));
 
+	if (!indent)
+		return;
 	for ( i = 0; i < spaces; i++ )
 		indent[i] = log_indent[0];
 
diff --git a/irqbalance.c b/irqbalance.c
index 93e4909..c9378d0 100644
--- a/irqbalance.c
+++ b/irqbalance.c
@@ -326,6 +326,9 @@ void get_irq_data(struct irq_info *irq, void *data)
 	else
 		*irqdata = realloc(*irqdata, strlen(*irqdata) + 24 + 1 + 11 + 20 + 20 + 11);
 
+	if (!*irqdata)
+		return;
+
 	sprintf(*irqdata + strlen(*irqdata),
 			"IRQ %d LOAD %lu DIFF %lu CLASS %d ", irq->irq, irq->load,
 			(irq->irq_count - irq->last_irq_count), irq->class);
@@ -357,6 +360,9 @@ void get_object_stat(struct topo_obj *object, void *data)
 		*stats = realloc(*stats, strlen(*stats) + irqdlen + 31 + 11 + 20 + 11 + 1);
 	}
 
+	if (!*stats)
+		return;
+
 	sprintf(*stats + strlen(*stats), "TYPE %d NUMBER %d LOAD %lu SAVE_MODE %d %s",
 			object->obj_type, object->number, object->load,
 			object->powersave_mode, irq_data ? irq_data : "");
@@ -393,6 +399,10 @@ gboolean sock_handle(gint fd, GIOCondition condition, gpointer user_data __attri
 			goto out_close;
 		}
 		cmsg = CMSG_FIRSTHDR(&msg);
+		if (!cmsg) {
+			log(TO_ALL, LOG_WARNING, "Connection no memory.\n");
+			goto out_close;
+		}
 		if ((cmsg->cmsg_level == SOL_SOCKET) &&
 				(cmsg->cmsg_type == SCM_CREDENTIALS)) {
 			struct ucred *credentials = (struct ucred *) CMSG_DATA(cmsg);
@@ -416,6 +426,8 @@ gboolean sock_handle(gint fd, GIOCondition condition, gpointer user_data __attri
 							strlen("sleep ")))) {
 				char *sleep_string = malloc(
 						sizeof(char) * (recv_size - strlen("settings sleep ")));
+				if (!sleep_string)
+					goto out_close;
 				strncpy(sleep_string, buff + strlen("settings sleep "),
 						recv_size - strlen("settings sleep "));
 				int new_iterval = strtoul(sleep_string, NULL, 10);
@@ -428,6 +440,8 @@ gboolean sock_handle(gint fd, GIOCondition condition, gpointer user_data __attri
 				char *end;
 				char *irq_string = malloc(
 						sizeof(char) * (recv_size - strlen("settings ban irqs ")));
+				if (!irq_string)
+					goto out_close;
 				strncpy(irq_string, buff + strlen("settings ban irqs "),
 						recv_size - strlen("settings ban irqs "));
 				g_list_free_full(cl_banned_irqs, free);
@@ -446,6 +460,8 @@ gboolean sock_handle(gint fd, GIOCondition condition, gpointer user_data __attri
 							strlen("cpus")))) {
 				char *cpu_ban_string = malloc(
 						sizeof(char) * (recv_size - strlen("settings cpus ")));
+				if (!cpu_ban_string)
+					goto out_close;
 				strncpy(cpu_ban_string, buff + strlen("settings cpus "),
 						recv_size - strlen("settings cpus "));
 				banned_cpumask_from_ui = strtok(cpu_ban_string, " ");
@@ -459,12 +475,16 @@ gboolean sock_handle(gint fd, GIOCondition condition, gpointer user_data __attri
 		if (!strncmp(buff, "setup", strlen("setup"))) {
 			char banned[512];
 			char *setup = calloc(strlen("SLEEP  ") + 11 + 1, 1);
+			if (!setup)
+				goto out_close;
 			snprintf(setup, strlen("SLEEP  ") + 11 + 1, "SLEEP %d ", sleep_interval);
 			if(g_list_length(cl_banned_irqs) > 0) {
 				for_each_irq(cl_banned_irqs, get_irq_data, setup);
 			}
 			cpumask_scnprintf(banned, 512, banned_cpus);
 			setup = realloc(setup, strlen(setup) + strlen(banned) + 7 + 1);
+			if (!setup)
+				goto out_close;
 			snprintf(setup + strlen(setup), strlen(banned) + 7 + 1,
 					"BANNED %s", banned);
 			send(sock, setup, strlen(setup), 0);
-- 
2.19.1
Package init 2019-11-19 14:11:38 +08:00			`From f37fe357b21ffd7ab210b088c36300d9562406cb Mon Sep 17 00:00:00 2001`
			`From: liuchao173 <liuchao173@huawei.com>`
			`Date: Thu, 7 Nov 2019 09:26:30 +0000`
			`Subject: [PATCH 4/8] backport: prevent NULL pointer dereference when memory`
			`allocation failure`

			`There are several places where memory allocation does not check return`
			`values, adding null pointer checks.`

			`Signed-off-by: Yunfeng Ye <yeyunfeng@huawei.com>`
			`---`
			`cputree.c \| 2 ++`
			`irqbalance.c \| 20 ++++++++++++++++++++`
			`2 files changed, 22 insertions(+)`

			`diff --git a/cputree.c b/cputree.c`
			`index 91919ec..9cd2db8 100644`
			`--- a/cputree.c`
			`+++ b/cputree.c`
			`@@ -432,6 +432,8 @@ static void dump_irq(struct irq_info info, void data)`
			`int i;`
			`char * indent = malloc (sizeof(char) * (spaces + 1));`

			`+ if (!indent)`
			`+ return;`
			`for ( i = 0; i < spaces; i++ )`
			`indent[i] = log_indent[0];`

			`diff --git a/irqbalance.c b/irqbalance.c`
			`index 93e4909..c9378d0 100644`
			`--- a/irqbalance.c`
			`+++ b/irqbalance.c`
			`@@ -326,6 +326,9 @@ void get_irq_data(struct irq_info irq, void data)`
			`else`
			`irqdata = realloc(irqdata, strlen(*irqdata) + 24 + 1 + 11 + 20 + 20 + 11);`

			`+ if (!*irqdata)`
			`+ return;`
			`+`
			`sprintf(irqdata + strlen(irqdata),`
			`"IRQ %d LOAD %lu DIFF %lu CLASS %d ", irq->irq, irq->load,`
			`(irq->irq_count - irq->last_irq_count), irq->class);`
			`@@ -357,6 +360,9 @@ void get_object_stat(struct topo_obj object, void data)`
			`stats = realloc(stats, strlen(*stats) + irqdlen + 31 + 11 + 20 + 11 + 1);`
			`}`

			`+ if (!*stats)`
			`+ return;`
			`+`
			`sprintf(stats + strlen(stats), "TYPE %d NUMBER %d LOAD %lu SAVE_MODE %d %s",`
			`object->obj_type, object->number, object->load,`
			`object->powersave_mode, irq_data ? irq_data : "");`
			`@@ -393,6 +399,10 @@ gboolean sock_handle(gint fd, GIOCondition condition, gpointer user_data __attri`
			`goto out_close;`
			`}`
			`cmsg = CMSG_FIRSTHDR(&msg);`
			`+ if (!cmsg) {`
			`+ log(TO_ALL, LOG_WARNING, "Connection no memory.\n");`
			`+ goto out_close;`
			`+ }`
			`if ((cmsg->cmsg_level == SOL_SOCKET) &&`
			`(cmsg->cmsg_type == SCM_CREDENTIALS)) {`
			`struct ucred credentials = (struct ucred ) CMSG_DATA(cmsg);`
			`@@ -416,6 +426,8 @@ gboolean sock_handle(gint fd, GIOCondition condition, gpointer user_data __attri`
			`strlen("sleep ")))) {`
			`char *sleep_string = malloc(`
			`sizeof(char) * (recv_size - strlen("settings sleep ")));`
			`+ if (!sleep_string)`
			`+ goto out_close;`
			`strncpy(sleep_string, buff + strlen("settings sleep "),`
			`recv_size - strlen("settings sleep "));`
			`int new_iterval = strtoul(sleep_string, NULL, 10);`
			`@@ -428,6 +440,8 @@ gboolean sock_handle(gint fd, GIOCondition condition, gpointer user_data __attri`
			`char *end;`
			`char *irq_string = malloc(`
			`sizeof(char) * (recv_size - strlen("settings ban irqs ")));`
			`+ if (!irq_string)`
			`+ goto out_close;`
			`strncpy(irq_string, buff + strlen("settings ban irqs "),`
			`recv_size - strlen("settings ban irqs "));`
			`g_list_free_full(cl_banned_irqs, free);`
			`@@ -446,6 +460,8 @@ gboolean sock_handle(gint fd, GIOCondition condition, gpointer user_data __attri`
			`strlen("cpus")))) {`
			`char *cpu_ban_string = malloc(`
			`sizeof(char) * (recv_size - strlen("settings cpus ")));`
			`+ if (!cpu_ban_string)`
			`+ goto out_close;`
			`strncpy(cpu_ban_string, buff + strlen("settings cpus "),`
			`recv_size - strlen("settings cpus "));`
			`banned_cpumask_from_ui = strtok(cpu_ban_string, " ");`
			`@@ -459,12 +475,16 @@ gboolean sock_handle(gint fd, GIOCondition condition, gpointer user_data __attri`
			`if (!strncmp(buff, "setup", strlen("setup"))) {`
			`char banned[512];`
			`char *setup = calloc(strlen("SLEEP ") + 11 + 1, 1);`
			`+ if (!setup)`
			`+ goto out_close;`
			`snprintf(setup, strlen("SLEEP ") + 11 + 1, "SLEEP %d ", sleep_interval);`
			`if(g_list_length(cl_banned_irqs) > 0) {`
			`for_each_irq(cl_banned_irqs, get_irq_data, setup);`
			`}`
			`cpumask_scnprintf(banned, 512, banned_cpus);`
			`setup = realloc(setup, strlen(setup) + strlen(banned) + 7 + 1);`
			`+ if (!setup)`
			`+ goto out_close;`
			`snprintf(setup + strlen(setup), strlen(banned) + 7 + 1,`
			`"BANNED %s", banned);`
			`send(sock, setup, strlen(setup), 0);`
			`--`
			`2.19.1`