dtrace: failing to allocate more ECB space can cause a crash

The existing code was not taking into consideration that when the
table of ECBs needs to be expanded, the memory allocation can fail.
This could lead to a NULL pointer access, and a kernel crash.  We
now check the result of the allocation, and bail out if it fails.

Orabug: 26503342
Signed-off-by: Kris Van Hees <kris.van.hees@oracle.com>
Reviewed-by: Tomas Jedlicka <tomas.jedlicka@oracle.com>

diff --git a/dtrace/dtrace_ecb.c b/dtrace/dtrace_ecb.c
index f26c85213aba98724ef4812f11743472100991f5..7b2bd735da6df37c1f9876fb1799287402b77fb2 100644 (file)
--- a/dtrace/dtrace_ecb.c
+++ b/dtrace/dtrace_ecb.c
@@ -547,6 +547,11 @@ static dtrace_ecb_t *dtrace_ecb_add(dtrace_state_t *state,
                }
 
                ecbs = vzalloc(necbs * sizeof(*ecbs));
+               if (ecbs == NULL) {
+                       kfree(ecb);
+                       return NULL;
+               }
+
                if (oecbs != NULL)
                        memcpy(ecbs, oecbs, state->dts_necbs * sizeof(*ecbs));
 
@@ -591,6 +596,9 @@ static dtrace_ecb_t *dtrace_ecb_create(dtrace_state_t *state,
        ASSERT(state != NULL);
 
        ecb = dtrace_ecb_add(state, probe);
+       if (ecb == NULL)
+               return NULL;
+
        ecb->dte_uarg = desc->dted_uarg;
 
        if ((pred = desc->dted_pred.dtpdd_predicate) != NULL) {