From: Kris Van Hees <kris.van.hees@oracle.com>
Date: Fri, 21 Jul 2017 02:51:44 +0000 (-0400)
Subject: dtrace: failing to allocate more ECB space can cause a crash
X-Git-Tag: v4.1.12-111.0.20170918_2215~182^2~6
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=61877e691cc22462476fe529c9aeb70ecc7c6433;p=users%2Fjedix%2Flinux-maple.git

dtrace: failing to allocate more ECB space can cause a crash

The existing code was not taking into consideration that when the
table of ECBs needs to be expanded, the memory allocation can fail.
This could lead to a NULL pointer access, and a kernel crash.  We
now check the result of the allocation, and bail out if it fails.

Orabug: 26503342
Signed-off-by: Kris Van Hees <kris.van.hees@oracle.com>
Reviewed-by: Tomas Jedlicka <tomas.jedlicka@oracle.com>
---

diff --git a/dtrace/dtrace_ecb.c b/dtrace/dtrace_ecb.c
index f26c85213aba..7b2bd735da6d 100644
--- a/dtrace/dtrace_ecb.c
+++ b/dtrace/dtrace_ecb.c
@@ -547,6 +547,11 @@ static dtrace_ecb_t *dtrace_ecb_add(dtrace_state_t *state,
 		}
 
 		ecbs = vzalloc(necbs * sizeof(*ecbs));
+		if (ecbs == NULL) {
+			kfree(ecb);
+			return NULL;
+		}
+
 		if (oecbs != NULL)
 			memcpy(ecbs, oecbs, state->dts_necbs * sizeof(*ecbs));
 
@@ -591,6 +596,9 @@ static dtrace_ecb_t *dtrace_ecb_create(dtrace_state_t *state,
 	ASSERT(state != NULL);
 
 	ecb = dtrace_ecb_add(state, probe);
+	if (ecb == NULL)
+		return NULL;
+
 	ecb->dte_uarg = desc->dted_uarg;
 
 	if ((pred = desc->dted_pred.dtpdd_predicate) != NULL) {