Commit 27daabd9 authored by Dan Carpenter's avatar Dan Carpenter Committed by Linus Torvalds

lib/scatterlist: error handling in __sg_alloc_table()

I was reviewing code which I suspected might allocate a zero size SG
table.  That will cause memory corruption.  Also we can't return before
doing the memset or we could end up using uninitialized memory in the
cleanup path.
Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
Cc: Akinobu Mita <akinobu.mita@gmail.com>
Cc: Imre Deak <imre.deak@intel.com>
Cc: Tejun Heo <tj@kernel.org>
Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
Cc: Maxim Levitsky <maximlevitsky@gmail.com>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent a4517511
...@@ -247,13 +247,15 @@ int __sg_alloc_table(struct sg_table *table, unsigned int nents, ...@@ -247,13 +247,15 @@ int __sg_alloc_table(struct sg_table *table, unsigned int nents,
struct scatterlist *sg, *prv; struct scatterlist *sg, *prv;
unsigned int left; unsigned int left;
memset(table, 0, sizeof(*table));
if (nents == 0)
return -EINVAL;
#ifndef ARCH_HAS_SG_CHAIN #ifndef ARCH_HAS_SG_CHAIN
if (WARN_ON_ONCE(nents > max_ents)) if (WARN_ON_ONCE(nents > max_ents))
return -EINVAL; return -EINVAL;
#endif #endif
memset(table, 0, sizeof(*table));
left = nents; left = nents;
prv = NULL; prv = NULL;
do { do {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment