[SRU][Q/P/N/J][PATCH 0/1] UBUNTU: fan: fix possible NULL pointer dereference (LP: #2125053)

[Kleber Sacilotto de Souza]

BugLink: https://bugs.launchpad.net/bugs/2125053

[Impact]

In the UBUNTU SAUCE VXLAN implementation for fan, in 'vxlan_fan_add_map()' a
memory chunk is allocated to hold the a fan_map structure. However, the return
of 'kmalloc()' is not checked, therefore it can lead to a NULL pointer
dereference on allocation failure.

---
static int vxlan_fan_add_map(struct vxlan_dev *vxlan, struct ifla_fan_map *map)
{
[...]
        fan_map = kmalloc(sizeof(*fan_map), GFP_KERNEL);
        fan_map->underlay = map->underlay;
---

The issue was introduced by commit "UBUNTU: SAUCE: fan: add VXLAN implementation".

[Fix]

The fix is a simple check whether the memory allocation failed and return an
error if so. The function doesn't perform any other operation prior to calling
'kmalloc()' that needs to be rolled back on error, therefore it can simply
return -ENOMEM.

---
  fan_map = kmalloc(sizeof(*fan_map), GFP_KERNEL);
+ if (!fan_map)
+ return -ENOMEM;
---

[Test plan]

I have not tested the fix functionally, as the issue is hard to reproduce. This
code path is exercised by the 'ubuntu_fan_smoke_test' regression tests.

[Where problems could occur]

The fix is straightforward, however if issues are to occur they will happen
while creating new fan interface.

Kleber Sacilotto de Souza (1):
  UBUNTU: SAUCE: fan: vxlan: check memory allocation for map

 drivers/net/vxlan/vxlan_core.c | 3 +++
 1 file changed, 3 insertions(+)

-- 
2.43.0