From: Dan Carpenter <dan.carpenter@oracle.com> mainline inclusion from mainline-v5.15 commit a1b04d380ab64790a7b4a8eb52e14679e47065ab category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I4G67J?from=project-issue CVE: NA ---------------------------------------------------------------------- Add a check for when the kzalloc() in init_rsttbl() fails. Some of the callers checked for NULL and some did not. I went down the call tree and added NULL checks where ever they were missing. Fixes: b46acd6a6a62 ("fs/ntfs3: Add NTFS journal") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Reviewed-by: Kari Argillander <kari.argillander@gmail.com> Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com> Signed-off-by: Yin Xiujiang <yinxiujiang@kylinos.cn> --- fs/ntfs3/fslog.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/fs/ntfs3/fslog.c b/fs/ntfs3/fslog.c index 2c213b55979e..7144ea8a9ab8 100644 --- a/fs/ntfs3/fslog.c +++ b/fs/ntfs3/fslog.c @@ -809,6 +809,9 @@ static inline struct RESTART_TABLE *init_rsttbl(u16 esize, u16 used) u32 lf = sizeof(struct RESTART_TABLE) + (used - 1) * esize; struct RESTART_TABLE *t = kzalloc(bytes, GFP_NOFS); + if (!t) + return NULL; + t->size = cpu_to_le16(esize); t->used = cpu_to_le16(used); t->free_goal = cpu_to_le32(~0u); @@ -831,7 +834,11 @@ static inline struct RESTART_TABLE *extend_rsttbl(struct RESTART_TABLE *tbl, u16 esize = le16_to_cpu(tbl->size); __le32 osize = cpu_to_le32(bytes_per_rt(tbl)); u32 used = le16_to_cpu(tbl->used); - struct RESTART_TABLE *rt = init_rsttbl(esize, used + add); + struct RESTART_TABLE *rt; + + rt = init_rsttbl(esize, used + add); + if (!rt) + return NULL; memcpy(rt + 1, tbl + 1, esize * used); @@ -864,8 +871,11 @@ static inline void *alloc_rsttbl_idx(struct RESTART_TABLE **tbl) __le32 *e; struct RESTART_TABLE *t = *tbl; - if (!t->first_free) + if (!t->first_free) { *tbl = t = extend_rsttbl(t, 16, ~0u); + if (!t) + return NULL; + } off = le32_to_cpu(t->first_free); @@ -4482,6 +4492,10 @@ int log_replay(struct ntfs_inode *ni, bool *initialized) } dp = alloc_rsttbl_idx(&dptbl); + if (!dp) { + err = -ENOMEM; + goto out; + } dp->target_attr = cpu_to_le32(t16); dp->transfer_len = cpu_to_le32(t32 << sbi->cluster_bits); dp->lcns_follow = cpu_to_le32(t32); -- 2.30.0