Bug 188611
| Summary: | Function extcon_sync() returns an improper value when the call to get_zeroed_page() fails. | ||
|---|---|---|---|
| Product: | Drivers | Reporter: | bianpan (bianpan2010) |
| Component: | Other | Assignee: | drivers_other |
| Status: | RESOLVED CODE_FIX | ||
| Severity: | normal | ||
| Priority: | P1 | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Kernel Version: | linux-4.9-rc6 | Subsystem: | |
| Regression: | No | Bisected commit-id: | |
| Attachments: | The patch fixes the bug | ||
Created attachment 256381 [details]
The patch fixes the bug
The patch has been merged into the lastest kernel version. So I will close it.
|
When there is no enough memory, function get_zeroed_page() will return a NULL pointer. In function extcon_sync() defined in file drivers/extcon/extcon.c, it returns 0 when the call to get_zeroed_page() (at line 448) returns a NULL pointer. 0 means success, which seems incorrect. Use "return -ENOMEM;" instead of "return 0" at line 456? Codes related to this bug are summarised as follows. extcon_sync @@ drivers/extcon/extcon.c 423 int extcon_sync(struct extcon_dev *edev, unsigned int id) 424 { ... 435 if (!edev) 436 return -EINVAL; 437 438 index = find_cable_index_by_id(edev, id); 439 if (index < 0) 440 return index; 441 442 spin_lock_irqsave(&edev->lock, flags); 443 444 state = !!(edev->state & BIT(index)); 445 raw_notifier_call_chain(&edev->nh[index], state, edev); 446 447 /* This could be in interrupt handler */ 448 prop_buf = (char *)get_zeroed_page(GFP_ATOMIC); 449 if (!prop_buf) { 450 /* Unlock early before uevent */ 451 spin_unlock_irqrestore(&edev->lock, flags); 452 453 dev_err(&edev->dev, "out of memory in extcon_set_state\n"); 454 kobject_uevent(&edev->dev.kobj, KOBJ_CHANGE); 455 456 return 0; // return -ENOMEM? 457 } ... 476 /* Unlock early before uevent */ 477 spin_unlock_irqrestore(&edev->lock, flags); 478 kobject_uevent_env(&edev->dev.kobj, KOBJ_CHANGE, envp); 479 free_page((unsigned long)prop_buf); 480 481 return 0; 482 } Thanks very much!