In case kmemdup fails, the fix releases resources and returns to avoid the NULL pointer dereference.
Signed-off-by: Aditya Pakki <[email protected]> --- v2: Replace incorrect kfree with ida_simple_remove, suggested by Johannes Thumshirn v1: Free nd_btt->id in case of failure and avoid double free, suggested by Dan Williams --- drivers/nvdimm/btt_devs.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/drivers/nvdimm/btt_devs.c b/drivers/nvdimm/btt_devs.c index b72a303176c7..f73fb5fdc93f 100644 --- a/drivers/nvdimm/btt_devs.c +++ b/drivers/nvdimm/btt_devs.c @@ -204,8 +204,11 @@ static struct device *__nd_btt_create(struct nd_region *nd_region, } nd_btt->lbasize = lbasize; - if (uuid) + if (uuid) { uuid = kmemdup(uuid, 16, GFP_KERNEL); + if (!uuid) + goto out_put_id; + } nd_btt->uuid = uuid; dev = &nd_btt->dev; dev_set_name(dev, "btt%d.%d", nd_region->id, nd_btt->id); @@ -220,6 +223,11 @@ static struct device *__nd_btt_create(struct nd_region *nd_region, return NULL; } return dev; + +out_put_id: + ida_simple_remove(&nd_region->btt_ida, nd_btt->id); + kfree(nd_btt); + return NULL; } struct device *nd_btt_create(struct nd_region *nd_region) -- 2.17.1 _______________________________________________ Linux-nvdimm mailing list [email protected] https://lists.01.org/mailman/listinfo/linux-nvdimm
