From: Markus Elfring <[email protected]>
Date: Fri, 29 Dec 2023 20:43:12 +0100
The kfree() function was called in one case by
the allocate_mr_list() function during error handling
even if the passed variable contained a null pointer.
This issue was detected by using the Coccinelle software.
Thus use another label.
Signed-off-by: Markus Elfring <[email protected]>
---
fs/smb/client/smbdirect.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/smb/client/smbdirect.c b/fs/smb/client/smbdirect.c
index 94df9eec3d8d..d74e829de51c 100644
--- a/fs/smb/client/smbdirect.c
+++ b/fs/smb/client/smbdirect.c
@@ -2136,7 +2136,7 @@ static int allocate_mr_list(struct smbd_connection *info)
for (i = 0; i < info->responder_resources * 2; i++) {
smbdirect_mr = kzalloc(sizeof(*smbdirect_mr), GFP_KERNEL);
if (!smbdirect_mr)
- goto out;
+ goto cleanup_entries;
smbdirect_mr->mr = ib_alloc_mr(info->pd, info->mr_type,
info->max_frmr_depth);
if (IS_ERR(smbdirect_mr->mr)) {
@@ -2162,7 +2162,7 @@ static int allocate_mr_list(struct smbd_connection *info)
out:
kfree(smbdirect_mr);
-
+cleanup_entries:
list_for_each_entry_safe(smbdirect_mr, tmp, &info->mr_list, list) {
list_del(&smbdirect_mr->list);
ib_dereg_mr(smbdirect_mr->mr);
--
2.43.0
merged into cifs-2.6.git for-next
On Sat, Dec 30, 2023 at 3:47 AM Markus Elfring <[email protected]> wrote:
>
> From: Markus Elfring <[email protected]>
> Date: Fri, 29 Dec 2023 20:43:12 +0100
>
> The kfree() function was called in one case by
> the allocate_mr_list() function during error handling
> even if the passed variable contained a null pointer.
> This issue was detected by using the Coccinelle software.
>
> Thus use another label.
>
> Signed-off-by: Markus Elfring <[email protected]>
> ---
> fs/smb/client/smbdirect.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/fs/smb/client/smbdirect.c b/fs/smb/client/smbdirect.c
> index 94df9eec3d8d..d74e829de51c 100644
> --- a/fs/smb/client/smbdirect.c
> +++ b/fs/smb/client/smbdirect.c
> @@ -2136,7 +2136,7 @@ static int allocate_mr_list(struct smbd_connection *info)
> for (i = 0; i < info->responder_resources * 2; i++) {
> smbdirect_mr = kzalloc(sizeof(*smbdirect_mr), GFP_KERNEL);
> if (!smbdirect_mr)
> - goto out;
> + goto cleanup_entries;
> smbdirect_mr->mr = ib_alloc_mr(info->pd, info->mr_type,
> info->max_frmr_depth);
> if (IS_ERR(smbdirect_mr->mr)) {
> @@ -2162,7 +2162,7 @@ static int allocate_mr_list(struct smbd_connection *info)
>
> out:
> kfree(smbdirect_mr);
> -
> +cleanup_entries:
> list_for_each_entry_safe(smbdirect_mr, tmp, &info->mr_list, list) {
> list_del(&smbdirect_mr->list);
> ib_dereg_mr(smbdirect_mr->mr);
> --
> 2.43.0
>
>
--
Thanks,
Steve