Received: by 2002:ac0:bc90:0:0:0:0:0 with SMTP id a16csp3651799img; Mon, 25 Mar 2019 14:57:50 -0700 (PDT) X-Google-Smtp-Source: APXvYqwnohoSzIhHf4ldNCa/z0xOh7Q+nJtV1nj/sEftSkoya6FGwEvrF/5CbpccnMYcstT+kaPZ X-Received: by 2002:a17:902:22f:: with SMTP id 44mr27880434plc.138.1553551070870; Mon, 25 Mar 2019 14:57:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1553551070; cv=none; d=google.com; s=arc-20160816; b=wLR/5fVhAtB8q2z6w+GaBGPRQ+sDcDJaoynGl6NrXTxBBcPLg9bCY5l+8UI5EMdxl5 0xnZEkyL6fP9EzcNkdUno7p3nL0DJrSjoK9HjdE0MhsErEs3HWDXs7AxN4Kklzo4xJ96 iAebLG8/by9amNxpjbav5z9fOVC9WVBbYMhKof+MNWNQlTbion9bI+j6f2hgtdWerNAN bq4gf0LhqJ9mYX/TylD9HHO0EgE63zhcO7eH1v44XUGIpCZuUgWG8UTkUYQSrBfnSrJt S09WbwYb+Fz5LTlyK9LNxgovymr+g913WIlzN8Oua1D5V36hFLS2WveR7CtmfNqmvgUz 7kYg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :dkim-signature; bh=2vvXSIdAxQjf8zb5u5UoWxHhBu1vws6yCvjtMUWtbhw=; b=vimuOkF3fdILlnxJ4v+otb6gQ0vtdGPWFm65rLw+Kw0coEsIP6vwGGzR6ut2zd6u8K LQeBQjvlawhK9i1DdzN6a0+kowctQXbjzudL7hiJLPy6Ah0DMjs3ZJAECpBGFoccpTI+ 5JVNInBFaVvmi3VWpxenCa1E4dwL/NRTNfLHFTqj9H2pBoxgYf3+fL9NP81SZa+VB57t jJYubIeDsETv1cGJ6IX9LudJDIaRKELxpX0OkMr5fSz2ee6jXWNc9pashItS+4BjO08U OrirvScCVMKiVB6wTqtw8sgJc8zg6ZdxMX9czrWJmMQloSPsgyF1QPrUeEkWGCg+DBfd nIYQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@umn.edu header.s=google header.b=jK7dofdT; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=umn.edu Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g5si14234358pgq.486.2019.03.25.14.57.35; Mon, 25 Mar 2019 14:57:50 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@umn.edu header.s=google header.b=jK7dofdT; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=umn.edu Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730505AbfCYVzc (ORCPT + 99 others); Mon, 25 Mar 2019 17:55:32 -0400 Received: from mta-p8.oit.umn.edu ([134.84.196.208]:42652 "EHLO mta-p8.oit.umn.edu" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728563AbfCYVzc (ORCPT ); Mon, 25 Mar 2019 17:55:32 -0400 Received: from localhost (unknown [127.0.0.1]) by mta-p8.oit.umn.edu (Postfix) with ESMTP id EC50CB55 for ; Mon, 25 Mar 2019 21:55:30 +0000 (UTC) X-Virus-Scanned: amavisd-new at umn.edu Received: from mta-p8.oit.umn.edu ([127.0.0.1]) by localhost (mta-p8.oit.umn.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lWVuwLDLNXhC for ; Mon, 25 Mar 2019 16:55:30 -0500 (CDT) Received: from mail-it1-f197.google.com (mail-it1-f197.google.com [209.85.166.197]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mta-p8.oit.umn.edu (Postfix) with ESMTPS id B7D4AB02 for ; Mon, 25 Mar 2019 16:55:30 -0500 (CDT) Received: by mail-it1-f197.google.com with SMTP id k8so1935367itd.0 for ; Mon, 25 Mar 2019 14:55:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=umn.edu; s=google; h=from:to:cc:subject:date:message-id; bh=2vvXSIdAxQjf8zb5u5UoWxHhBu1vws6yCvjtMUWtbhw=; b=jK7dofdTbzt0PVPksd4nGjIDfty/wZQw62qHgniNwG7nFRxsyNl7S1fciiQNXZrLul 15T4mi3ssFF45KgcEdJlBUIxcm07FZTaoaANhf3B93YLgSKxZTctulLY6uQpIDkgbbkd De2B/AMDNU1LDyZi+Epb7O1PrSkryO5saUZLjcTFkPZdx3kZVDyFlnk3GrHII1DtTckd yuLPWlUovw6XDi2+usr88S5tpGpH+rkP9fwqHnDK1KbfL5qL/5y0V8hczrIPPWqGtgzH OeZcWjDCuKpQuLJgPQcAq2V9yxizkVFBgw1Nkl289+MKGEEbvv3CABYXdLUIs8+t7CH+ iW4g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=2vvXSIdAxQjf8zb5u5UoWxHhBu1vws6yCvjtMUWtbhw=; b=RJ/t1RQhTTWIdy0CwbwF6FeaQDUPVmWCDoi2cn0jAZDHaLb0GUPJsANEEdGDp77tfb GAjUe8j9ROYcIwItLnWytohVNHbl/3CNnVpCCDdRD5vL3S3X3hV9QATsreTExojz2sh3 tiKUFh0Xp+PD0TxxdW5GmyCMYWilLMZ/H2AN7tkyl5Q9c8Qf83UcAaojpQ6yUfIs3UXf sTolxQ65x1HUnCSIfdtN+jVclqMGe68JU0NLlpieQhwANyklZSDDZRAASJQ1w38k7a9D Qh8J+LzlOp7r4xxoJAZczcJiV3ywZft1qTEOpXznU1s/Qv1JTf0SHyUIOaoz+wSvDwDh COlg== X-Gm-Message-State: APjAAAW987CEhNDk8sDTtSulvYa4Ba0KE7Ms/QyNs8vd90lOMIr08I5a xvWnjV/9+ypPItuuUHu5Hg9uI7l7ZNN5sZomXdQxPrEGEiR4htqEb56Ytn4zrSqmXyhzhymCvnq 5CCmuQVa/X5e0eWmGRvh4iZnEEDGg X-Received: by 2002:a24:35c9:: with SMTP id k192mr11440807ita.156.1553550930125; Mon, 25 Mar 2019 14:55:30 -0700 (PDT) X-Received: by 2002:a24:35c9:: with SMTP id k192mr11440794ita.156.1553550929849; Mon, 25 Mar 2019 14:55:29 -0700 (PDT) Received: from cs-u-syssec1.dtc.umn.edu (cs-u-syssec1.cs.umn.edu. [128.101.106.66]) by smtp.gmail.com with ESMTPSA id g10sm7492444itc.36.2019.03.25.14.55.29 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 25 Mar 2019 14:55:29 -0700 (PDT) From: Aditya Pakki To: pakki001@umn.edu Cc: kjlu@umn.edu, Vishal Verma , Dan Williams , Dave Jiang , Keith Busch , Ira Weiny , linux-nvdimm@lists.01.org, linux-kernel@vger.kernel.org Subject: [PATCH v4] nvdimm: btt_devs: fix a NULL pointer dereference Date: Mon, 25 Mar 2019 16:55:27 -0500 Message-Id: <20190325215527.12574-1-pakki001@umn.edu> X-Mailer: git-send-email 2.17.1 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org In case kmemdup fails, the fix releases resources and returns to avoid the NULL pointer dereference. Signed-off-by: Aditya Pakki --- v3: Move kfree(nd_btt) to goto block. v2: Replace incorrect kfree with ida_simple_remove, suggested by Johannes Thumshirn v1: Free nd_btt->id in case of failure and avoid double free, suggested by Dan Williams --- drivers/nvdimm/btt_devs.c | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/drivers/nvdimm/btt_devs.c b/drivers/nvdimm/btt_devs.c index b72a303176c7..9486acc08402 100644 --- a/drivers/nvdimm/btt_devs.c +++ b/drivers/nvdimm/btt_devs.c @@ -198,14 +198,15 @@ static struct device *__nd_btt_create(struct nd_region *nd_region, return NULL; nd_btt->id = ida_simple_get(&nd_region->btt_ida, 0, 0, GFP_KERNEL); - if (nd_btt->id < 0) { - kfree(nd_btt); - return NULL; - } + if (nd_btt->id < 0) + goto out_nd_btt; nd_btt->lbasize = lbasize; - if (uuid) + if (uuid) { uuid = kmemdup(uuid, 16, GFP_KERNEL); + if (!uuid) + goto out_put_id; + } nd_btt->uuid = uuid; dev = &nd_btt->dev; dev_set_name(dev, "btt%d.%d", nd_region->id, nd_btt->id); @@ -220,6 +221,13 @@ static struct device *__nd_btt_create(struct nd_region *nd_region, return NULL; } return dev; + +out_put_id: + ida_simple_remove(&nd_region->btt_ida, nd_btt->id); + +out_nd_btt: + kfree(nd_btt); + return NULL; } struct device *nd_btt_create(struct nd_region *nd_region) -- 2.17.1