nvme: clear caller pointer on identify failure

maurizio-lombardi · maurizio-lombardi · commit d2e2556063a3 · 2024-05-07T14:22:01.000+02:00
JIRA: https://issues.redhat.com/browse/RHEL-25547 The memory allocated for the identification is freed on failure. Set it to NULL so the caller doesn't have a pointer to that freed address. Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Keith Busch <kbusch@kernel.org> (cherry picked from commit 7e80eb7) Signed-off-by: Maurizio Lombardi <mlombard@redhat.com>
diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c
@@ -1423,8 +1423,10 @@ static int nvme_identify_ctrl(struct nvme_ctrl *dev, struct nvme_id_ctrl **id)
 
 	error = nvme_submit_sync_cmd(dev->admin_q, &c, *id,
 			sizeof(struct nvme_id_ctrl));
-	if (error)
+	if (error) {
 		kfree(*id);
+		*id = NULL;
+	}
 	return error;
 }
 
@@ -1553,6 +1555,7 @@ int nvme_identify_ns(struct nvme_ctrl *ctrl, unsigned nsid,
 	if (error) {
 		dev_warn(ctrl->device, "Identify namespace failed (%d)\n", error);
 		kfree(*id);
+		*id = NULL;
 	}
 	return error;
 }

Original file line number	Diff line number	Diff line change
`@@ -1423,8 +1423,10 @@ static int nvme_identify_ctrl(struct nvme_ctrl dev, struct nvme_id_ctrl *id)`
`1423`	`1423`
`1424`	`1424`	`error = nvme_submit_sync_cmd(dev->admin_q, &c, *id,`
`1425`	`1425`	`sizeof(struct nvme_id_ctrl));`
`1426`		`- if (error)`
	`1426`	`+ if (error) {`
`1427`	`1427`	`kfree(*id);`
	`1428`	`+ *id = NULL;`
	`1429`	`+ }`
`1428`	`1430`	`return error;`
`1429`	`1431`	`}`
`1430`	`1432`
`@@ -1553,6 +1555,7 @@ int nvme_identify_ns(struct nvme_ctrl *ctrl, unsigned nsid,`
`1553`	`1555`	`if (error) {`
`1554`	`1556`	`dev_warn(ctrl->device, "Identify namespace failed (%d)\n", error);`
`1555`	`1557`	`kfree(*id);`
	`1558`	`+ *id = NULL;`
`1556`	`1559`	`}`
`1557`	`1560`	`return error;`
`1558`	`1561`	`}`