nvme: clear caller pointer on identify failure

keithbusch · keithbusch · commit 7e80eb792bd7 · 2024-03-06T06:29:01.000-08:00
The memory allocated for the identification is freed on failure. Set
it to NULL so the caller doesn't have a pointer to that freed address.

Reviewed-by: Christoph Hellwig &lt;hch@lst.de&gt;
Signed-off-by: Keith Busch &lt;kbusch@kernel.org&gt;
diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c
@@ -1403,8 +1403,10 @@ static int nvme_identify_ctrl(struct nvme_ctrl *dev, struct nvme_id_ctrl **id)
 
 	error = nvme_submit_sync_cmd(dev->admin_q, &c, *id,
 			sizeof(struct nvme_id_ctrl));
-	if (error)
+	if (error) {
 		kfree(*id);
+		*id = NULL;
+	}
 	return error;
 }
 
@@ -1533,6 +1535,7 @@ int nvme_identify_ns(struct nvme_ctrl *ctrl, unsigned nsid,
 	if (error) {
 		dev_warn(ctrl->device, "Identify namespace failed (%d)\n", error);
 		kfree(*id);
+		*id = NULL;
 	}
 	return error;
 }

Original file line number	Diff line number	Diff line change
`@@ -1403,8 +1403,10 @@ static int nvme_identify_ctrl(struct nvme_ctrl dev, struct nvme_id_ctrl *id)`
`1403`	`1403`
`1404`	`1404`	`error = nvme_submit_sync_cmd(dev->admin_q, &c, *id,`
`1405`	`1405`	`sizeof(struct nvme_id_ctrl));`
`1406`		`- if (error)`
	`1406`	`+ if (error) {`
`1407`	`1407`	`kfree(*id);`
	`1408`	`+ *id = NULL;`
	`1409`	`+ }`
`1408`	`1410`	`return error;`
`1409`	`1411`	`}`
`1410`	`1412`
`@@ -1533,6 +1535,7 @@ int nvme_identify_ns(struct nvme_ctrl *ctrl, unsigned nsid,`
`1533`	`1535`	`if (error) {`
`1534`	`1536`	`dev_warn(ctrl->device, "Identify namespace failed (%d)\n", error);`
`1535`	`1537`	`kfree(*id);`
	`1538`	`+ *id = NULL;`
`1536`	`1539`	`}`
`1537`	`1540`	`return error;`
`1538`	`1541`	`}`