diff options
author | Mikulas Patocka <mpatocka@redhat.com> | 2023-07-03 17:12:39 +0200 |
---|---|---|
committer | Mike Snitzer <snitzer@kernel.org> | 2023-07-25 17:55:50 +0200 |
commit | d4a3806bea61c8ef6e0103d0f39786e00586522e (patch) | |
tree | 2e91b285586b756330b1ac52c8fa44095f7fbf6a /drivers/md | |
parent | Linux 6.5-rc2 (diff) | |
download | linux-d4a3806bea61c8ef6e0103d0f39786e00586522e.tar.xz linux-d4a3806bea61c8ef6e0103d0f39786e00586522e.zip |
dm integrity: fix double free on memory allocation failure
If the statement "recalc_tags = kvmalloc(recalc_tags_size, GFP_NOIO);"
fails, we call "vfree(recalc_buffer)" and we jump to the label "oom".
If the condition "recalc_sectors >= 1U << ic->sb->log2_sectors_per_block"
is false, we jump to the label "free_ret" and call "vfree(recalc_buffer)"
again, on an already released memory block.
Fix the bug by setting "recalc_buffer = NULL" after freeing it.
Fixes: da8b4fc1f63a ("dm integrity: only allocate recalculate buffer when needed")
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@kernel.org>
Diffstat (limited to 'drivers/md')
-rw-r--r-- | drivers/md/dm-integrity.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/drivers/md/dm-integrity.c b/drivers/md/dm-integrity.c index 3d5c56e0a062..97a8d5fc9ebb 100644 --- a/drivers/md/dm-integrity.c +++ b/drivers/md/dm-integrity.c @@ -2676,6 +2676,7 @@ oom: recalc_tags = kvmalloc(recalc_tags_size, GFP_NOIO); if (!recalc_tags) { vfree(recalc_buffer); + recalc_buffer = NULL; goto oom; } |