From: Vitaly Kuznetsov Date: Tue, 20 Jan 2015 15:45:04 +0000 (+0100) Subject: Drivers: hv: check vmbus_device_create() return value in vmbus_process_offer() X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=9c3a6f7e476fc4961297fc66b1177f9f8c8dd238;p=GitHub%2Fexynos8895%2Fandroid_kernel_samsung_universal8895.git Drivers: hv: check vmbus_device_create() return value in vmbus_process_offer() vmbus_device_create() result is not being checked in vmbus_process_offer() and it can fail if kzalloc() fails. Add the check and do minor cleanup to avoid additional duplication of "free_channel(); return;" block. Reported-by: Jason Wang Signed-off-by: Vitaly Kuznetsov Signed-off-by: K. Y. Srinivasan Acked-by: Jason Wang Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/hv/channel_mgmt.c b/drivers/hv/channel_mgmt.c index 1d7df2576b1c..704c0e00f8d2 100644 --- a/drivers/hv/channel_mgmt.c +++ b/drivers/hv/channel_mgmt.c @@ -341,11 +341,10 @@ static void vmbus_process_offer(struct work_struct *work) if (channel->sc_creation_callback != NULL) channel->sc_creation_callback(newchannel); - return; + goto out; } - free_channel(newchannel); - return; + goto err_free_chan; } /* @@ -364,6 +363,8 @@ static void vmbus_process_offer(struct work_struct *work) &newchannel->offermsg.offer.if_type, &newchannel->offermsg.offer.if_instance, newchannel); + if (!newchannel->device_obj) + goto err_free_chan; /* * Add the new device to the bus. This will kick off device-driver @@ -379,9 +380,12 @@ static void vmbus_process_offer(struct work_struct *work) list_del(&newchannel->listentry); spin_unlock_irqrestore(&vmbus_connection.channel_lock, flags); kfree(newchannel->device_obj); - - free_channel(newchannel); + goto err_free_chan; } +out: + return; +err_free_chan: + free_channel(newchannel); } enum {