From 9869ba048dc038f9cbbddc1a8c84dc288b74a875 Mon Sep 17 00:00:00 2001
From: zzzzzzzzzy9 <zhang.yu58@zte.com.cn>
Date: Tue, 1 Jul 2025 15:51:38 +0800
Subject: [PATCH] mm/slab: make __free(kfree) accept error pointers

commit ac6cf3ce9b7d12acb7b528248df5f87caa25fcdc upstream.

Currently, if an automatically freed allocation is an error pointer that
will lead to a crash.  An example of this is in wm831x_gpio_dbg_show().

   171	char *label __free(kfree) = gpiochip_dup_line_label(chip, i);
   172	if (IS_ERR(label)) {
   173		dev_err(wm831x->dev, "Failed to duplicate label\n");
   174		continue;
   175  }

The auto clean up function should check for error pointers as well,
otherwise we're going to keep hitting issues like this.

Fixes: 54da6a092431 ("locking: Introduce __cleanup() based infrastructure")
Cc: <stable@vger.kernel.org>
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Acked-by: David Rientjes <rientjes@google.com>
Signed-off-by: Vlastimil Babka <vbabka@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Fixes: CVE-2024-36890
Signed-off-by: zzzzzzzzzy9 <zhang.yu58@zte.com.cn>
Reviewed-by: Zhang Run<zhang.run@zte.com.cn>
Link: https://gitee.com/anolis/embedded-kernel/pulls/954
---
 include/linux/slab.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/linux/slab.h b/include/linux/slab.h
index 8228d1276a2f..5a67dab27f83 100644
--- a/include/linux/slab.h
+++ b/include/linux/slab.h
@@ -228,7 +228,7 @@ void kfree(const void *objp);
 void kfree_sensitive(const void *objp);
 size_t __ksize(const void *objp);
 
-DEFINE_FREE(kfree, void *, if (_T) kfree(_T))
+DEFINE_FREE(kfree, void *, if (!IS_ERR_OR_NULL(_T)) kfree(_T))
 
 /**
  * ksize - Report actual allocation size of associated object
-- 
Gitee