From 564c88dcd84276b2d9ab9c7b8aa6c600e9edca74 Mon Sep 17 00:00:00 2001 From: Wu Bo Date: Wed, 6 Mar 2024 15:50:52 +0800 Subject: [PATCH] nvme-loop: fix memory leak in nvme_loop_create_ctrl() mainline inclusion from mainline-v5.13-rc3 commit 03504e3b54cc8118cc26c064e60a0b00c2308708 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I956G7 CVE: CVE-2021-47074 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=03504e3b54cc8118cc26c064e60a0b00c2308708 -------------------------------- When creating loop ctrl in nvme_loop_create_ctrl(), if nvme_init_ctrl() fails, the loop ctrl should be freed before jumping to the "out" label. Fixes: 3a85a5de29ea ("nvme-loop: add a NVMe loopback host driver") Signed-off-by: Wu Bo Signed-off-by: Christoph Hellwig Conflict: In mainline, commit 64d452b3560b and b6cec06d19d9 changed context. Does not affect the logic of this patch. Signed-off-by: Li Nan --- drivers/nvme/target/loop.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/nvme/target/loop.c b/drivers/nvme/target/loop.c index 1eee21310dee..a8d15fd6ebe9 100644 --- a/drivers/nvme/target/loop.c +++ b/drivers/nvme/target/loop.c @@ -607,8 +607,10 @@ static struct nvme_ctrl *nvme_loop_create_ctrl(struct device *dev, ret = nvme_init_ctrl(&ctrl->ctrl, dev, &nvme_loop_ctrl_ops, 0 /* no quirks, we're perfect! */); - if (ret) + if (ret) { + kfree(ctrl); goto out_put_ctrl; + } ret = -ENOMEM; -- Gitee