From 564c88dcd84276b2d9ab9c7b8aa6c600e9edca74 Mon Sep 17 00:00:00 2001
From: Wu Bo <wubo40@huawei.com>
Date: Wed, 6 Mar 2024 15:50:52 +0800
Subject: [PATCH] nvme-loop: fix memory leak in nvme_loop_create_ctrl()

mainline inclusion
from mainline-v5.13-rc3
commit 03504e3b54cc8118cc26c064e60a0b00c2308708
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I956G7
CVE: CVE-2021-47074

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=03504e3b54cc8118cc26c064e60a0b00c2308708

--------------------------------

When creating loop ctrl in nvme_loop_create_ctrl(), if nvme_init_ctrl()
fails, the loop ctrl should be freed before jumping to the "out" label.

Fixes: 3a85a5de29ea ("nvme-loop: add a NVMe loopback host driver")
Signed-off-by: Wu Bo <wubo40@huawei.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>

Conflict:
	In mainline, commit 64d452b3560b and b6cec06d19d9 changed
	context. Does not affect the logic of this patch.

Signed-off-by: Li Nan <linan122@huawei.com>
---
 drivers/nvme/target/loop.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/nvme/target/loop.c b/drivers/nvme/target/loop.c
index 1eee21310dee..a8d15fd6ebe9 100644
--- a/drivers/nvme/target/loop.c
+++ b/drivers/nvme/target/loop.c
@@ -607,8 +607,10 @@ static struct nvme_ctrl *nvme_loop_create_ctrl(struct device *dev,
 
 	ret = nvme_init_ctrl(&ctrl->ctrl, dev, &nvme_loop_ctrl_ops,
 				0 /* no quirks, we're perfect! */);
-	if (ret)
+	if (ret) {
+		kfree(ctrl);
 		goto out_put_ctrl;
+	}
 
 	ret = -ENOMEM;
 
-- 
Gitee