From patchwork Mon Mar 25 21:36:18 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Aditya Pakki <pakki001@umn.edu>
X-Patchwork-Id: 10870049
Return-Path: <linux-nvdimm-bounces@lists.01.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
 [172.30.200.125])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 8BDC1922
	for <patchwork-linux-nvdimm@patchwork.kernel.org>;
 Mon, 25 Mar 2019 21:36:24 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7406E28AE7
	for <patchwork-linux-nvdimm@patchwork.kernel.org>;
 Mon, 25 Mar 2019 21:36:24 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 681112912D; Mon, 25 Mar 2019 21:36:24 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.7 required=2.0 tests=BAYES_00,DKIM_INVALID,
	DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
Received: from ml01.01.org (ml01.01.org [198.145.21.10])
	(using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 0CCD928AE7
	for <patchwork-linux-nvdimm@patchwork.kernel.org>;
 Mon, 25 Mar 2019 21:36:24 +0000 (UTC)
Received: from [127.0.0.1] (localhost [IPv6:::1])
	by ml01.01.org (Postfix) with ESMTP id D6C10211EB280;
	Mon, 25 Mar 2019 14:36:23 -0700 (PDT)
X-Original-To: linux-nvdimm@lists.01.org
Delivered-To: linux-nvdimm@lists.01.org
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=134.84.196.205; helo=mta-p5.oit.umn.edu;
 envelope-from=pakki001@umn.edu; receiver=linux-nvdimm@lists.01.org
Received: from mta-p5.oit.umn.edu (mta-p5.oit.umn.edu [134.84.196.205])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 7408F211EABDA
 for <linux-nvdimm@lists.01.org>; Mon, 25 Mar 2019 14:36:22 -0700 (PDT)
Received: from localhost (unknown [127.0.0.1])
 by mta-p5.oit.umn.edu (Postfix) with ESMTP id 9C183283
 for <linux-nvdimm@lists.01.org>; Mon, 25 Mar 2019 21:36:21 +0000 (UTC)
X-Virus-Scanned: amavisd-new at umn.edu
Received: from mta-p5.oit.umn.edu ([127.0.0.1])
 by localhost (mta-p5.oit.umn.edu [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id aX9CMHDTS4rZ for <linux-nvdimm@lists.01.org>;
 Mon, 25 Mar 2019 16:36:21 -0500 (CDT)
Received: from mail-it1-f199.google.com (mail-it1-f199.google.com
 [209.85.166.199])
 (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by mta-p5.oit.umn.edu (Postfix) with ESMTPS id 716EEA2C
 for <linux-nvdimm@lists.01.org>; Mon, 25 Mar 2019 16:36:21 -0500 (CDT)
Received: by mail-it1-f199.google.com with SMTP id s3so9756992itl.0
 for <linux-nvdimm@lists.01.org>; Mon, 25 Mar 2019 14:36:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=umn.edu; s=google;
 h=from:to:cc:subject:date:message-id;
 bh=g601nBRwh4LxhUF6344o5lBNrR46nPwpXk2iHQObz+U=;
 b=FVYdD+cUCKCIxxkEq41vsBRkbkNrPKHNwdzUcvQLOqWGVzAW8hxZZTc/iubZm+Vvlu
 2f+HipoRBwl2ka7QLI/Sy+zRf7GWUUk8cwIPRf8EVLs2zLFHyeDflbLaLlFI2xadi3LG
 TAI+gqDzEhw6K5y/HLUv6R1RHwqLCNMUV/HPpFBwg0b7bM1Kajwu0FMpTXLfoyxAvO/R
 31GEXC075gH42GO1WKQx+b3euuKAaiEZ33zqBMCQANIo26p5dEhSU+DI80hTRApNrSpg
 7ZAcHyJM1VBnITYVjMI3Qk0d6hB8+eS4Sqx9Gb6kM49jan/WXFwZJXoNYWAvGitY8BL4
 tCjQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id;
 bh=g601nBRwh4LxhUF6344o5lBNrR46nPwpXk2iHQObz+U=;
 b=Ug189Dvx4BZ7ArTfRVVrJUeF0bo2wJzn+EI2JrPp7JPb9R9rWEJtgm7EhETPznwFS8
 SoQHHqKL+YRF5HN91mG6JwXMNzzf2prfX0ptSo+nafx7SAlXTJ1IPQtuKpoDMFJtaANn
 A8HWO4nLQwcmroa9Qo2M451Yydh/u76nx1gTycRGN3KlilxoVrUnWpiHTQ8hczqy/AJY
 vIVN/a9koDTbrdlEq38kZe0cB1kGzcVtZEoQ410E1iAZN7FawjUYWe3x7Ku98uh1ZvoX
 BkHLGvqupuLzxS5d9ndBpEqS6QOSLelJvlbjKeqrP4xpQF8/mVTKeYyVRr9Jn9meBMxR
 Sl5w==
X-Gm-Message-State: APjAAAXhMCSX/mUrtRNOPQL9VvQBUAgtB/4Z1j4CfKZF0Rz5phjOQhO4
 UjgsgNhZhRUZnnRBRuTi0b8MJDYk3aesqPmh4P0potduOxmNlt9f17kDPSLN7qgK9zKbzqPfGDx
 4NS2Gh8kmwU6tbSD/cYSvIToa
X-Received: by 2002:a02:ab95:: with SMTP id t21mr18461983jan.89.1553549781047;
 Mon, 25 Mar 2019 14:36:21 -0700 (PDT)
X-Google-Smtp-Source: 
 APXvYqwy1O1hpDfyTCF9/VtofsWjpIk8HUOoCBLDx2F4KIZnVPA9TgidPvxLa5Jw8GRXLocDUJGvNQ==
X-Received: by 2002:a02:ab95:: with SMTP id t21mr18461960jan.89.1553549780791;
 Mon, 25 Mar 2019 14:36:20 -0700 (PDT)
Received: from cs-u-syssec1.dtc.umn.edu (cs-u-syssec1.cs.umn.edu.
 [128.101.106.66])
 by smtp.gmail.com with ESMTPSA id p18sm6375798itp.10.2019.03.25.14.36.19
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Mon, 25 Mar 2019 14:36:20 -0700 (PDT)
From: Aditya Pakki <pakki001@umn.edu>
To: pakki001@umn.edu
Subject: [PATCH v3] nvdimm: btt_devs: fix a NULL pointer dereference
Date: Mon, 25 Mar 2019 16:36:18 -0500
Message-Id: <20190325213618.12139-1-pakki001@umn.edu>
X-Mailer: git-send-email 2.17.1
X-BeenThere: linux-nvdimm@lists.01.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Linux-nvdimm developer list." <linux-nvdimm.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/linux-nvdimm>,
 <mailto:linux-nvdimm-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/linux-nvdimm/>
List-Post: <mailto:linux-nvdimm@lists.01.org>
List-Help: <mailto:linux-nvdimm-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/linux-nvdimm>,
 <mailto:linux-nvdimm-request@lists.01.org?subject=subscribe>
Cc: linux-nvdimm@lists.01.org, kjlu@umn.edu, linux-kernel@vger.kernel.org
MIME-Version: 1.0
Errors-To: linux-nvdimm-bounces@lists.01.org
Sender: "Linux-nvdimm" <linux-nvdimm-bounces@lists.01.org>
X-Virus-Scanned: ClamAV using ClamSMTP

In case kmemdup fails, the fix releases resources and returns to
avoid the NULL pointer dereference.

Signed-off-by: Aditya Pakki <pakki001@umn.edu>
---
v2: Replace incorrect kfree with ida_simple_remove, suggested by
Johannes Thumshirn
v1: Free nd_btt->id in case of failure and avoid double free, suggested
by Dan Williams
---
 drivers/nvdimm/btt_devs.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/drivers/nvdimm/btt_devs.c b/drivers/nvdimm/btt_devs.c
index b72a303176c7..f73fb5fdc93f 100644
--- a/drivers/nvdimm/btt_devs.c
+++ b/drivers/nvdimm/btt_devs.c
@@ -204,8 +204,11 @@ static struct device *__nd_btt_create(struct nd_region *nd_region,
 	}
 
 	nd_btt->lbasize = lbasize;
-	if (uuid)
+	if (uuid) {
 		uuid = kmemdup(uuid, 16, GFP_KERNEL);
+		if (!uuid)
+			goto out_put_id;
+	}
 	nd_btt->uuid = uuid;
 	dev = &nd_btt->dev;
 	dev_set_name(dev, "btt%d.%d", nd_region->id, nd_btt->id);
@@ -220,6 +223,11 @@ static struct device *__nd_btt_create(struct nd_region *nd_region,
 		return NULL;
 	}
 	return dev;
+
+out_put_id:
+	ida_simple_remove(&nd_region->btt_ida, nd_btt->id);
+	kfree(nd_btt);
+	return NULL;
 }
 
 struct device *nd_btt_create(struct nd_region *nd_region)