dm integrity: fix double free on memory allocation failure

If the statement "recalc_tags = kvmalloc(recalc_tags_size, GFP_NOIO);" fails, we call "vfree(recalc_buffer)" and we jump to the label "oom". If the condition "recalc_sectors >= 1U << ic->sb->log2_sectors_per_block" is false, we jump to the label "free_ret" and call "vfree(recalc_buffer)" again, on an already released memory block. Fix the bug by setting "recalc_buffer = NULL" after freeing it. Fixes: da8b4fc1f63a ("dm integrity: only allocate recalculate buffer when needed") Signed-off-by: Mikulas Patocka <mpatocka@redhat.com> Signed-off-by: Mike Snitzer <snitzer@kernel.org>
author: Mikulas Patocka <mpatocka@redhat.com> 2023-07-03 17:12:39 +0200
committer: Mike Snitzer <snitzer@kernel.org> 2023-07-25 11:55:50 -0400
commit: d4a3806bea61c8ef6e0103d0f39786e00586522e (patch)
tree: 2e91b285586b756330b1ac52c8fa44095f7fbf6a /drivers/md/dm-integrity.c
parent: fdf0eaf11452d72945af31804e2a1048ee1b574c (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/drivers/md/dm-integrity.c b/drivers/md/dm-integrity.c
index 3d5c56e0a062..97a8d5fc9ebb 100644
--- a/drivers/md/dm-integrity.c
+++ b/drivers/md/dm-integrity.c
@@ -2676,6 +2676,7 @@ oom:
 	recalc_tags = kvmalloc(recalc_tags_size, GFP_NOIO);
 	if (!recalc_tags) {
 		vfree(recalc_buffer);
+		recalc_buffer = NULL;
 		goto oom;
 	}
author	Mikulas Patocka <mpatocka@redhat.com>	2023-07-03 17:12:39 +0200
committer	Mike Snitzer <snitzer@kernel.org>	2023-07-25 11:55:50 -0400
commit	d4a3806bea61c8ef6e0103d0f39786e00586522e (patch)
tree	2e91b285586b756330b1ac52c8fa44095f7fbf6a /drivers/md/dm-integrity.c
parent	fdf0eaf11452d72945af31804e2a1048ee1b574c (diff)