scsi: virtio_scsi: fix handling of kmalloc failure

There is no check about the return value of kmalloc in virtscsi_rescan_hotunplug. Add the check to avoid use of null pointer 'inq_result' in case of the failure of kmalloc. Signed-off-by: Zheng Wang <zyytlz.wz@163.com> Message-Id: <20230202064124.22277-1-zyytlz.wz@163.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

scsi: virtio_scsi: fix handling of kmalloc failure
There is no check about the return value of kmalloc in virtscsi_rescan_hotunplug. Add the check to avoid use of null pointer 'inq_result' in case of the failure of kmalloc. Signed-off-by: Zheng Wang <zyytlz.wz@163.com> Message-Id: <20230202064124.22277-1-zyytlz.wz@163.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
08707b5c · Zheng Wang · Michael S. Tsirkin · 699209fc · 08707b5c
Commit 08707b5c authored Feb 02, 2023 by Zheng Wang Committed by Michael S. Tsirkin Feb 20, 2023
Hide whitespace changes
Inline Side-by-side

Showing with 12 additions and 2 deletions

drivers/scsi/virtio_scsi.c drivers/scsi/virtio_scsi.c +12 -2

No files found.
--- a/drivers/scsi/virtio_scsi.c
+++ b/drivers/scsi/virtio_scsi.c
@@ -330,7 +330,7 @@ static void virtscsi_handle_param_change(struct virtio_scsi *vscsi,
 	scsi_device_put(sdev);
 }
-static void virtscsi_rescan_hotunplug(struct virtio_scsi *vscsi)
+static int virtscsi_rescan_hotunplug(struct virtio_scsi *vscsi)
 {
 	struct scsi_device *sdev;
 	struct Scsi_Host *shost = virtio_scsi_host(vscsi->vdev);
@@ -338,6 +338,11 @@ static void virtscsi_rescan_hotunplug(struct virtio_scsi *vscsi)
 	int result, inquiry_len, inq_result_len = 256;
 	char *inq_result = kmalloc(inq_result_len, GFP_KERNEL);
+	if (!inq_result) {
+		kfree(inq_result);
+		return -ENOMEM;
+	}
 	shost_for_each_device(sdev, shost) {
 		inquiry_len = sdev->inquiry_len ? sdev->inquiry_len : 36;
@@ -366,6 +371,7 @@ static void virtscsi_rescan_hotunplug(struct virtio_scsi *vscsi)
 	}
 	kfree(inq_result);
+	return 0;
 }
 static void virtscsi_handle_event(struct work_struct *work)
@@ -377,9 +383,13 @@ static void virtscsi_handle_event(struct work_struct *work)
 	if (event->event &
 	    cpu_to_virtio32(vscsi->vdev, VIRTIO_SCSI_T_EVENTS_MISSED)) {
+		int ret;
 		event->event &= ~cpu_to_virtio32(vscsi->vdev,
 						   VIRTIO_SCSI_T_EVENTS_MISSED);
-		virtscsi_rescan_hotunplug(vscsi);
+		ret = virtscsi_rescan_hotunplug(vscsi);
+		if (ret)
+			return;
 		scsi_scan_host(virtio_scsi_host(vscsi->vdev));
 	}