From: Markus Elfring <elfring@xxxxxxxxxxxxxxxxxxxxx> Date: Tue, 26 Dec 2023 20:00:24 +0100 The kfree() function was called in two cases by the create_gpadl_header() function during error handling even if the passed variable contained a null pointer. This issue was detected by using the Coccinelle software. Thus use another label. Signed-off-by: Markus Elfring <elfring@xxxxxxxxxxxxxxxxxxxxx> --- drivers/hv/channel.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/hv/channel.c b/drivers/hv/channel.c index 56f7e06c673e..4d1bbda895d8 100644 --- a/drivers/hv/channel.c +++ b/drivers/hv/channel.c @@ -336,7 +336,7 @@ static int create_gpadl_header(enum hv_gpadl_type type, void *kbuffer, sizeof(struct gpa_range) + pfncount * sizeof(u64); msgheader = kzalloc(msgsize, GFP_KERNEL); if (!msgheader) - goto nomem; + goto free_body; INIT_LIST_HEAD(&msgheader->submsglist); msgheader->msgsize = msgsize; @@ -417,7 +417,7 @@ static int create_gpadl_header(enum hv_gpadl_type type, void *kbuffer, sizeof(struct gpa_range) + pagecount * sizeof(u64); msgheader = kzalloc(msgsize, GFP_KERNEL); if (msgheader == NULL) - goto nomem; + goto free_body; INIT_LIST_HEAD(&msgheader->submsglist); msgheader->msgsize = msgsize; @@ -439,6 +439,7 @@ static int create_gpadl_header(enum hv_gpadl_type type, void *kbuffer, return 0; nomem: kfree(msgheader); +free_body: kfree(msgbody); return -ENOMEM; } -- 2.43.0
