From: Yunseong Kim <yskelg@xxxxxxxxx>
A null pointer is stored in the data structure member "path" after a call
of the function "iucv_path_alloc" failed. This pointer was passed to
a subsequent call of the function "iucv_path_connect" where an undesirable
dereference will be performed then. Thus add a corresponding return value
check. This prevent null pointer dereferenced kernel panic when memory
exhausted situation with the netiucv driver operating as an FSM state
in "conn_action_start".
Fixes: eebce3856737 ("[S390]: Adapt netiucv driver to new IUCV API")
Cc: linux-s390@xxxxxxxxxxxxxxx
Signed-off-by: Yunseong Kim <yskelg@xxxxxxxxx>
---
drivers/s390/net/netiucv.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/s390/net/netiucv.c b/drivers/s390/net/netiucv.c
index 039e18d46f76..d3ae78c0240f 100644
--- a/drivers/s390/net/netiucv.c
+++ b/drivers/s390/net/netiucv.c
@@ -855,6 +855,9 @@ static void conn_action_start(fsm_instance *fi, int event, void *arg)
fsm_newstate(fi, CONN_STATE_SETUPWAIT);
conn->path = iucv_path_alloc(NETIUCV_QUEUELEN_DEFAULT, 0, GFP_KERNEL);
+ if (!conn->path)
+ return;
+
IUCV_DBF_TEXT_(setup, 2, "%s: connecting to %s ...\n",
netdev->name, netiucv_printuser(conn));
--
2.45.2
