As the possible failure of the allocation, kmemdup() may return NULL
pointer.
Like alloc_switch(), it might be better to check it.
Therefore, icm_handle_event() should also check the return value of
kmemdup().
If fails, just free 'n' and directly return is enough, same as the way
to handle the failure of kmalloc().
Fixes: f67cf491175a ("thunderbolt: Add support for Internal Connection Manager (ICM)")
Signed-off-by: Jiasheng Jiang <jiasheng@xxxxxxxxxxx>
---
drivers/thunderbolt/icm.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/thunderbolt/icm.c b/drivers/thunderbolt/icm.c
index 2f30b816705a..514a77a02985 100644
--- a/drivers/thunderbolt/icm.c
+++ b/drivers/thunderbolt/icm.c
@@ -1739,6 +1739,11 @@ static void icm_handle_event(struct tb *tb, enum tb_cfg_pkg_type type,
INIT_WORK(&n->work, icm_handle_notification);
n->pkg = kmemdup(buf, size, GFP_KERNEL);
+ if (!n->pkg) {
+ kfree(n);
+ return;
+ }
+
n->tb = tb;
queue_work(tb->wq, &n->work);
--
2.25.1
