This is a note to let you know that I've just added the patch titled nvmet: fix memory leak in nvmet_subsys_attr_model_store_locked to the 5.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: nvmet-fix-memory-leak-in-nvmet_subsys_attr_model_sto.patch and it can be found in the queue-5.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. commit 4ddd30e2e971981985db19122cb2239bdd78eec5 Author: Aleksandr Miloserdov <a.miloserdov@xxxxxxxxx> Date: Wed Oct 26 12:31:33 2022 +0400 nvmet: fix memory leak in nvmet_subsys_attr_model_store_locked [ Upstream commit becc4cac309dc867571f0080fde4426a6c2222e0 ] Since model_number is allocated before it needs to be freed before kmemdump_nul. Reviewed-by: Konstantin Shelekhin <k.shelekhin@xxxxxxxxx> Reviewed-by: Dmitriy Bogdanov <d.bogdanov@xxxxxxxxx> Signed-off-by: Aleksandr Miloserdov <a.miloserdov@xxxxxxxxx> Reviewed-by: Sagi Grimberg <sagi@xxxxxxxxxxx> Signed-off-by: Christoph Hellwig <hch@xxxxxx> Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx> diff --git a/drivers/nvme/target/configfs.c b/drivers/nvme/target/configfs.c index cea30e4f5053..625038057a76 100644 --- a/drivers/nvme/target/configfs.c +++ b/drivers/nvme/target/configfs.c @@ -1189,6 +1189,7 @@ static ssize_t nvmet_subsys_attr_model_store_locked(struct nvmet_subsys *subsys, const char *page, size_t count) { int pos = 0, len; + char *val; if (subsys->subsys_discovered) { pr_err("Can't set model number. %s is already assigned\n", @@ -1211,9 +1212,11 @@ static ssize_t nvmet_subsys_attr_model_store_locked(struct nvmet_subsys *subsys, return -EINVAL; } - subsys->model_number = kmemdup_nul(page, len, GFP_KERNEL); - if (!subsys->model_number) + val = kmemdup_nul(page, len, GFP_KERNEL); + if (!val) return -ENOMEM; + kfree(subsys->model_number); + subsys->model_number = val; return count; }