scsi: virtio_scsi: fix handling of kmalloc failure

There is no check about the return value of kmalloc in
virtscsi_rescan_hotunplug. Add the check to avoid use
of null pointer 'inq_result' in case of the failure
of kmalloc.

Signed-off-by: Zheng Wang <zyytlz.wz@163.com>
Message-Id: <20230202064124.22277-1-zyytlz.wz@163.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

diff --git a/drivers/scsi/virtio_scsi.c b/drivers/scsi/virtio_scsi.c
index d07d24c..1506723 100644 (file)
--- a/drivers/scsi/virtio_scsi.c
+++ b/drivers/scsi/virtio_scsi.c
@@ -330,7 +330,7 @@ static void virtscsi_handle_param_change(struct virtio_scsi *vscsi,
        scsi_device_put(sdev);
 }
 
-static void virtscsi_rescan_hotunplug(struct virtio_scsi *vscsi)
+static int virtscsi_rescan_hotunplug(struct virtio_scsi *vscsi)
 {
        struct scsi_device *sdev;
        struct Scsi_Host *shost = virtio_scsi_host(vscsi->vdev);
@@ -338,6 +338,11 @@ static void virtscsi_rescan_hotunplug(struct virtio_scsi *vscsi)
        int result, inquiry_len, inq_result_len = 256;
        char *inq_result = kmalloc(inq_result_len, GFP_KERNEL);
 
+       if (!inq_result) {
+               kfree(inq_result);
+               return -ENOMEM;
+       }
+
        shost_for_each_device(sdev, shost) {
                inquiry_len = sdev->inquiry_len ? sdev->inquiry_len : 36;
 
@@ -366,6 +371,7 @@ static void virtscsi_rescan_hotunplug(struct virtio_scsi *vscsi)
        }
 
        kfree(inq_result);
+       return 0;
 }
 
 static void virtscsi_handle_event(struct work_struct *work)
@@ -377,9 +383,13 @@ static void virtscsi_handle_event(struct work_struct *work)
 
        if (event->event &
            cpu_to_virtio32(vscsi->vdev, VIRTIO_SCSI_T_EVENTS_MISSED)) {
+               int ret;
+
                event->event &= ~cpu_to_virtio32(vscsi->vdev,
                                                   VIRTIO_SCSI_T_EVENTS_MISSED);
-               virtscsi_rescan_hotunplug(vscsi);
+               ret = virtscsi_rescan_hotunplug(vscsi);
+               if (ret)
+                       return;
                scsi_scan_host(virtio_scsi_host(vscsi->vdev));
        }