mmc: moxart: Fix null pointer dereference on pointer host

commit 0eab756f8821d255016c63bb55804c429ff4bdb1 upstream.

There are several error return paths that dereference the null pointer
host because the pointer has not yet been set to a valid value.
Fix this by adding a new out_mmc label and exiting via this label
to avoid the host clean up and hence the null pointer dereference.

Addresses-Coverity: ("Explicit null dereference")
Fixes: 8105c2abbf36 ("mmc: moxart: Fix reference count leaks in moxart_probe")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Link: https://lore.kernel.org/r/20211013100052.125461-1-colin.king@canonical.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/mmc/host/moxart-mmc.c b/drivers/mmc/host/moxart-mmc.c
index 7b9fcef..16d1c7a 100644 (file)
--- a/drivers/mmc/host/moxart-mmc.c
+++ b/drivers/mmc/host/moxart-mmc.c
@@ -566,37 +566,37 @@ static int moxart_probe(struct platform_device *pdev)
        if (!mmc) {
                dev_err(dev, "mmc_alloc_host failed\n");
                ret = -ENOMEM;
-               goto out;
+               goto out_mmc;
        }
 
        ret = of_address_to_resource(node, 0, &res_mmc);
        if (ret) {
                dev_err(dev, "of_address_to_resource failed\n");
-               goto out;
+               goto out_mmc;
        }
 
        irq = irq_of_parse_and_map(node, 0);
        if (irq <= 0) {
                dev_err(dev, "irq_of_parse_and_map failed\n");
                ret = -EINVAL;
-               goto out;
+               goto out_mmc;
        }
 
        clk = devm_clk_get(dev, NULL);
        if (IS_ERR(clk)) {
                ret = PTR_ERR(clk);
-               goto out;
+               goto out_mmc;
        }
 
        reg_mmc = devm_ioremap_resource(dev, &res_mmc);
        if (IS_ERR(reg_mmc)) {
                ret = PTR_ERR(reg_mmc);
-               goto out;
+               goto out_mmc;
        }
 
        ret = mmc_of_parse(mmc);
        if (ret)
-               goto out;
+               goto out_mmc;
 
        host = mmc_priv(mmc);
        host->mmc = mmc;
@@ -687,6 +687,7 @@ out:
                dma_release_channel(host->dma_chan_tx);
        if (!IS_ERR_OR_NULL(host->dma_chan_rx))
                dma_release_channel(host->dma_chan_rx);
+out_mmc:
        if (mmc)
                mmc_free_host(mmc);
        return ret;