From 25c21d20bcfdb97ba869007b284a5dbf5328ffe2 Mon Sep 17 00:00:00 2001 From: Dan Carpenter Date: Wed, 13 May 2020 12:37:03 +0300 Subject: [PATCH] scsi: aacraid: Fix an oops in error handling If the memdup_user() function fails then it results in an Oops in the error handling code when we try to kfree() and error pointer. Link: https://lore.kernel.org/r/20200513093703.GB347693@mwanda Fixes: 8d925b1f00e6 ("scsi: aacraid: Use memdup_user() as a cleanup") Signed-off-by: Dan Carpenter Signed-off-by: Martin K. Petersen --- drivers/scsi/aacraid/commctrl.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/scsi/aacraid/commctrl.c b/drivers/scsi/aacraid/commctrl.c index 102658bdc15a..34e65dea992e 100644 --- a/drivers/scsi/aacraid/commctrl.c +++ b/drivers/scsi/aacraid/commctrl.c @@ -516,6 +516,7 @@ static int aac_send_raw_srb(struct aac_dev* dev, void __user * arg) user_srbcmd = memdup_user(user_srb, fibsize); if (IS_ERR(user_srbcmd)) { rcode = PTR_ERR(user_srbcmd); + user_srbcmd = NULL; goto cleanup; }