From: Pan Bian <bianpan2...@163.com> The return variable rc is initialized with "-ENOMEM" outside the loop. However, it is reset in the loop, and its value is not negative during the second or after repeat of the loop. If kzalloc() fails then, it will return 0. This patch fixes the bug, assigning "-ENOMEM" to rc when kzalloc() or alloc_page() returns NULL.
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=189111 Signed-off-by: Pan Bian <bianpan2...@163.com> --- drivers/xen/gntalloc.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/xen/gntalloc.c b/drivers/xen/gntalloc.c index 7a47c4c..55ef246 100644 --- a/drivers/xen/gntalloc.c +++ b/drivers/xen/gntalloc.c @@ -130,15 +130,19 @@ static int add_grefs(struct ioctl_gntalloc_alloc_gref *op, rc = -ENOMEM; for (i = 0; i < op->count; i++) { gref = kzalloc(sizeof(*gref), GFP_KERNEL); - if (!gref) + if (!gref) { + rc = -ENOMEM; goto undo; + } list_add_tail(&gref->next_gref, &queue_gref); list_add_tail(&gref->next_file, &queue_file); gref->users = 1; gref->file_index = op->index + i * PAGE_SIZE; gref->page = alloc_page(GFP_KERNEL|__GFP_ZERO); - if (!gref->page) + if (!gref->page) { + rc = -ENOMEM; goto undo; + } /* Grant foreign access to the page. */ rc = gnttab_grant_foreign_access(op->domid, -- 1.9.1
