[ Upstream commit 72ea0321088df2c41eca8cc6160c24bcceb56ac7 ]
p9_tag_alloc() is supposed to return error pointers, but we accidentally return a NULL here. It would cause a NULL dereference in the caller.
Link: http://lkml.kernel.org/m/20180926103934.GA14535@mwanda Fixes: 996d5b4db4b1 ("9p: Use a slab for allocating requests") Signed-off-by: Dan Carpenter dan.carpenter@oracle.com Signed-off-by: Dominique Martinet dominique.martinet@cea.fr Signed-off-by: Sasha Levin sashal@kernel.org --- net/9p/client.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/9p/client.c b/net/9p/client.c index 4becde979462..b615aae5a0f8 100644 --- a/net/9p/client.c +++ b/net/9p/client.c @@ -287,7 +287,7 @@ p9_tag_alloc(struct p9_client *c, int8_t type, unsigned int max_size) int tag;
if (!req) - return NULL; + return ERR_PTR(-ENOMEM);
if (p9_fcall_init(c, &req->tc, alloc_msize)) goto free_req;