mmc: block: blk-mq: Potential NULL deref on mmc_blk_alloc_req() failure

mmc_blk_alloc_req() is supposed to return error pointers but there is
one path where we forget to set the error code and accidentally return
NULL.  The callers are not expecting that and will have a NULL pointer
dereference.

Fixes: 41e3efd07d5a ("mmc: block: Simplify cleaning up the queue")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Adrian Hunter <adrian.hunter@intel.com>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>

diff --git a/drivers/mmc/core/block.c b/drivers/mmc/core/block.c
index 579fc0b..654fc1e 100644 (file)
--- a/drivers/mmc/core/block.c
+++ b/drivers/mmc/core/block.c
@@ -2328,6 +2328,7 @@ static struct mmc_blk_data *mmc_blk_alloc_req(struct mmc_card *card,
         */
        if (!blk_get_queue(md->queue.queue)) {
                mmc_cleanup_queue(&md->queue);
+               ret = -ENODEV;
                goto err_putdisk;
        }