dm integrity: fix double free on memory allocation failure

If the statement "recalc_tags = kvmalloc(recalc_tags_size, GFP_NOIO);"
fails, we call "vfree(recalc_buffer)" and we jump to the label "oom".

If the condition "recalc_sectors >= 1U << ic->sb->log2_sectors_per_block"
is false, we jump to the label "free_ret" and call "vfree(recalc_buffer)"
again, on an already released memory block.

Fix the bug by setting "recalc_buffer = NULL" after freeing it.

Fixes: da8b4fc ("dm integrity: only allocate recalculate buffer when needed")
Signed-off-by: Mikulas Patocka <[email protected]>
Signed-off-by: Mike Snitzer <[email protected]>

Author: Mikulas Patocka

drivers/md/dm-integrity.c

@@ -2676,6 +2676,7 @@ static void integrity_recalc(struct work_struct *w)
 	recalc_tags = kvmalloc(recalc_tags_size, GFP_NOIO);
 	if (!recalc_tags) {
 		vfree(recalc_buffer);
+		recalc_buffer = NULL;
 		goto oom;
 	}