kernel / kernel-source

Clone
Source Code
GIT

Files

  1.   b56ae0143c262361767b481f3e3148380679d8a2
  2.   patches.suse
  3.   swiotlb-fix-use-after-free-on-error-handling-path
Blob Blame History Raw 
From: Dan Carpenter <dan.carpenter@oracle.com>
Date: Fri, 15 Jul 2022 11:19:50 +0300
Subject: swiotlb: fix use after free on error handling path
Git-commit: 4a97739474c402e0a14cf6a432f1920262f6811c
Patch-mainline: v6.0-rc1
References: jsc#PED-3259

Don't dereference "mem" after it has been freed.  Flip the
two kfree()s around to address this bug.

Fixes: 26ffb91fa5e0 ("swiotlb: split up the global swiotlb lock")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Acked-by: Joerg Roedel <jroedel@suse.de>
---
 kernel/dma/swiotlb.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/dma/swiotlb.c b/kernel/dma/swiotlb.c
index dcf1459ce723..c50e6fe20f37 100644
--- a/kernel/dma/swiotlb.c
+++ b/kernel/dma/swiotlb.c
@@ -979,8 +979,8 @@ static int rmem_swiotlb_device_init(struct reserved_mem *rmem,
 		mem->areas = kcalloc(nareas, sizeof(*mem->areas),
 				GFP_KERNEL);
 		if (!mem->areas) {
-			kfree(mem);
 			kfree(mem->slots);
+			kfree(mem);
 			return -ENOMEM;
 		}
Powered by Pagure 5.13.3
DocumentationAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.