* [PATCH] swiotlb: Fix use after free on error handling path
@ 2022-07-15 8:19 Dan Carpenter
2022-07-18 4:50 ` Christoph Hellwig
0 siblings, 1 reply; 2+ messages in thread
From: Dan Carpenter @ 2022-07-15 8:19 UTC (permalink / raw)
To: Christoph Hellwig, Tianyu Lan
Cc: Marek Szyprowski, Robin Murphy, iommu, kernel-janitors
Don't dereference "mem" after it has been freed. Flip the
two kfree()s around to address this bug.
Fixes: 26ffb91fa5e0 ("swiotlb: split up the global swiotlb lock")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
kernel/dma/swiotlb.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/dma/swiotlb.c b/kernel/dma/swiotlb.c
index bf2ae98a42b4..78af9e455c59 100644
--- a/kernel/dma/swiotlb.c
+++ b/kernel/dma/swiotlb.c
@@ -980,8 +980,8 @@ static int rmem_swiotlb_device_init(struct reserved_mem *rmem,
mem->areas = kcalloc(nareas, sizeof(*mem->areas),
GFP_KERNEL);
if (!mem->areas) {
- kfree(mem);
kfree(mem->slots);
+ kfree(mem);
return -ENOMEM;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-07-18 4:50 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-07-15 8:19 [PATCH] swiotlb: Fix use after free on error handling path Dan Carpenter
2022-07-18 4:50 ` Christoph Hellwig
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox