projects / linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: fe3dd71)
vfio/mlx5: error pointer dereference in error handling
authorDan Carpenter <error27@gmail.com>
Thu, 8 Dec 2022 16:02:17 +0000 (19:02 +0300)
committerAlex Williamson <alex.williamson@redhat.com>
Mon, 12 Dec 2022 21:10:12 +0000 (14:10 -0700)
This code frees the wrong "buf" variable and results in an error pointer
dereference.

Fixes: 34e2f27143d1 ("vfio/mlx5: Introduce multiple loads")
Signed-off-by: Dan Carpenter <error27@gmail.com>
Reviewed-by: Yishai Hadas <yishaih@nvidia.com>
Link: https://lore.kernel.org/r/Y5IKia5SaiVxYmG5@kili
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
drivers/vfio/pci/mlx5/main.c patch | blob | history

diff --git a/drivers/vfio/pci/mlx5/main.c b/drivers/vfio/pci/mlx5/main.c
index 94f7a0fd10e85d5210afae7343bf71f87eb3ec40..031ac8cc215d4202bbb21812ca638158d857ecf9 100644 (file)
--- a/drivers/vfio/pci/mlx5/main.c
+++ b/drivers/vfio/pci/mlx5/main.c
@@ -826,7 +826,7 @@ mlx5vf_pci_resume_device_data(struct mlx5vf_pci_core_device *mvdev)
        spin_lock_init(&migf->list_lock);
        return migf;
 out_buf:
-       mlx5vf_free_data_buffer(buf);
+       mlx5vf_free_data_buffer(migf->buf);
 out_pd:
        mlx5vf_cmd_dealloc_pd(migf);
 out_free:
ep93xx device tree rework repo: git://git.maquefel.me/linux.git