projects / linux-2.6-microblaze.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 578c1bb)
xen/xenbus: Fix a double free in xenbus_map_ring_pv()
authorDan Carpenter <dan.carpenter@oracle.com>
Fri, 10 Jul 2020 11:36:10 +0000 (14:36 +0300)
committerBoris Ostrovsky <boris.ostrovsky@oracle.com>
Fri, 10 Jul 2020 12:20:43 +0000 (07:20 -0500)
When there is an error the caller frees "info->node" so the free here
will result in a double free.  We should just delete first kfree().

Fixes: 3848e4e0a32a ("xen/xenbus: avoid large structs and arrays on the stack")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Link: https://lore.kernel.org/r/20200710113610.GA92345@mwanda
Reviewed-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
drivers/xen/xenbus/xenbus_client.c patch | blob | history

diff --git a/drivers/xen/xenbus/xenbus_client.c b/drivers/xen/xenbus/xenbus_client.c
index 4f168b4..786fbb7 100644 (file)
--- a/drivers/xen/xenbus/xenbus_client.c
+++ b/drivers/xen/xenbus/xenbus_client.c
@@ -693,10 +693,8 @@ static int xenbus_map_ring_pv(struct xenbus_device *dev,
        bool leaked;
 
        area = alloc_vm_area(XEN_PAGE_SIZE * nr_grefs, info->ptes);
-       if (!area) {
-               kfree(node);
+       if (!area)
                return -ENOMEM;
-       }
 
        for (i = 0; i < nr_grefs; i++)
                info->phys_addrs[i] =
MicroBlaze GIT Repository