forge/linux-uconsole
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

crypto: qat - Fix a double free in adf_create_ring

Browse source 
[ Upstream commit f7cae626ca ]

In adf_create_ring, if the callee adf_init_ring() failed, the callee will
free the ring->base_addr by dma_free_coherent() and return -EFAULT. Then
adf_create_ring will goto err and the ring->base_addr will be freed again
in adf_cleanup_ring().

My patch sets ring->base_addr to NULL after the first freed to avoid the
double free.

Fixes: a672a9dc87 ("crypto: qat - Intel(R) QAT transport code")
Signed-off-by: Lv Yunlong <lyl2019@mail.ustc.edu.cn>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
Lv Yunlong 2021-04-02 10:13:48 -07:00 committed by Greg Kroah-Hartman
commit 1faf7e6199
1 changed files with 1 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
drivers/crypto/qat/qat_common/adf_transport.c
View file

@ -153,6 +153,7 @@ static int adf_init_ring(struct adf_etr_ring_data *ring)
dev_err(&GET_DEV(accel_dev), "Ring address not aligned\n");
dma_free_coherent(&GET_DEV(accel_dev), ring_size_bytes,
ring->base_addr, ring->dma_addr);
ring->base_addr = NULL;
return -EFAULT;
}