Commit ba8c4234 authored by Dan Carpenter's avatar Dan Carpenter Committed by Boris Ostrovsky

xen/xenbus: Fix a double free in xenbus_map_ring_pv()

When there is an error the caller frees "info->node" so the free here
will result in a double free.  We should just delete first kfree().

Fixes: 3848e4e0 ("xen/xenbus: avoid large structs and arrays on the stack")
Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
Link: https://lore.kernel.org/r/20200710113610.GA92345@mwandaReviewed-by: default avatarJuergen Gross <jgross@suse.com>
Signed-off-by: default avatarBoris Ostrovsky <boris.ostrovsky@oracle.com>
parent 578c1bb9
...@@ -693,10 +693,8 @@ static int xenbus_map_ring_pv(struct xenbus_device *dev, ...@@ -693,10 +693,8 @@ static int xenbus_map_ring_pv(struct xenbus_device *dev,
bool leaked; bool leaked;
area = alloc_vm_area(XEN_PAGE_SIZE * nr_grefs, info->ptes); area = alloc_vm_area(XEN_PAGE_SIZE * nr_grefs, info->ptes);
if (!area) { if (!area)
kfree(node);
return -ENOMEM; return -ENOMEM;
}
for (i = 0; i < nr_grefs; i++) for (i = 0; i < nr_grefs; i++)
info->phys_addrs[i] = info->phys_addrs[i] =
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment