]> www.infradead.org Git - users/jedix/linux-maple.git/commitdiff
projects / users / jedix / linux-maple.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c17b750)
iommufd: viommu: free memory allocated by kvcalloc() using kvfree()
authorAkhilesh Patil <akhilesh@ee.iitb.ac.in>
Sun, 10 Aug 2025 13:34:01 +0000 (19:04 +0530)
committerJason Gunthorpe <jgg@nvidia.com>
Mon, 18 Aug 2025 14:10:40 +0000 (11:10 -0300)
Use kvfree() instead of kfree() to free pages allocated by kvcalloc()
in iommufs_hw_queue_alloc_phys() to fix potential memory corruption.
Ensure the memory is properly freed, as kvcalloc may internally use
vmalloc or kmalloc depending on available memory in the system.

Fixes: 2238ddc2b056 ("iommufd/viommu: Add IOMMUFD_CMD_HW_QUEUE_ALLOC ioctl")
Link: https://patch.msgid.link/r/aJifyVV2PL6WGEs6@bhairav-test.ee.iitb.ac.in
Signed-off-by: Akhilesh Patil <akhilesh@ee.iitb.ac.in>
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
Reviewed-by: Nicolin Chen <nicolinc@nvidia.com>
Reviewed-by: Pranjal Shrivastava <praan@google.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
drivers/iommu/iommufd/viommu.c patch | blob | history

diff --git a/drivers/iommu/iommufd/viommu.c b/drivers/iommu/iommufd/viommu.c
index 2ca5809b238bbe7e1c81fb420b49a21b211f9a33..462b457ffd0c4263900099d1c2ce7d0e6e32e5ff 100644 (file)
--- a/drivers/iommu/iommufd/viommu.c
+++ b/drivers/iommu/iommufd/viommu.c
@@ -339,7 +339,7 @@ iommufd_hw_queue_alloc_phys(struct iommu_hw_queue_alloc *cmd,
        }
 
        *base_pa = (page_to_pfn(pages[0]) << PAGE_SHIFT) + offset;
-       kfree(pages);
+       kvfree(pages);
        return access;
 
 out_unpin:
@@ -349,7 +349,7 @@ out_detach:
 out_destroy:
        iommufd_access_destroy_internal(viommu->ictx, access);
 out_free:
-       kfree(pages);
+       kvfree(pages);
        return ERR_PTR(rc);
 }
 
Unnamed repository; edit this file 'description' to name the repository.