4469 – [ANCK 5.10] vfio: Clear the caps->buf to NULL after free

Bug 4469 - [ANCK 5.10] vfio: Clear the caps->buf to NULL after free

Summary: [ANCK 5.10] vfio: Clear the caps->buf to NULL after free

Status:	RESOLVED FIXED

Alias:	None

Product:	ANCK 5.10 Dev
Classification:	ANCK
Component:	drivers (show other bugs)	drivers
Sub Component:
Version:	5.10.y-10
Hardware:	All Linux

Importance:	P3-Medium S3-normal
Target Milestone:	---
Assignee:	GuixinLiu
QA Contact:	shuming

URL:
Whiteboard:
Keywords:	Bugfix

Depends on:
Blocks:

Reported:	2023-03-09 20:05 UTC by er222XIAO
Modified:	2023-08-17 17:44 UTC (History)
CC List:	2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description er222XIAO 2023-03-09 20:05:47 UTC

Description of problem:
    vfio: Clear the caps->buf to NULL after free
    
    [ Upstream commit 6641085e8d7b3f061911517f79a2a15a0a21b97b ]
    
    On buffer resize failure, vfio_info_cap_add() will free the buffer,
    report zero for the size, and return -ENOMEM.  As additional
    hardening, also clear the buffer pointer to prevent any chance of a
    double free.
    
    Signed-off-by: Schspa Shi <schspa@gmail.com>
    Reviewed-by: Cornelia Huck <cohuck@redhat.com>
    Link: https://lore.kernel.org/r/20220629022948.55608-1-schspa@gmail.com
    Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>	


Additional info:
Upstream:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/drivers/vfio/vfio.c?h=v5.10.172&id=5e034e03f416242bb8272bd3866a93281bbfcb24

Comment 1 GuixinLiu alibaba_cloud_group

2023-08-17 17:44:49 UTC

已合入devel-5.10分支，commit为：fb78af2103a9de6a02f0ee91de9c5b0f3b77a588