4474 – [ANCK 4.19] vfio: Clear the caps->buf to NULL after free

Bug 4474 - [ANCK 4.19] vfio: Clear the caps->buf to NULL after free

Summary: [ANCK 4.19] vfio: Clear the caps->buf to NULL after free

Status:	RESOLVED FIXED

Alias:	None

Product:	ANCK 4.19 Dev
Classification:	ANCK
Component:	drivers (show other bugs)	drivers
Sub Component:
Version:	4.19-023.x
Hardware:	All Linux

Importance:	P3-Medium S3-normal
Target Milestone:	---
Assignee:	er222XIAO
QA Contact:	shuming

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2023-03-10 11:17 UTC by er222XIAO
Modified:	2023-03-10 19:01 UTC (History)
CC List:	4 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description er222XIAO 2023-03-10 11:17:16 UTC

Description of problem:

    vfio: Clear the caps->buf to NULL after free
    
    [ Upstream commit 6641085e8d7b3f061911517f79a2a15a0a21b97b ]
    
    On buffer resize failure, vfio_info_cap_add() will free the buffer,
    report zero for the size, and return -ENOMEM.  As additional
    hardening, also clear the buffer pointer to prevent any chance of a
    double free.
    
    Signed-off-by: Schspa Shi <schspa@gmail.com>
    Reviewed-by: Cornelia Huck <cohuck@redhat.com>
    Link: https://lore.kernel.org/r/20220629022948.55608-1-schspa@gmail.com
    Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>	


Additional info:
Upstream:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/drivers/vfio/vfio.c?h=v5.10.172&id=5e034e03f416242bb8272bd3866a93281bbfcb24

Comment 1 Joseph Qi alibaba_cloud_group

2023-03-10 19:01:34 UTC

https://gitee.com/anolis/cloud-kernel/pulls/1427