On Fri, 23 Aug 2019 15:32:41 +1000
Paul Mackerras <paulus@xxxxxxxxxx> wrote:
> On Mon, Aug 19, 2019 at 11:51:17AM +1000, Alexey Kardashevskiy wrote:
> > The @tcegrp variable is used in 1) a loop over attached groups
> > 2) it stores a pointer to a newly allocated tce_iommu_group if 1) found
> > nothing. However the error handler does not distinguish how we got there
> > and incorrectly releases memory for a found+incompatible group.
> >
> > This fixes it by adding another error handling case.
> >
> > Fixes: 0bd971676e68 ("powerpc/powernv/npu: Add compound IOMMU groups")
> > Signed-off-by: Alexey Kardashevskiy <aik@xxxxxxxxx>
>
> Good catch. This is potentially nasty since it is a double free.
> Alex, are you going to take this, or would you prefer it goes via
> Michael Ellerman's tree?
>
> Reviewed-by: Paul Mackerras <paulus@xxxxxxxxxx>
I can take it, I've got it queued, but was hoping for an ack/review by
you or David. I'll add the R-b and push it out to my next branch.
Thanks,
Alex
