From: Joerg Roedel <joerg.roedel@amd.com>
Date: Fri, 9 Mar 2012 12:37:48 +0000 (+0100)
Subject: iommu/amd: Fix double free of mem-region in error-path
X-Git-Tag: firefly_0821_release~3680^2~3273^2^3~6
X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=6e930045abe51013ee3b47eaeb5aef4bc5a35218;p=firefly-linux-kernel-4.4.55.git

iommu/amd: Fix double free of mem-region in error-path

When ioremap_nocache fails in iommu initialization the code
calls release_mem_region immediatly. But the function is
called again when the propagates into the upper init
functions leading to a double-free. Fix that.

Reported-by: Don Dutile <ddutile@redhat.com>
Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
---

diff --git a/drivers/iommu/amd_iommu_init.c b/drivers/iommu/amd_iommu_init.c
index 75653daf1de1..526652a7385d 100644
--- a/drivers/iommu/amd_iommu_init.c
+++ b/drivers/iommu/amd_iommu_init.c
@@ -358,8 +358,6 @@ static void iommu_disable(struct amd_iommu *iommu)
  */
 static u8 * __init iommu_map_mmio_space(u64 address)
 {
-	u8 *ret;
-
 	if (!request_mem_region(address, MMIO_REGION_LENGTH, "amd_iommu")) {
 		pr_err("AMD-Vi: Can not reserve memory region %llx for mmio\n",
 			address);
@@ -367,13 +365,7 @@ static u8 * __init iommu_map_mmio_space(u64 address)
 		return NULL;
 	}
 
-	ret = ioremap_nocache(address, MMIO_REGION_LENGTH);
-	if (ret != NULL)
-		return ret;
-
-	release_mem_region(address, MMIO_REGION_LENGTH);
-
-	return NULL;
+	return ioremap_nocache(address, MMIO_REGION_LENGTH);
 }
 
 static void __init iommu_unmap_mmio_space(struct amd_iommu *iommu)