subject:"\[PATCH 1\/1\] iommu\/amd\: fix incorrect error handling"

Re: [PATCH 1/1] iommu/amd: fix incorrect error handling

2017-04-24 Thread Joerg Roedel

On Sun, Apr 23, 2017 at 06:23:21PM +0800, Pan Bian wrote: > From: Pan Bian > > In function amd_iommu_bind_pasid(), the control flow jumps to label > out_free when pasid_state->mm and mm is NULL. And mmput(mm) is called. > In function mmput(mm), mm is referenced without

Re: [PATCH 1/1] iommu/amd: fix incorrect error handling

2017-04-24 Thread Joerg Roedel

On Sun, Apr 23, 2017 at 06:23:21PM +0800, Pan Bian wrote: > From: Pan Bian > > In function amd_iommu_bind_pasid(), the control flow jumps to label > out_free when pasid_state->mm and mm is NULL. And mmput(mm) is called. > In function mmput(mm), mm is referenced without validation. This will >

[PATCH 1/1] iommu/amd: fix incorrect error handling

2017-04-23 Thread Pan Bian

From: Pan Bian In function amd_iommu_bind_pasid(), the control flow jumps to label out_free when pasid_state->mm and mm is NULL. And mmput(mm) is called. In function mmput(mm), mm is referenced without validation. This will result in a NULL dereference bug. This patch fixes

[PATCH 1/1] iommu/amd: fix incorrect error handling

2017-04-23 Thread Pan Bian

From: Pan Bian In function amd_iommu_bind_pasid(), the control flow jumps to label out_free when pasid_state->mm and mm is NULL. And mmput(mm) is called. In function mmput(mm), mm is referenced without validation. This will result in a NULL dereference bug. This patch fixes the bug.