Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d370c917 authored by Ilya Lesokhin's avatar Ilya Lesokhin Committed by Alex Williamson
Browse files

vfio: fix possible use after free of vfio group 



The vfio group should be released after
the vfio_group_try_dissolve_container call.
The code should not rely on someone else to hold
a reference on the group.

Signed-off-by: default avatarIlya Lesokhin <ilyal@mellanox.com>
Signed-off-by: default avatarAlex Williamson <alex.williamson@redhat.com>
parent 05f0c03f

drivers/vfio/vfio.c

+1 −1
Original line number Original line Diff line number Diff line
@@ -1711,8 +1711,8 @@ EXPORT_SYMBOL_GPL(vfio_group_get_external_user); 




void vfio_group_put_external_user(struct vfio_group *group)

void vfio_group_put_external_user(struct vfio_group *group)

{

{

	vfio_group_put(group);

	vfio_group_try_dissolve_container(group);

	vfio_group_try_dissolve_container(group);

	vfio_group_put(group);

}

}

EXPORT_SYMBOL_GPL(vfio_group_put_external_user);

EXPORT_SYMBOL_GPL(vfio_group_put_external_user);