From 6e930045abe51013ee3b47eaeb5aef4bc5a35218 Mon Sep 17 00:00:00 2001 From: Joerg Roedel Date: Fri, 9 Mar 2012 13:37:48 +0100 Subject: [PATCH] iommu/amd: Fix double free of mem-region in error-path When ioremap_nocache fails in iommu initialization the code calls release_mem_region immediatly. But the function is called again when the propagates into the upper init functions leading to a double-free. Fix that. Reported-by: Don Dutile Signed-off-by: Joerg Roedel --- drivers/iommu/amd_iommu_init.c | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/drivers/iommu/amd_iommu_init.c b/drivers/iommu/amd_iommu_init.c index 75653daf1de1..526652a7385d 100644 --- a/drivers/iommu/amd_iommu_init.c +++ b/drivers/iommu/amd_iommu_init.c @@ -358,8 +358,6 @@ static void iommu_disable(struct amd_iommu *iommu) */ static u8 * __init iommu_map_mmio_space(u64 address) { - u8 *ret; - if (!request_mem_region(address, MMIO_REGION_LENGTH, "amd_iommu")) { pr_err("AMD-Vi: Can not reserve memory region %llx for mmio\n", address); @@ -367,13 +365,7 @@ static u8 * __init iommu_map_mmio_space(u64 address) return NULL; } - ret = ioremap_nocache(address, MMIO_REGION_LENGTH); - if (ret != NULL) - return ret; - - release_mem_region(address, MMIO_REGION_LENGTH); - - return NULL; + return ioremap_nocache(address, MMIO_REGION_LENGTH); } static void __init iommu_unmap_mmio_space(struct amd_iommu *iommu) -- GitLab