• J
    iommu: Fix wrong freeing of iommu_device->dev · 2926a2aa
    Joerg Roedel 提交于
    The struct iommu_device has a 'struct device' embedded into
    it, not as a pointer, but the whole struct. In the
    conversion of the iommu drivers to use struct iommu_device
    it was forgotten that the relase function for that struct
    device simply calls kfree() on the pointer.
    
    This frees memory that was never allocated and causes memory
    corruption.
    
    To fix this issue, use a pointer to struct device instead of
    embedding the whole struct. This needs some updates in the
    iommu sysfs code as well as the Intel VT-d and AMD IOMMU
    driver.
    Reported-by: NSebastian Ott <sebott@linux.vnet.ibm.com>
    Fixes: 39ab9555 ('iommu: Add sysfs bindings for struct iommu_device')
    Cc: stable@vger.kernel.org # >= v4.11
    Signed-off-by: NJoerg Roedel <jroedel@suse.de>
    2926a2aa
iommu.h 20.2 KB