From: Vitaly Kuznetsov Date: Mon, 30 May 2016 14:17:58 +0000 (+0200) Subject: PCI: hv: Don't leak buffer in hv_pci_onchannelcallback() X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=60fcdac8136b4275da42d6edf9ddb10439350289;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git PCI: hv: Don't leak buffer in hv_pci_onchannelcallback() We don't free buffer on several code paths in hv_pci_onchannelcallback(), put kfree() to the end of the function to fix the issue. Direct { kfree(); return; } can now be replaced with a simple 'break'; Signed-off-by: Vitaly Kuznetsov Signed-off-by: Bjorn Helgaas Acked-by: Jake Oshins --- diff --git a/drivers/pci/host/pci-hyperv.c b/drivers/pci/host/pci-hyperv.c index 7e9b2de2aa24..a68ec4996ed9 100644 --- a/drivers/pci/host/pci-hyperv.c +++ b/drivers/pci/host/pci-hyperv.c @@ -1661,10 +1661,8 @@ static void hv_pci_onchannelcallback(void *context) * All incoming packets must be at least as large as a * response. */ - if (bytes_recvd <= sizeof(struct pci_response)) { - kfree(buffer); - return; - } + if (bytes_recvd <= sizeof(struct pci_response)) + break; desc = (struct vmpacket_descriptor *)buffer; switch (desc->type) { @@ -1679,8 +1677,7 @@ static void hv_pci_onchannelcallback(void *context) comp_packet->completion_func(comp_packet->compl_ctxt, response, bytes_recvd); - kfree(buffer); - return; + break; case VM_PKT_DATA_INBAND: @@ -1729,6 +1726,8 @@ static void hv_pci_onchannelcallback(void *context) } break; } + + kfree(buffer); } /**