26 Oct
2022
26 Oct
'22
5:01 p.m.
On Tue, Oct 25, 2022 at 03:12:19PM -0300, Jason Gunthorpe wrote:
+int iommufd_ioas_alloc_ioctl(struct iommufd_ucmd *ucmd) +{
- struct iommu_ioas_alloc *cmd = ucmd->cmd;
- struct iommufd_ioas *ioas;
- int rc;
- if (cmd->flags)
return -EOPNOTSUPP;- ioas = iommufd_ioas_alloc(ucmd->ictx);
- if (IS_ERR(ioas))
return PTR_ERR(ioas);- cmd->out_ioas_id = ioas->obj.id;
- rc = iommufd_ucmd_respond(ucmd, sizeof(*cmd));
- if (rc)
goto out_table;- iommufd_object_finalize(ucmd->ictx, &ioas->obj);
- return 0;
+out_table:
- iommufd_ioas_destroy(&ioas->obj);
- return rc;
syzkaller says this should be:
out_table: iommufd_object_abort_and_destroy(ucmd->ictx, &ioas->obj);
Jason