habanalabs: Avoid double free in error flow

In case kernel context init fails during device initialization, both hl_ctx_put() and kfree() are called, ending with a double free of the kernel context. Calling kfree() is needed only when a failure happens between the allocation of the kernel context and its initialization, so move it to there and remove it from the error flow. Signed-off-by: Tomer Tayar <ttayar@habana.ai> Reviewed-by: Oded Gabbay <oded.gabbay@gmail.com> Signed-off-by: Oded Gabbay <oded.gabbay@gmail.com>
author: Tomer Tayar <ttayar@habana.ai> 2019-08-01 13:57:36 +0000
committer: Oded Gabbay <oded.gabbay@gmail.com> 2019-08-12 09:00:34 +0300
commit: 508c5849c62d009e03f37ad0f556071fac5112f0 (patch)
tree: cf830b1f50c6ace76ea924efd2e4b02fd48870eb /drivers/misc
parent: d45331b00ddb179e291766617259261c112db872 (diff)
1 files changed, 2 insertions, 3 deletions
diff --git a/drivers/misc/habanalabs/device.c b/drivers/misc/habanalabs/device.c
index 0c4894dd9c02..7a8f9d0b71b5 100644
--- a/drivers/misc/habanalabs/device.c
+++ b/drivers/misc/habanalabs/device.c
@@ -970,7 +970,8 @@ int hl_device_init(struct hl_device *hdev, struct class *hclass)
 	rc = hl_ctx_init(hdev, hdev->kernel_ctx, true);
 	if (rc) {
 		dev_err(hdev->dev, "failed to initialize kernel context\n");
-		goto free_ctx;
+		kfree(hdev->kernel_ctx);
+		goto mmu_fini;
 	}
 
 	rc = hl_cb_pool_init(hdev);
@@ -1053,8 +1054,6 @@ release_ctx:
 	if (hl_ctx_put(hdev->kernel_ctx) != 1)
 		dev_err(hdev->dev,
 			"kernel ctx is still alive on initialization failure\n");
-free_ctx:
-	kfree(hdev->kernel_ctx);
 mmu_fini:
 	hl_mmu_fini(hdev);
 eq_fini:
author	Tomer Tayar <ttayar@habana.ai>	2019-08-01 13:57:36 +0000
committer	Oded Gabbay <oded.gabbay@gmail.com>	2019-08-12 09:00:34 +0300
commit	508c5849c62d009e03f37ad0f556071fac5112f0 (patch)
tree	cf830b1f50c6ace76ea924efd2e4b02fd48870eb /drivers/misc
parent	d45331b00ddb179e291766617259261c112db872 (diff)