From: Ilya Lesokhin <ilyal@mellanox.com>
Date: Thu, 14 Jul 2016 13:50:19 +0000 (+0300)
Subject: vfio: fix possible use after free of vfio group
X-Git-Url: https://git.karo-electronics.de/?a=commitdiff_plain;h=d370c917b9d4bef71e5d994aac5547f06f4dd76f;p=linux-beck.git

vfio: fix possible use after free of vfio group

The vfio group should be released after
the vfio_group_try_dissolve_container call.
The code should not rely on someone else to hold
a reference on the group.

Signed-off-by: Ilya Lesokhin <ilyal@mellanox.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
---

diff --git a/drivers/vfio/vfio.c b/drivers/vfio/vfio.c
index 6fd6fa5469de..d1d70e0b011b 100644
--- a/drivers/vfio/vfio.c
+++ b/drivers/vfio/vfio.c
@@ -1711,8 +1711,8 @@ EXPORT_SYMBOL_GPL(vfio_group_get_external_user);
 
 void vfio_group_put_external_user(struct vfio_group *group)
 {
-	vfio_group_put(group);
 	vfio_group_try_dissolve_container(group);
+	vfio_group_put(group);
 }
 EXPORT_SYMBOL_GPL(vfio_group_put_external_user);