On Fri, Oct 07, 2022 at 12:58:45AM +0800, Zheng Wang wrote: > If intel_gvt_dma_map_guest_page failed, it will call > ppgtt_invalidate_spt, which will finally free the spt. > But the caller does not notice that, it will free spt again in error path. > > Fix this by spliting invalidate and free in ppgtt_invalidate_spt. > Only free spt when in good case. > > Reported-by: Zheng Wang <hackerzheng666@xxxxxxxxx> > Signed-off-by: Zheng Wang <zyytlz.wz@xxxxxxx> > --- > v2: > - split initial function into two api function suggested by Greg > > v1: https://lore.kernel.org/all/20220928033340.1063949-1-zyytlz.wz@xxxxxxx/ > --- > drivers/gpu/drm/i915/gvt/gtt.c | 31 +++++++++++++++++++++---------- > 1 file changed, 21 insertions(+), 10 deletions(-) > > diff --git a/drivers/gpu/drm/i915/gvt/gtt.c b/drivers/gpu/drm/i915/gvt/gtt.c > index ce0eb03709c3..55d8e1419302 100644 > --- a/drivers/gpu/drm/i915/gvt/gtt.c > +++ b/drivers/gpu/drm/i915/gvt/gtt.c > @@ -959,6 +959,7 @@ static inline int ppgtt_put_spt(struct intel_vgpu_ppgtt_spt *spt) > return atomic_dec_return(&spt->refcount); > } > > +static int ppgtt_invalidate_and_free_spt(struct intel_vgpu_ppgtt_spt *spt); Odd extra space after the 'int', why?
