Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx> 于2022年10月7日周五 03:22写道: > > On Fri, Oct 07, 2022 at 12:58:45AM +0800, Zheng Wang wrote: > > If intel_gvt_dma_map_guest_page failed, it will call > > ppgtt_invalidate_spt, which will finally free the spt. > > But the caller does not notice that, it will free spt again in error path. > > > > Fix this by spliting invalidate and free in ppgtt_invalidate_spt. > > Only free spt when in good case. > > > > Reported-by: Zheng Wang <hackerzheng666@xxxxxxxxx> > > Signed-off-by: Zheng Wang <zyytlz.wz@xxxxxxx> > > --- > > v2: > > - split initial function into two api function suggested by Greg > > > > v1: https://lore.kernel.org/all/20220928033340.1063949-1-zyytlz.wz@xxxxxxx/ > > --- > > drivers/gpu/drm/i915/gvt/gtt.c | 31 +++++++++++++++++++++---------- > > 1 file changed, 21 insertions(+), 10 deletions(-) > > > > diff --git a/drivers/gpu/drm/i915/gvt/gtt.c b/drivers/gpu/drm/i915/gvt/gtt.c > > index ce0eb03709c3..55d8e1419302 100644 > > --- a/drivers/gpu/drm/i915/gvt/gtt.c > > +++ b/drivers/gpu/drm/i915/gvt/gtt.c > > @@ -959,6 +959,7 @@ static inline int ppgtt_put_spt(struct intel_vgpu_ppgtt_spt *spt) > > return atomic_dec_return(&spt->refcount); > > } > > > > +static int ppgtt_invalidate_and_free_spt(struct intel_vgpu_ppgtt_spt *spt); > > Odd extra space after the 'int', why? > Hi Greg, Sorry it's a spelling mistake. I'll correct it right away :) Thanks, Zheng Wang