> On 2018.08.03 08:41:19 +0800, Yi Wang wrote:
> > The 'sparse' variable may leak when return in function
> > intel_vgpu_ioctl(), and this patch fixes this.
> >
> > Signed-off-by: Yi Wang <wang.yi59@xxxxxxxxxx>
> > Reviewed-by: Jiang Biao <jiang.biao2@xxxxxxxxxx>
> > ---
> > drivers/gpu/drm/i915/gvt/kvmgt.c | 3 +++
> > 1 file changed, 3 insertions(+)
> >
> > diff --git a/drivers/gpu/drm/i915/gvt/kvmgt.c b/drivers/gpu/drm/i915/gvt/kvmgt.c
> > index df4e4a0..6a6f199 100644
> > --- a/drivers/gpu/drm/i915/gvt/kvmgt.c
> > +++ b/drivers/gpu/drm/i915/gvt/kvmgt.c
> > @@ -1200,6 +1200,7 @@ static long intel_vgpu_ioctl(struct mdev_device *mdev, unsigned int cmd,
> > return ret;
> > break;
> > default:
> > + kfree(sparse);
> > return -EINVAL;
> > }
> > }
> > @@ -1215,6 +1216,7 @@ static long intel_vgpu_ioctl(struct mdev_device *mdev, unsigned int cmd,
> > sizeof(info), caps.buf,
> > caps.size)) {
> > kfree(caps.buf);
> > + kfree(sparse);
> > return -EFAULT;
> > }
> > info.cap_offset = sizeof(info);
> > @@ -1223,6 +1225,7 @@ static long intel_vgpu_ioctl(struct mdev_device *mdev, unsigned int cmd,
> > kfree(caps.buf);
> > }
> >
> > + kfree(sparse);
>
> Unfortunately this would cause a double-free error in normal path, as we
> tried to free sparse after use to add caps. So may be better to fix free
> in error path and move normal free of sparse in final point, e.g
Yeah, that's right! Thanks a lot for your advice. I will send a v2 patch.
---
Best wishes
Yi Wang
_______________________________________________
Intel-gfx mailing list
Intel-gfx@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/intel-gfx