Sorry I missed it. Thanks for the correction! Regards, Henry > -----Original Message----- > From: Zhenyu Wang [mailto:zhenyuw@xxxxxxxxxxxxxxx] > Sent: Wednesday, November 21, 2018 10:29 AM > To: Chris Wilson <chris@xxxxxxxxxxxxxxxxxx> > Cc: intel-gfx@xxxxxxxxxxxxxxxxxxxxx; Zhenyu Wang > <zhenyuw@xxxxxxxxxxxxxxx>; Yuan, Hang <hang.yuan@xxxxxxxxx> > Subject: Re: [PATCH 1/2] drm/i915/gvt: Avoid use-after-free iterating the gtt > list > > On 2018.11.20 20:24:38 +0000, Chris Wilson wrote: > > Found by smatch: > > > > drivers/gpu/drm/i915/gvt/gtt.c:2452 intel_vgpu_destroy_ggtt_mm() error: > dereferencing freed memory 'pos' > > > > Signed-off-by: Chris Wilson <chris@xxxxxxxxxxxxxxxxxx> > > Cc: Zhenyu Wang <zhenyuw@xxxxxxxxxxxxxxx> > > --- > > drivers/gpu/drm/i915/gvt/gtt.c | 7 ++++--- > > 1 file changed, 4 insertions(+), 3 deletions(-) > > > > diff --git a/drivers/gpu/drm/i915/gvt/gtt.c > > b/drivers/gpu/drm/i915/gvt/gtt.c index 58e166effa45..c7103dd2d8d5 > > 100644 > > --- a/drivers/gpu/drm/i915/gvt/gtt.c > > +++ b/drivers/gpu/drm/i915/gvt/gtt.c > > @@ -2447,10 +2447,11 @@ static void > > intel_vgpu_destroy_all_ppgtt_mm(struct intel_vgpu *vgpu) > > > > static void intel_vgpu_destroy_ggtt_mm(struct intel_vgpu *vgpu) { > > - struct intel_gvt_partial_pte *pos; > > + struct intel_gvt_partial_pte *pos, *next; > > > > - list_for_each_entry(pos, > > - &vgpu->gtt.ggtt_mm->ggtt_mm.partial_pte_list, list) { > > + list_for_each_entry_safe(pos, next, > > + &vgpu->gtt.ggtt_mm- > >ggtt_mm.partial_pte_list, > > + list) { > > gvt_dbg_mm("partial PTE update on hold 0x%lx : 0x%llx\n", > > pos->offset, pos->data); > > kfree(pos); > > Reviewed-by: Zhenyu Wang <zhenyuw@xxxxxxxxxxxxxxx> > > Thanks! I should really run check against each one when apply.. > > -- > Open Source Technology Center, Intel ltd. > > $gpg --keyserver wwwkeys.pgp.net --recv-keys 4D781827 _______________________________________________ Intel-gfx mailing list Intel-gfx@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/intel-gfx
