> On 2018.08.03 08:41:19 +0800, Yi Wang wrote:
> > The 'sparse' variable may leak when return in function
> > intel_vgpu_ioctl(), and this patch fixes this.
> >
> > Signed-off-by: Yi Wang <wang.yi59@zte.com.cn>
> > Reviewed-by: Jiang Biao <jiang.biao2@zte.com.cn>
> > ---
> >  drivers/gpu/drm/i915/gvt/kvmgt.c | 3 +++
> >  1 file changed, 3 insertions(+)
> >
> > diff --git a/drivers/gpu/drm/i915/gvt/kvmgt.c b/drivers/gpu/drm/i915/gvt/kvmgt.c
> > index df4e4a0..6a6f199 100644
> > --- a/drivers/gpu/drm/i915/gvt/kvmgt.c
> > +++ b/drivers/gpu/drm/i915/gvt/kvmgt.c
> > @@ -1200,6 +1200,7 @@ static long intel_vgpu_ioctl(struct mdev_device *mdev, unsigned int cmd,
> >                      return ret;
> >                  break;
> >              default:
> > +                kfree(sparse);
> >                  return -EINVAL;
> >              }
> >          }
> > @@ -1215,6 +1216,7 @@ static long intel_vgpu_ioctl(struct mdev_device *mdev, unsigned int cmd,
> >                            sizeof(info), caps.buf,
> >                            caps.size)) {
> >                      kfree(caps.buf);
> > +                    kfree(sparse);
> >                      return -EFAULT;
> >                  }
> >                  info.cap_offset = sizeof(info);
> > @@ -1223,6 +1225,7 @@ static long intel_vgpu_ioctl(struct mdev_device *mdev, unsigned int cmd,
> >              kfree(caps.buf);
> >          }
> >
> > +        kfree(sparse);
>
> Unfortunately this would cause a double-free error in normal path, as we
> tried to free sparse after use to add caps. So may be better to fix free
> in error path and move normal free of sparse in final point, e.g

Yeah, that's right! Thanks a lot for your advice. I will send a v2 patch.


---
Best wishes
Yi Wang