| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 11 Nov 2022 21:10:36 +0300
From: Dmitry Osipenko <dmitry.osipenko@...labora.com>
To: Xiu Jianfeng <xiujianfeng@...wei.com>, airlied@...hat.com,
kraxel@...hat.com, gurchetansingh@...omium.org, olvaffe@...il.com,
daniel@...ll.ch
Cc: dri-devel@...ts.freedesktop.org,
virtualization@...ts.linux-foundation.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] drm/virtio: Fix memory leak in virtio_gpu_object_create()
On 11/9/22 12:19, Xiu Jianfeng wrote:
> The virtio_gpu_object_shmem_init() will alloc memory and save it in
> @ents, so when virtio_gpu_array_alloc() fails, this memory should be
> freed, this patch fixes it.
>
> Fixes: e7fef0923303 ("drm/virtio: Simplify error handling of virtio_gpu_object_create()")
> Signed-off-by: Xiu Jianfeng <xiujianfeng@...wei.com>
> ---
> drivers/gpu/drm/virtio/virtgpu_object.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/gpu/drm/virtio/virtgpu_object.c b/drivers/gpu/drm/virtio/virtgpu_object.c
> index 8d7728181de0..c7e74cf13022 100644
> --- a/drivers/gpu/drm/virtio/virtgpu_object.c
> +++ b/drivers/gpu/drm/virtio/virtgpu_object.c
> @@ -184,7 +184,7 @@ int virtio_gpu_object_create(struct virtio_gpu_device *vgdev,
> struct virtio_gpu_object_array *objs = NULL;
> struct drm_gem_shmem_object *shmem_obj;
> struct virtio_gpu_object *bo;
> - struct virtio_gpu_mem_entry *ents;
> + struct virtio_gpu_mem_entry *ents = NULL;
> unsigned int nents;
> int ret;
>
> @@ -210,7 +210,7 @@ int virtio_gpu_object_create(struct virtio_gpu_device *vgdev,
> ret = -ENOMEM;
> objs = virtio_gpu_array_alloc(1);
> if (!objs)
> - goto err_put_id;
> + goto err_free_entry;
> virtio_gpu_array_add_obj(objs, &bo->base.base);
>
> ret = virtio_gpu_array_lock_resv(objs);
> @@ -239,6 +239,8 @@ int virtio_gpu_object_create(struct virtio_gpu_device *vgdev,
>
> err_put_objs:
> virtio_gpu_array_put_free(objs);
> +err_free_entry:
> + kvfree(ents);
> err_put_id:
> virtio_gpu_resource_id_put(vgdev, bo->hw_res_handle);
> err_free_gem:
Reviewed-by: Dmitry Osipenko <dmitry.osipenko@...labora.com>
--
Best regards,
Dmitry
Powered by blists - more mailing lists