2022-09-16 21:05:18

by Rafael Mendonca

[permalink] [raw]
Subject: [PATCH] drm/vmwgfx: Fix memory leak in vmw_mksstat_add_ioctl()

If the copy of the description string from userspace fails, then the page
for the instance descriptor doesn't get freed before returning -EFAULT,
which leads to a memleak.

Fixes: 7a7a933edd6c ("drm/vmwgfx: Introduce VMware mks-guest-stats")
Signed-off-by: Rafael Mendonca <[email protected]>
---
drivers/gpu/drm/vmwgfx/vmwgfx_msg.c | 1 +
1 file changed, 1 insertion(+)

diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_msg.c b/drivers/gpu/drm/vmwgfx/vmwgfx_msg.c
index 2aceac7856e2..089046fa21be 100644
--- a/drivers/gpu/drm/vmwgfx/vmwgfx_msg.c
+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_msg.c
@@ -1076,6 +1076,7 @@ int vmw_mksstat_add_ioctl(struct drm_device *dev, void *data,

if (desc_len < 0) {
atomic_set(&dev_priv->mksstat_user_pids[slot], 0);
+ __free_page(page);
return -EFAULT;
}

--
2.34.1


2022-09-17 06:56:22

by Martin Krastev (VMware)

[permalink] [raw]
Subject: Re: [PATCH] drm/vmwgfx: Fix memory leak in vmw_mksstat_add_ioctl()

Thank you for the catch!

Reviewed-by: Martin Krastev <[email protected]>


Regards,

Martin



On 16.09.22 г. 23:47 ч., Rafael Mendonca wrote:
> If the copy of the description string from userspace fails, then the page
> for the instance descriptor doesn't get freed before returning -EFAULT,
> which leads to a memleak.
>
> Fixes: 7a7a933edd6c ("drm/vmwgfx: Introduce VMware mks-guest-stats")
> Signed-off-by: Rafael Mendonca <[email protected]>
> ---
> drivers/gpu/drm/vmwgfx/vmwgfx_msg.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_msg.c b/drivers/gpu/drm/vmwgfx/vmwgfx_msg.c
> index 2aceac7856e2..089046fa21be 100644
> --- a/drivers/gpu/drm/vmwgfx/vmwgfx_msg.c
> +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_msg.c
> @@ -1076,6 +1076,7 @@ int vmw_mksstat_add_ioctl(struct drm_device *dev, void *data,
>
> if (desc_len < 0) {
> atomic_set(&dev_priv->mksstat_user_pids[slot], 0);
> + __free_page(page);
> return -EFAULT;
> }
>