[Intel-gfx] [PATCH v6] drm/i915/gvt: fix double free bug in split_2MB_gtt_entry

sub_spt. Besides, leave the handle of spt destroy to caller function instead of callee function when error occurs. Fixes: b901b252b6cf ("drm/i915/gvt: Add 2M huge gtt support") Signed-off-by: Zheng Wang Reviewed-by: Zhenyu Wang --- v6: - remove the code for setting unused variable to NU

Re: [Intel-gfx] [PATCH v3] drm/i915/gvt: fix double free bug in split_2MB_gtt_entry

cation. Best regards, Zheng Wang -- 2.25.1

[Intel-gfx] [RESEND PATCH v4] drm/i915/gvt: fix double free bug in split_2MB_gtt_entry

dd 2M huge gtt support") Signed-off-by: Zheng Wang --- v4: - fix by undo the mapping of DMA address and free sub_spt suggested by Zhi v3: - correct spelling mistake and remove unused variable suggested by Greg v2: https://lore.kernel.org/all/20221006165845.1735393-1-zyytlz...@163.com/

[Intel-gfx] [PATCH v5] drm/i915/gvt: fix double free bug in split_2MB_gtt_entry

sub_spt. Besides, leave the handle of spt destroy to caller function instead of callee function when error occurs. Fixes: b901b252b6cf ("drm/i915/gvt: Add 2M huge gtt support") Signed-off-by: Zheng Wang --- v5: - remove unnecessary switch-case code for there is only one particular case, c

Re: [Intel-gfx] [PATCH v3] drm/i915/gvt: fix double free bug in split_2MB_gtt_entry

isunderstand your meaning, feel free to let me know. Working on a new fix now. Best regards, Zheng Wang

[Intel-gfx] [PATCH v4] [PATCH v4] drm/i915/gvt: fix double free bug in split_2MB_gtt_entry

dd 2M huge gtt support") Signed-off-by: Zheng Wang --- v4: - fix by undo the mapping of DMA address and free sub_spt suggested by Zhi v3: - correct spelling mistake and remove unused variable suggested by Greg v2: https://lore.kernel.org/all/20221006165845.1735393-1-zyytlz...@163.com/

[Intel-gfx] [PATCH v3] drm/i915/gvt: fix double free bug in split_2MB_gtt_entry

: Zheng Wang Signed-off-by: Zheng Wang --- v3: - correct spelling mistake and remove unused variable suggested by Greg v2: https://lore.kernel.org/all/20221006165845.1735393-1-zyytlz...@163.com/ v1: https://lore.kernel.org/all/20220928033340.1063949-1-zyytlz...@163.com/ --- drivers/gpu/drm/i915

[Intel-gfx] [PATCH v2] drm/i915/gvt: fix double free bug in split_2MB_gtt_entry

: Zheng Wang Signed-off-by: Zheng Wang --- v2: - split initial function into two api function suggested by Greg v1: https://lore.kernel.org/all/20220928033340.1063949-1-zyytlz...@163.com/ --- drivers/gpu/drm/i915/gvt/gtt.c | 31 +-- 1 file changed, 21 insertions(+), 10

[Intel-gfx] [PATCH] drm/i915/gvt: fix double free bug in split_2MB_gtt_entry

dd 2M huge gtt support") Reported-by: Zheng Wang Signed-off-by: Zheng Wang --- drivers/gpu/drm/i915/gvt/gtt.c | 16 +--- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/drivers/gpu/drm/i915/gvt/gtt.c b/drivers/gpu/drm/i915/gvt/gtt.c index ce0eb03709c3..550519f0acca 10

[Intel-gfx] [PATCH] drm/i915/gvt: fix double-free bug in split_2MB_gtt_entry

From afe79848cb74cc8e45ab426d13fa2394c87e0422 Mon Sep 17 00:00:00 2001 From: xmzyshypnc <1002992...@qq.com> Date: Fri, 16 Sep 2022 23:48:23 +0800 Subject: [PATCH] drm/i915/gvt: fix double-free bug in split_2MB_gtt_entry There is a double-free security bug in split_2MB_gtt_entry. Here is a callin

[Intel-gfx] [PATCH] drm/i915/gvt: fix double-free bug in split_2MB_gtt_entry

ut the caller does not notice that, and it will call ppgtt_free_spt again in error path. Fix this by only freeing spt in ppgtt_invalidate_spt in good case. Reported-by: Zheng Wang Zhuorao Yang Signed-off-by: Zheng Wang --- drivers/gpu/drm/i915/gvt/gtt.c | 16 +--- 1 file chan