From mboxrd@z Thu Jan  1 00:00:00 1970
From: Dan Carpenter <dan.carpenter@oracle.com>
Subject: [bug report] VSOCK: Introduce vhost_vsock.ko
Date: Wed, 3 Aug 2016 11:31:08 +0300
Message-ID: <20160803083108.GA2622@mwanda>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: kvm@vger.kernel.org
To: asias@redhat.com
Return-path: <kvm-owner@vger.kernel.org>
Received: from userp1040.oracle.com ([156.151.31.81]:43268 "EHLO
	userp1040.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1756771AbcHCIbX (ORCPT <rfc822;kvm@vger.kernel.org>);
	Wed, 3 Aug 2016 04:31:23 -0400
Content-Disposition: inline
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

Hello Asias He,

The patch 433fc58e6bf2: "VSOCK: Introduce vhost_vsock.ko" from Jul
28, 2016, leads to the following static checker warning:

	drivers/vhost/vsock.c:343 vhost_vsock_handle_tx_kick()
	error: dereferencing freed memory 'pkt'

drivers/vhost/vsock.c
   330  
   331                  pkt = vhost_vsock_alloc_pkt(vq, out, in);
   332                  if (!pkt) {
   333                          vq_err(vq, "Faulted on pkt\n");
   334                          continue;
   335                  }
   336  
   337                  /* Only accept correctly addressed packets */
   338                  if (le64_to_cpu(pkt->hdr.src_cid) == vsock->guest_cid)
   339                          virtio_transport_recv_pkt(pkt);
   340                  else
   341                          virtio_transport_free_pkt(pkt);
                                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
   342  
   343                  vhost_add_used(vq, head, sizeof(pkt->hdr) + pkt->len);
                                                                    ^^^^^^^^
   344                  added = true;
   345          }
   346  
   347  no_more_replies:
   348          if (added)
   349                  vhost_signal(&vsock->dev, vq);
   350  
   351  out:
   352          mutex_unlock(&vq->mutex);
   353  }

regards,
dan carpenter