From: Chen Gang S <gang.c...@sunrus.com.cn> In abi_long do_ioctl_dm(), after lock_user() call, the code does not call unlock_user() before going to failure return in default case.
Signed-off-by: Chen Gang <gang.chen.5...@gmail.com> Reviewed-by: Peter Maydell <peter.mayd...@linaro.org> Signed-off-by: Michael Tokarev <m...@tls.msk.ru> --- linux-user/syscall.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 310080c..5720195 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -3576,6 +3576,7 @@ static abi_long do_ioctl_dm(const IOCTLEntry *ie, uint8_t *buf_temp, int fd, } default: ret = -TARGET_EINVAL; + unlock_user(argptr, guest_data, 0); goto out; } unlock_user(argptr, guest_data, 0); @@ -3695,6 +3696,7 @@ static abi_long do_ioctl_dm(const IOCTLEntry *ie, uint8_t *buf_temp, int fd, break; } default: + unlock_user(argptr, guest_data, 0); ret = -TARGET_EINVAL; goto out; } -- 2.1.4