In abi_long do_ioctl_dm(), after lock_user() call, the code does
not call unlock_user() before going to failure return in default case.
Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
}
default:
ret = -TARGET_EINVAL;
+ unlock_user(argptr, guest_data, 0);
goto out;
}
unlock_user(argptr, guest_data, 0);
break;
}
default:
+ unlock_user(argptr, guest_data, 0);
ret = -TARGET_EINVAL;
goto out;
}