[v2] KVM: SVM: Fix potential memory leak in svm_cpu_init()

Message ID	1578128209-12891-1-git-send-email-linmiaohe@huawei.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <SRS0=32Vo=2Z=vger.kernel.org=kvm-owner@kernel.org> From: linmiaohe <linmiaohe@huawei.com> To: <pbonzini@redhat.com>, <rkrcmar@redhat.com>, <sean.j.christopherson@intel.com>, <vkuznets@redhat.com>, <wanpengli@tencent.com>, <jmattson@google.com>, <joro@8bytes.org>, <tglx@linutronix.de>, <mingo@redhat.com>, <bp@alien8.de>, <hpa@zytor.com> CC: <linmiaohe@huawei.com>, <kvm@vger.kernel.org>, <linux-kernel@vger.kernel.org>, <x86@kernel.org>, <liran.alon@oracle.com> Subject: [PATCH v2] KVM: SVM: Fix potential memory leak in svm_cpu_init() Date: Sat, 4 Jan 2020 16:56:49 +0800 Message-ID: <1578128209-12891-1-git-send-email-linmiaohe@huawei.com> MIME-Version: 1.0 Content-Type: text/plain Sender: kvm-owner@vger.kernel.org Precedence: bulk
Series	[v2] KVM: SVM: Fix potential memory leak in svm_cpu_init() \| expand [v2] KVM: SVM: Fix potential memory leak in svm_cpu_init()

Message ID

1578128209-12891-1-git-send-email-linmiaohe@huawei.com (mailing list archive)

State

New, archived

Headers

From: linmiaohe <linmiaohe@huawei.com>
To: <pbonzini@redhat.com>, <rkrcmar@redhat.com>,
        <sean.j.christopherson@intel.com>, <vkuznets@redhat.com>,
        <wanpengli@tencent.com>, <jmattson@google.com>, <joro@8bytes.org>,
        <tglx@linutronix.de>, <mingo@redhat.com>, <bp@alien8.de>,
        <hpa@zytor.com>
CC: <linmiaohe@huawei.com>, <kvm@vger.kernel.org>,
        <linux-kernel@vger.kernel.org>, <x86@kernel.org>,
        <liran.alon@oracle.com>
Subject: [PATCH v2] KVM: SVM: Fix potential memory leak in svm_cpu_init()
Date: Sat, 4 Jan 2020 16:56:49 +0800
Message-ID: <1578128209-12891-1-git-send-email-linmiaohe@huawei.com>
MIME-Version: 1.0
Content-Type: text/plain
Sender: kvm-owner@vger.kernel.org
Precedence: bulk

Series

[v2] KVM: SVM: Fix potential memory leak in svm_cpu_init() | expand

Commit Message

Miaohe Lin Jan. 4, 2020, 8:56 a.m. UTC

From: Miaohe Lin <linmiaohe@huawei.com>

When kmalloc memory for sd->sev_vmcbs failed, we forget to free the page
held by sd->save_area. Also get rid of the var r as '-ENOMEM' is actually
the only possible outcome here.

Reviewed-by: Liran Alon <liran.alon@oracle.com>
Reviewed-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Signed-off-by: Miaohe Lin <linmiaohe@huawei.com>
---
-v2:
	drop var r as suggested by Vitaly
---
 arch/x86/kvm/svm.c | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

Comments

Paolo Bonzini Jan. 15, 2020, 6:23 p.m. UTC | #1

On 04/01/20 09:56, linmiaohe wrote:
> From: Miaohe Lin <linmiaohe@huawei.com>
> 
> When kmalloc memory for sd->sev_vmcbs failed, we forget to free the page
> held by sd->save_area. Also get rid of the var r as '-ENOMEM' is actually
> the only possible outcome here.
> 
> Reviewed-by: Liran Alon <liran.alon@oracle.com>
> Reviewed-by: Vitaly Kuznetsov <vkuznets@redhat.com>
> Signed-off-by: Miaohe Lin <linmiaohe@huawei.com>
> ---
> -v2:
> 	drop var r as suggested by Vitaly
> ---
>  arch/x86/kvm/svm.c | 13 ++++++-------
>  1 file changed, 6 insertions(+), 7 deletions(-)
> 
> diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
> index 8f1b715dfde8..5f9d6547e0e7 100644
> --- a/arch/x86/kvm/svm.c
> +++ b/arch/x86/kvm/svm.c
> @@ -1003,33 +1003,32 @@ static void svm_cpu_uninit(int cpu)
>  static int svm_cpu_init(int cpu)
>  {
>  	struct svm_cpu_data *sd;
> -	int r;
>  
>  	sd = kzalloc(sizeof(struct svm_cpu_data), GFP_KERNEL);
>  	if (!sd)
>  		return -ENOMEM;
>  	sd->cpu = cpu;
> -	r = -ENOMEM;
>  	sd->save_area = alloc_page(GFP_KERNEL);
>  	if (!sd->save_area)
> -		goto err_1;
> +		goto free_cpu_data;
>  
>  	if (svm_sev_enabled()) {
> -		r = -ENOMEM;
>  		sd->sev_vmcbs = kmalloc_array(max_sev_asid + 1,
>  					      sizeof(void *),
>  					      GFP_KERNEL);
>  		if (!sd->sev_vmcbs)
> -			goto err_1;
> +			goto free_save_area;
>  	}
>  
>  	per_cpu(svm_data, cpu) = sd;
>  
>  	return 0;
>  
> -err_1:
> +free_save_area:
> +	__free_page(sd->save_area);
> +free_cpu_data:
>  	kfree(sd);
> -	return r;
> +	return -ENOMEM;
>  
>  }
>  
> 

Queued, thanks.

Paolo

diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index 8f1b715dfde8..5f9d6547e0e7 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -1003,33 +1003,32 @@  static void svm_cpu_uninit(int cpu)
 static int svm_cpu_init(int cpu)
 {
 	struct svm_cpu_data *sd;
-	int r;
 
 	sd = kzalloc(sizeof(struct svm_cpu_data), GFP_KERNEL);
 	if (!sd)
 		return -ENOMEM;
 	sd->cpu = cpu;
-	r = -ENOMEM;
 	sd->save_area = alloc_page(GFP_KERNEL);
 	if (!sd->save_area)
-		goto err_1;
+		goto free_cpu_data;
 
 	if (svm_sev_enabled()) {
-		r = -ENOMEM;
 		sd->sev_vmcbs = kmalloc_array(max_sev_asid + 1,
 					      sizeof(void *),
 					      GFP_KERNEL);
 		if (!sd->sev_vmcbs)
-			goto err_1;
+			goto free_save_area;
 	}
 
 	per_cpu(svm_data, cpu) = sd;
 
 	return 0;
 
-err_1:
+free_save_area:
+	__free_page(sd->save_area);
+free_cpu_data:
 	kfree(sd);
-	return r;
+	return -ENOMEM;
 
 }

[v2] KVM: SVM: Fix potential memory leak in svm_cpu_init()

Commit Message

Comments

Patch