diff options
| author | Cédric Le Goater <clg@kaod.org> | 2019-07-18 23:51:54 +0200 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2019-07-31 07:24:57 +0200 |
| commit | 373108886c3120cb92f50b92016087d9b562575b (patch) | |
| tree | 75ca59ec25ca858d840b3a55a21a20567fbab024 | |
| parent | 13135247b77192d51e7bd6f95220e645ab1b6537 (diff) | |
| download | linux-373108886c3120cb92f50b92016087d9b562575b.tar.gz linux-373108886c3120cb92f50b92016087d9b562575b.tar.bz2 linux-373108886c3120cb92f50b92016087d9b562575b.zip | |
KVM: PPC: Book3S HV: XIVE: fix rollback when kvmppc_xive_create fails
commit 9798f4ea71eaf8eaad7e688c5b298528089c7bf8 upstream.
The XIVE device structure is now allocated in kvmppc_xive_get_device()
and kfree'd in kvmppc_core_destroy_vm(). In case of an OPAL error when
allocating the XIVE VPs, the kfree() call in kvmppc_xive_*create()
will result in a double free and corrupt the host memory.
Fixes: 5422e95103cf ("KVM: PPC: Book3S HV: XIVE: Replace the 'destroy' method by a 'release' method")
Cc: stable@vger.kernel.org # v5.2+
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Tested-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/6ea6998b-a890-2511-01d1-747d7621eb19@kaod.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| -rw-r--r-- | arch/powerpc/kvm/book3s_xive.c | 4 | ||||
| -rw-r--r-- | arch/powerpc/kvm/book3s_xive_native.c | 4 |
2 files changed, 3 insertions, 5 deletions
diff --git a/arch/powerpc/kvm/book3s_xive.c b/arch/powerpc/kvm/book3s_xive.c index 6ca0d7376a9f..e3ba67095895 100644 --- a/arch/powerpc/kvm/book3s_xive.c +++ b/arch/powerpc/kvm/book3s_xive.c @@ -1986,10 +1986,8 @@ static int kvmppc_xive_create(struct kvm_device *dev, u32 type) xive->single_escalation = xive_native_has_single_escalation(); - if (ret) { - kfree(xive); + if (ret) return ret; - } return 0; } diff --git a/arch/powerpc/kvm/book3s_xive_native.c b/arch/powerpc/kvm/book3s_xive_native.c index 5596c8ec221a..a998823f68a3 100644 --- a/arch/powerpc/kvm/book3s_xive_native.c +++ b/arch/powerpc/kvm/book3s_xive_native.c @@ -1090,9 +1090,9 @@ static int kvmppc_xive_native_create(struct kvm_device *dev, u32 type) xive->ops = &kvmppc_xive_native_ops; if (ret) - kfree(xive); + return ret; - return ret; + return 0; } /* |