diff options
| author | Cédric Le Goater <clg@kaod.org> | 2019-07-18 23:51:54 +0200 |
|---|---|---|
| committer | Michael Ellerman <mpe@ellerman.id.au> | 2019-07-19 13:41:12 +1000 |
| commit | 9798f4ea71eaf8eaad7e688c5b298528089c7bf8 (patch) | |
| tree | 48da83581c241db13960f4188f9c1664e7ccb9e6 /arch | |
| parent | 4d202c8c8ed3822327285747db1765967110b274 (diff) | |
| download | linux-9798f4ea71eaf8eaad7e688c5b298528089c7bf8.tar.bz2 | |
KVM: PPC: Book3S HV: XIVE: fix rollback when kvmppc_xive_create fails
The XIVE device structure is now allocated in kvmppc_xive_get_device()
and kfree'd in kvmppc_core_destroy_vm(). In case of an OPAL error when
allocating the XIVE VPs, the kfree() call in kvmppc_xive_*create()
will result in a double free and corrupt the host memory.
Fixes: 5422e95103cf ("KVM: PPC: Book3S HV: XIVE: Replace the 'destroy' method by a 'release' method")
Cc: stable@vger.kernel.org # v5.2+
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Tested-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/6ea6998b-a890-2511-01d1-747d7621eb19@kaod.org
Diffstat (limited to 'arch')
| -rw-r--r-- | arch/powerpc/kvm/book3s_xive.c | 4 | ||||
| -rw-r--r-- | arch/powerpc/kvm/book3s_xive_native.c | 4 |
2 files changed, 3 insertions, 5 deletions
diff --git a/arch/powerpc/kvm/book3s_xive.c b/arch/powerpc/kvm/book3s_xive.c index 6ca0d7376a9f..e3ba67095895 100644 --- a/arch/powerpc/kvm/book3s_xive.c +++ b/arch/powerpc/kvm/book3s_xive.c @@ -1986,10 +1986,8 @@ static int kvmppc_xive_create(struct kvm_device *dev, u32 type) xive->single_escalation = xive_native_has_single_escalation(); - if (ret) { - kfree(xive); + if (ret) return ret; - } return 0; } diff --git a/arch/powerpc/kvm/book3s_xive_native.c b/arch/powerpc/kvm/book3s_xive_native.c index 5596c8ec221a..a998823f68a3 100644 --- a/arch/powerpc/kvm/book3s_xive_native.c +++ b/arch/powerpc/kvm/book3s_xive_native.c @@ -1090,9 +1090,9 @@ static int kvmppc_xive_native_create(struct kvm_device *dev, u32 type) xive->ops = &kvmppc_xive_native_ops; if (ret) - kfree(xive); + return ret; - return ret; + return 0; } /* |