| Message ID | 20191106082636.GB31923@mwanda (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | kvm: Fix NULL dereference doing kvm_create_vm() | expand |
The same patch was already sent by Wanpeng Li. See https://lore.kernel.org/lkml/1572848879-21011-1-git-send-email-wanpengli@tencent.com/ On 06.11.19 09:26, Dan Carpenter wrote: > If init_srcu_struct() or init_srcu_struct() fails then this function > returns ERR_PTR(0) which is NULL. It leads to a NULL dereference in the > caller. > > Fixes: 9121923c457d ("kvm: Allocate memslots and buses before calling kvm_arch_init_vm") > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> > --- > virt/kvm/kvm_main.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c > index d16d2054e937..91971811fa5f 100644 > --- a/virt/kvm/kvm_main.c > +++ b/virt/kvm/kvm_main.c > @@ -675,6 +675,7 @@ static struct kvm *kvm_create_vm(unsigned long type) > INIT_HLIST_HEAD(&kvm->irq_ack_notifier_list); > #endif > > + r = -ENOMEM; > if (init_srcu_struct(&kvm->srcu)) > goto out_err_no_srcu; > if (init_srcu_struct(&kvm->irq_srcu)) >
On 06/11/19 09:30, Christian Borntraeger wrote: > The same patch was already sent by Wanpeng Li. > > See > https://lore.kernel.org/lkml/1572848879-21011-1-git-send-email-wanpengli@tencent.com/ I'm also going to send a somewhat different version today (hopefully). Stay tuned... Paolo
On Wed, 6 Nov 2019 at 17:46, Paolo Bonzini <pbonzini@redhat.com> wrote: > > On 06/11/19 09:30, Christian Borntraeger wrote: > > The same patch was already sent by Wanpeng Li. > > > > See > > https://lore.kernel.org/lkml/1572848879-21011-1-git-send-email-wanpengli@tencent.com/ > > I'm also going to send a somewhat different version today (hopefully). > Stay tuned... You can move forward if patches there. Wanpeng
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index d16d2054e937..91971811fa5f 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -675,6 +675,7 @@ static struct kvm *kvm_create_vm(unsigned long type) INIT_HLIST_HEAD(&kvm->irq_ack_notifier_list); #endif + r = -ENOMEM; if (init_srcu_struct(&kvm->srcu)) goto out_err_no_srcu; if (init_srcu_struct(&kvm->irq_srcu))
If init_srcu_struct() or init_srcu_struct() fails then this function returns ERR_PTR(0) which is NULL. It leads to a NULL dereference in the caller. Fixes: 9121923c457d ("kvm: Allocate memslots and buses before calling kvm_arch_init_vm") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> --- virt/kvm/kvm_main.c | 1 + 1 file changed, 1 insertion(+)