SVM: nSVM: fix resource leak on error path

Message ID	20200914194557.10158-1-alex.dewar90@gmail.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <SRS0=+Hxv=CX=vger.kernel.org=kvm-owner@kernel.org> From: Alex Dewar <alex.dewar90@gmail.com> Cc: Alex Dewar <alex.dewar90@gmail.com>, Paolo Bonzini <pbonzini@redhat.com>, Sean Christopherson <sean.j.christopherson@intel.com>, Vitaly Kuznetsov <vkuznets@redhat.com>, Wanpeng Li <wanpengli@tencent.com>, Jim Mattson <jmattson@google.com>, Joerg Roedel <joro@8bytes.org>, Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>, x86@kernel.org, "H. Peter Anvin" <hpa@zytor.com>, Maxim Levitsky <mlevitsk@redhat.com>, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH] SVM: nSVM: fix resource leak on error path Date: Mon, 14 Sep 2020 20:45:57 +0100 Message-Id: <20200914194557.10158-1-alex.dewar90@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit To: unlisted-recipients:; (no To-header on input) Sender: kvm-owner@vger.kernel.org Precedence: bulk
Series	SVM: nSVM: fix resource leak on error path \| expand SVM: nSVM: fix resource leak on error path

Message ID

20200914194557.10158-1-alex.dewar90@gmail.com (mailing list archive)

State

New, archived

Headers

From: Alex Dewar <alex.dewar90@gmail.com>
Cc: Alex Dewar <alex.dewar90@gmail.com>,
        Paolo Bonzini <pbonzini@redhat.com>,
        Sean Christopherson <sean.j.christopherson@intel.com>,
        Vitaly Kuznetsov <vkuznets@redhat.com>,
        Wanpeng Li <wanpengli@tencent.com>,
        Jim Mattson <jmattson@google.com>,
        Joerg Roedel <joro@8bytes.org>,
        Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
        x86@kernel.org, "H. Peter Anvin" <hpa@zytor.com>,
        Maxim Levitsky <mlevitsk@redhat.com>, kvm@vger.kernel.org,
        linux-kernel@vger.kernel.org
Subject: [PATCH] SVM: nSVM: fix resource leak on error path
Date: Mon, 14 Sep 2020 20:45:57 +0100
Message-Id: <20200914194557.10158-1-alex.dewar90@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
To: unlisted-recipients:; (no To-header on input)
Sender: kvm-owner@vger.kernel.org
Precedence: bulk

Series

SVM: nSVM: fix resource leak on error path | expand

Commit Message

Alex Dewar Sept. 14, 2020, 7:45 p.m. UTC

In svm_set_nested_state(), if nested_svm_vmrun_msrpm() returns false,
then variables save and ctl will leak. Fix this.

Fixes: 772b81bb2f9b ("SVM: nSVM: setup nested msr permission bitmap on nested state load")
Signed-off-by: Alex Dewar <alex.dewar90@gmail.com>
---
 arch/x86/kvm/svm/nested.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Maxim Levitsky Sept. 15, 2020, 9:07 a.m. UTC | #1

On Mon, 2020-09-14 at 20:45 +0100, Alex Dewar wrote:
> In svm_set_nested_state(), if nested_svm_vmrun_msrpm() returns false,
> then variables save and ctl will leak. Fix this.
> 
> Fixes: 772b81bb2f9b ("SVM: nSVM: setup nested msr permission bitmap on nested state load")
> Signed-off-by: Alex Dewar <alex.dewar90@gmail.com>
> ---
>  arch/x86/kvm/svm/nested.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c
> index 598a769f1961..85f572cbabe4 100644
> --- a/arch/x86/kvm/svm/nested.c
> +++ b/arch/x86/kvm/svm/nested.c
> @@ -1148,7 +1148,7 @@ static int svm_set_nested_state(struct kvm_vcpu *vcpu,
>  	nested_prepare_vmcb_control(svm);
>  
>  	if (!nested_svm_vmrun_msrpm(svm))
> -		return -EINVAL;
> +		goto out_free;	/* ret == -EINVAL */
>  
>  out_set_gif:
>  	svm_set_gif(svm, !!(kvm_state->flags & KVM_STATE_NESTED_GIF_SET));

I think that this patch is based on unmerged patch, since I don't see
any memory allocation in nested_svm_vmrun_msrpm, nor out_free label.
in nether kvm/master, kvm/queue nor in upstream/master

If I recall correctly that would be something about allocating ctrl/save
dynamically rather than on stack.

Best regards,
	Maxim Levitsky

Borislav Petkov Sept. 15, 2020, 9:15 a.m. UTC | #2

On Tue, Sep 15, 2020 at 12:07:25PM +0300, Maxim Levitsky wrote:
> I think that this patch is based on unmerged patch, since I don't see
> any memory allocation in nested_svm_vmrun_msrpm, nor out_free label.
> in nether kvm/master, kvm/queue nor in upstream/master

Paolo and I need to figure out first how to share the SEV-ES enablement
work and the other patches touching that file and then pile more fixes
ontop.

Alex Dewar Sept. 16, 2020, 4:44 p.m. UTC | #3

On Tue, Sep 15, 2020 at 11:15:02AM +0200, Borislav Petkov wrote:
> On Tue, Sep 15, 2020 at 12:07:25PM +0300, Maxim Levitsky wrote:
> > I think that this patch is based on unmerged patch, since I don't see
> > any memory allocation in nested_svm_vmrun_msrpm, nor out_free label.
> > in nether kvm/master, kvm/queue nor in upstream/master
> 
> Paolo and I need to figure out first how to share the SEV-ES enablement
> work and the other patches touching that file and then pile more fixes
> ontop.

Sorry for the noise! I didn't realise this was a work in progress --
Coverity picked it up.

> 
> -- 
> Regards/Gruss,
>     Boris.
> 
> https://people.kernel.org/tglx/notes-about-netiquette

diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c
index 598a769f1961..85f572cbabe4 100644
--- a/arch/x86/kvm/svm/nested.c
+++ b/arch/x86/kvm/svm/nested.c
@@ -1148,7 +1148,7 @@  static int svm_set_nested_state(struct kvm_vcpu *vcpu,
 	nested_prepare_vmcb_control(svm);
 
 	if (!nested_svm_vmrun_msrpm(svm))
-		return -EINVAL;
+		goto out_free;	/* ret == -EINVAL */
 
 out_set_gif:
 	svm_set_gif(svm, !!(kvm_state->flags & KVM_STATE_NESTED_GIF_SET));

SVM: nSVM: fix resource leak on error path

Commit Message

Comments

Patch