From patchwork Fri Oct 13 13:17:34 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Christoffer Dall <christoffer.dall@linaro.org>
X-Patchwork-Id: 10004717
Return-Path: 
 <linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	642AF602B3 for <patchwork-linux-arm@patchwork.kernel.org>;
	Fri, 13 Oct 2017 13:18:23 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5478528C0C
	for <patchwork-linux-arm@patchwork.kernel.org>;
	Fri, 13 Oct 2017 13:18:23 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 4927E2901A; Fri, 13 Oct 2017 13:18:23 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1
Received: from bombadil.infradead.org (bombadil.infradead.org
	[65.50.211.133])
	(using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 06A0728C0C
	for <patchwork-linux-arm@patchwork.kernel.org>;
	Fri, 13 Oct 2017 13:18:22 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20170209; h=Sender:
	Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe:
	List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Message-Id:Date:
	Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date:
	Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:
	References:List-Owner; bh=i7Amnd/+bN6cNFTyXu29Ssg5zB780z+/TkJVSB7DBWk=;
	b=WoT
	Ks1S00jYFwB+zW7Rv79WFDZBhH21FT+o7Q08sJ43iYuCujo51pTSfAeXjqksxe93QAfoKQ3uqZImp
	b6DRfcrojlW1YKl56phTqfnJQ9Ibd60efSZzTd029MvghaU/rqsM+eZde9BDA1RzkitczoV1xJUVm
	78FkM4bKDm8gbqnKuE2Z/KXUFOZVlQU5g+mbAG6IZ+Sx3VgiMFuYF8ZZd0zKnybGqUB2RrhiLVpYV
	ayZmqgBcmH/L+QmmNaXoEKjHhlcBYtpGfJaJWrRG6KTx8lIkFbxNu1xhsEQhqxYj4NJeVbXwyzvQS
	sgDlRUeWRHNwW+IuUw2sR4HoU/Z6ujw==;
Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.87 #1 (Red Hat Linux))
	id 1e2zqh-0003W7-83; Fri, 13 Oct 2017 13:17:59 +0000
Received: from mail-wm0-x22b.google.com ([2a00:1450:400c:c09::22b])
	by bombadil.infradead.org with esmtps (Exim 4.87 #1 (Red Hat Linux))
	id 1e2zqd-0003Ve-K0 for linux-arm-kernel@lists.infradead.org;
	Fri, 13 Oct 2017 13:17:57 +0000
Received: by mail-wm0-x22b.google.com with SMTP id l68so21728159wmd.5
	for <linux-arm-kernel@lists.infradead.org>;
	Fri, 13 Oct 2017 06:17:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google;
	h=from:to:cc:subject:date:message-id;
	bh=uiyKC+vbq8ciVaK2vS03iL6PXdCc6d1J65vT9wthQGg=;
	b=S2XicngTdvo66H/F3M77v5HKu9xVyF9RdeffC5JOiM8kZaQkTr/vKH4ELZjCw2yhE0
	kYqTXI1EKziTrdRcpIJgFzEDWZnwgN1HdPm+4A+UKasff4Aonx3UtXRZobtte1DDXUNT
	wKpRqce9lbrQHlzYjsId0Xkwhe/pIIZZgDgpg=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id;
	bh=uiyKC+vbq8ciVaK2vS03iL6PXdCc6d1J65vT9wthQGg=;
	b=adav7CGZHnJhnWhaJl61091gVuIKWdDrTolYIE9yxZIh7KFksmT+hQbYdv5dyL4T6D
	AFa+H6jmwTJhHZEq2PuWrwbYr2VGHSNXQ0tTpkb3XKsM11CQvmeAWHUWrQ0kflaThfZn
	kN8aZQBB/vsACa/6aL5e1n0M9Chz7leOXZk3MkgPZf/FUdgOWoqP6ioyj+q4Qs74GvPP
	aXWYWpNZAPXrS6wEWQuZSsTyCTKC7hTDCtKfh34Q22LC3YUjmCZssYBxN1IeOHwDdKcO
	xU78wKk8yA+IkkcBeJeeW/zUy/mt8Te53yW1APjyC++AOgL09o3oC1Zwq0LayQV+TWTh
	9mmA==
X-Gm-Message-State: AMCzsaUDW1MJbW3SC2Q/tZMwkNaq9Oj7LVt9SNQRAeU2twMw5mb14fs2
	zFq5L2u+s0HEkm9dd3WMuaSOWw==
X-Google-Smtp-Source: 
 AOwi7QCQrV9GFz0PxCJpJHBjM4pnXuWPSTesT7LdhmnQjvrKqk1UBnJKcBYVSnV89jntmV+sWAqZ1w==
X-Received: by 10.80.128.133 with SMTP id 5mr2201176edb.114.1507900653266;
	Fri, 13 Oct 2017 06:17:33 -0700 (PDT)
Received: from localhost.localdomain (xd93dd96b.cust.hiper.dk.
	[217.61.217.107]) by smtp.gmail.com with ESMTPSA id
	i61sm801849edc.32.2017.10.13.06.17.32
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Fri, 13 Oct 2017 06:17:32 -0700 (PDT)
From: Christoffer Dall <christoffer.dall@linaro.org>
To: kvmarm@lists.cs.columbia.edu,
	linux-arm-kernel@lists.infradead.org
Subject: [PATCH v2] KVM: arm64: its: Fix missing dynamic allocation check in
	scan_its_table
Date: Fri, 13 Oct 2017 15:17:34 +0200
Message-Id: <20171013131734.16485-1-christoffer.dall@linaro.org>
X-Mailer: git-send-email 2.9.0
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20171013_061755_820172_4A9D5EA5 
X-CRM114-Status: GOOD (  12.88  )
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <linux-arm-kernel.lists.infradead.org>
List-Unsubscribe: 
 <http://lists.infradead.org/mailman/options/linux-arm-kernel>,
	<mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/>
List-Post: <mailto:linux-arm-kernel@lists.infradead.org>
List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>
List-Subscribe: 
 <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>,
	<mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
Cc: kvm@vger.kernel.org, Marc Zyngier <marc.zyngier@arm.com>,
	Andre Przywara <andre.przywara@arm.com>, stable@vger.kernel.org,
	Eric Auger <eric.auger@redhat.com>,
	Christoffer Dall <christoffer.dall@linaro.org>
MIME-Version: 1.0
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: 
 linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org
X-Virus-Scanned: ClamAV using ClamSMTP

We currently allocate an entry dynamically, but we never check if the
allocation actually succeeded.  We actually don't need a dynamic
allocation, because we know the maximum size of an ITS table entry, so
we can simply use an allocation on the stack.

Cc: <stable@vger.kernel.org>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Reviewed-by: Marc Zyngier <marc.zyngier@arm.com>
---
 virt/kvm/arm/vgic/vgic-its.c | 18 +++++++-----------
 1 file changed, 7 insertions(+), 11 deletions(-)

diff --git a/virt/kvm/arm/vgic/vgic-its.c b/virt/kvm/arm/vgic/vgic-its.c
index f51c1e1..1d2668b 100644
--- a/virt/kvm/arm/vgic/vgic-its.c
+++ b/virt/kvm/arm/vgic/vgic-its.c
@@ -1801,37 +1801,33 @@ typedef int (*entry_fn_t)(struct vgic_its *its, u32 id, void *entry,
 static int scan_its_table(struct vgic_its *its, gpa_t base, int size, int esz,
 			  int start_id, entry_fn_t fn, void *opaque)
 {
-	void *entry = kzalloc(esz, GFP_KERNEL);
 	struct kvm *kvm = its->dev->kvm;
 	unsigned long len = size;
 	int id = start_id;
 	gpa_t gpa = base;
+	char entry[esz]
 	int ret;
 
+	memset(entry, 0, esz);
+
 	while (len > 0) {
 		int next_offset;
 		size_t byte_offset;
 
 		ret = kvm_read_guest(kvm, gpa, entry, esz);
 		if (ret)
-			goto out;
+			return ret;
 
 		next_offset = fn(its, id, entry, opaque);
-		if (next_offset <= 0) {
-			ret = next_offset;
-			goto out;
-		}
+		if (next_offset <= 0)
+			return next_offset;
 
 		byte_offset = next_offset * esz;
 		id += next_offset;
 		gpa += byte_offset;
 		len -= byte_offset;
 	}
-	ret =  1;
-
-out:
-	kfree(entry);
-	return ret;
+	return 1;
 }
 
 /**