diff options
author | Cédric Le Goater <clg@kaod.org> | 2019-07-18 23:51:54 +0200 |
---|---|---|
committer | Michael Ellerman <mpe@ellerman.id.au> | 2019-07-19 13:41:12 +1000 |
commit | 9798f4ea71eaf8eaad7e688c5b298528089c7bf8 (patch) | |
tree | 48da83581c241db13960f4188f9c1664e7ccb9e6 /arch/powerpc/kvm/book3s_xive.c | |
parent | 4d202c8c8ed3822327285747db1765967110b274 (diff) | |
download | lwn-9798f4ea71eaf8eaad7e688c5b298528089c7bf8.tar.gz lwn-9798f4ea71eaf8eaad7e688c5b298528089c7bf8.zip |
KVM: PPC: Book3S HV: XIVE: fix rollback when kvmppc_xive_create fails
The XIVE device structure is now allocated in kvmppc_xive_get_device()
and kfree'd in kvmppc_core_destroy_vm(). In case of an OPAL error when
allocating the XIVE VPs, the kfree() call in kvmppc_xive_*create()
will result in a double free and corrupt the host memory.
Fixes: 5422e95103cf ("KVM: PPC: Book3S HV: XIVE: Replace the 'destroy' method by a 'release' method")
Cc: stable@vger.kernel.org # v5.2+
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Tested-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/6ea6998b-a890-2511-01d1-747d7621eb19@kaod.org
Diffstat (limited to 'arch/powerpc/kvm/book3s_xive.c')
-rw-r--r-- | arch/powerpc/kvm/book3s_xive.c | 4 |
1 files changed, 1 insertions, 3 deletions
diff --git a/arch/powerpc/kvm/book3s_xive.c b/arch/powerpc/kvm/book3s_xive.c index 6ca0d7376a9f..e3ba67095895 100644 --- a/arch/powerpc/kvm/book3s_xive.c +++ b/arch/powerpc/kvm/book3s_xive.c @@ -1986,10 +1986,8 @@ static int kvmppc_xive_create(struct kvm_device *dev, u32 type) xive->single_escalation = xive_native_has_single_escalation(); - if (ret) { - kfree(xive); + if (ret) return ret; - } return 0; } |