diff options
author | Christoffer Dall <christoffer.dall@linaro.org> | 2017-10-13 11:40:11 +0200 |
---|---|---|
committer | Christoffer Dall <christoffer.dall@linaro.org> | 2017-10-13 19:49:48 +0200 |
commit | 8c1a8a32438b95792bbd8719d1cd4fe36e9eba03 (patch) | |
tree | 1284583b20609d07db7dd30ebc61c5a1b8d7327b /virt | |
parent | 8a5776a5f49812d29fe4b2d0a2d71675c3facf3f (diff) | |
download | lwn-8c1a8a32438b95792bbd8719d1cd4fe36e9eba03.tar.gz lwn-8c1a8a32438b95792bbd8719d1cd4fe36e9eba03.zip |
KVM: arm64: its: Fix missing dynamic allocation check in scan_its_table
We currently allocate an entry dynamically, but we never check if the
allocation actually succeeded. We actually don't need a dynamic
allocation, because we know the maximum size of an ITS table entry, so
we can simply use an allocation on the stack.
Cc: <stable@vger.kernel.org>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Diffstat (limited to 'virt')
-rw-r--r-- | virt/kvm/arm/vgic/vgic-its.c | 18 |
1 files changed, 7 insertions, 11 deletions
diff --git a/virt/kvm/arm/vgic/vgic-its.c b/virt/kvm/arm/vgic/vgic-its.c index f51c1e1b3f70..77652885a7c1 100644 --- a/virt/kvm/arm/vgic/vgic-its.c +++ b/virt/kvm/arm/vgic/vgic-its.c @@ -1801,37 +1801,33 @@ typedef int (*entry_fn_t)(struct vgic_its *its, u32 id, void *entry, static int scan_its_table(struct vgic_its *its, gpa_t base, int size, int esz, int start_id, entry_fn_t fn, void *opaque) { - void *entry = kzalloc(esz, GFP_KERNEL); struct kvm *kvm = its->dev->kvm; unsigned long len = size; int id = start_id; gpa_t gpa = base; + char entry[esz]; int ret; + memset(entry, 0, esz); + while (len > 0) { int next_offset; size_t byte_offset; ret = kvm_read_guest(kvm, gpa, entry, esz); if (ret) - goto out; + return ret; next_offset = fn(its, id, entry, opaque); - if (next_offset <= 0) { - ret = next_offset; - goto out; - } + if (next_offset <= 0) + return next_offset; byte_offset = next_offset * esz; id += next_offset; gpa += byte_offset; len -= byte_offset; } - ret = 1; - -out: - kfree(entry); - return ret; + return 1; } /** |