In svm_set_nested_state(), if nested_svm_vmrun_msrpm() returns false,
then variables save and ctl will leak. Fix this.
Fixes: 772b81bb2f9b ("SVM: nSVM: setup nested msr permission bitmap on nested state load")
Signed-off-by: Alex Dewar <[email protected]>
---
arch/x86/kvm/svm/nested.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c
index 598a769f1961..85f572cbabe4 100644
--- a/arch/x86/kvm/svm/nested.c
+++ b/arch/x86/kvm/svm/nested.c
@@ -1148,7 +1148,7 @@ static int svm_set_nested_state(struct kvm_vcpu *vcpu,
nested_prepare_vmcb_control(svm);
if (!nested_svm_vmrun_msrpm(svm))
- return -EINVAL;
+ goto out_free; /* ret == -EINVAL */
out_set_gif:
svm_set_gif(svm, !!(kvm_state->flags & KVM_STATE_NESTED_GIF_SET));
--
2.28.0
On Mon, 2020-09-14 at 20:45 +0100, Alex Dewar wrote:
> In svm_set_nested_state(), if nested_svm_vmrun_msrpm() returns false,
> then variables save and ctl will leak. Fix this.
>
> Fixes: 772b81bb2f9b ("SVM: nSVM: setup nested msr permission bitmap on nested state load")
> Signed-off-by: Alex Dewar <[email protected]>
> ---
> arch/x86/kvm/svm/nested.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c
> index 598a769f1961..85f572cbabe4 100644
> --- a/arch/x86/kvm/svm/nested.c
> +++ b/arch/x86/kvm/svm/nested.c
> @@ -1148,7 +1148,7 @@ static int svm_set_nested_state(struct kvm_vcpu *vcpu,
> nested_prepare_vmcb_control(svm);
>
> if (!nested_svm_vmrun_msrpm(svm))
> - return -EINVAL;
> + goto out_free; /* ret == -EINVAL */
>
> out_set_gif:
> svm_set_gif(svm, !!(kvm_state->flags & KVM_STATE_NESTED_GIF_SET));
I think that this patch is based on unmerged patch, since I don't see
any memory allocation in nested_svm_vmrun_msrpm, nor out_free label.
in nether kvm/master, kvm/queue nor in upstream/master
If I recall correctly that would be something about allocating ctrl/save
dynamically rather than on stack.
Best regards,
Maxim Levitsky
On Tue, Sep 15, 2020 at 12:07:25PM +0300, Maxim Levitsky wrote:
> I think that this patch is based on unmerged patch, since I don't see
> any memory allocation in nested_svm_vmrun_msrpm, nor out_free label.
> in nether kvm/master, kvm/queue nor in upstream/master
Paolo and I need to figure out first how to share the SEV-ES enablement
work and the other patches touching that file and then pile more fixes
ontop.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
On Tue, Sep 15, 2020 at 11:15:02AM +0200, Borislav Petkov wrote:
> On Tue, Sep 15, 2020 at 12:07:25PM +0300, Maxim Levitsky wrote:
> > I think that this patch is based on unmerged patch, since I don't see
> > any memory allocation in nested_svm_vmrun_msrpm, nor out_free label.
> > in nether kvm/master, kvm/queue nor in upstream/master
>
> Paolo and I need to figure out first how to share the SEV-ES enablement
> work and the other patches touching that file and then pile more fixes
> ontop.
Sorry for the noise! I didn't realise this was a work in progress --
Coverity picked it up.
>
> --
> Regards/Gruss,
> Boris.
>
> https://people.kernel.org/tglx/notes-about-netiquette