Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp185704pxk;
        Fri, 11 Sep 2020 04:09:21 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJz/paqzQ7JC4UDFmQvBJTNj6qZkYU+8zZqijYYbrv2dVR8GVqRhYojVmAaDZyPpxmAk/Zbg
X-Received: by 2002:aa7:dcd9:: with SMTP id w25mr1308685edu.280.1599822561235;
        Fri, 11 Sep 2020 04:09:21 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1599822561; cv=none;
        d=google.com; s=arc-20160816;
        b=z8iK04K1kN9TeenZ5aPgznBGHO5iq9HHbkwMMmcFNqqSFDHDm5SeTTDNGecgNP6Vx8
         duccSoSvBp4Eq7uAl9ykWgh5NwZqg43AbybAHJ+eu3pM7SHhFzqCTP27j3j5/IuKHVNh
         LqTYfoBzcw/AJJVIxwvx2UT7fvM5IGZHV/QNNcZQRiX9Ns62F3Vj1x9mGa50o8+cJLhG
         4Kp/D6KIV9Iy5JF/zKjfkJLiUbR5KTggwmaBNO/ElZ/NPyKoQUNbyOjhoFqy5ImHVf5h
         TFZThXcAzoiORImFH4pwPXgifzLQ5FmMTitTs8L7TU1xBlrPxqm6TCtlZQup081Rbg/z
         BTaA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from;
        bh=5HRA3IkbLs86TJW/zsN9sEG//D7yTl2yvW8Dmi1qj4A=;
        b=G2dYYXHe5t60cbdF2Md/6p/rRblyBoSPRZYk5g5T05H5ZZqVKdL46thqEWLva19oel
         0m+3c4N8vEwbPDI09lOYhBaF+YUIoPcklf1gxUeaxzOQOXnTbzrbt+IObU8lEANvLoU7
         XvyRUouOeoMa200So02fNCDXpHBmRhXjmWExj6MZ3I25i5MHmt5QfWENIax0U3Zk6khj
         H4So0STc3qaZqP+x+pRkwWjSRF1xUD8ptLGwGskE/EuQ9H6yBW82rzXe+UkPPO/cLegZ
         kPlZ3A2hPMEoyFqtD1VFqNj4czjl9wWt5ZSQ9+wNXRQ0CjM4CADaKKoob3BC/geeysLe
         YIYw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=canonical.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id b12si1053396edv.217.2020.09.11.04.08.58;
        Fri, 11 Sep 2020 04:09:21 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=canonical.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1725793AbgIKLH5 (ORCPT <rfc822;yuvraaj@gmail.com> + 99 others);
        Fri, 11 Sep 2020 07:07:57 -0400
Received: from youngberry.canonical.com ([91.189.89.112]:37556 "EHLO
        youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1725710AbgIKLHy (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 11 Sep 2020 07:07:54 -0400
Received: from 1.general.cking.uk.vpn ([10.172.193.212] helo=localhost)
        by youngberry.canonical.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
        (Exim 4.86_2)
        (envelope-from <colin.king@canonical.com>)
        id 1kGgtu-0006tV-Hl; Fri, 11 Sep 2020 11:07:30 +0000
From:   Colin King <colin.king@canonical.com>
To:     Paolo Bonzini <pbonzini@redhat.com>,
        Sean Christopherson <sean.j.christopherson@intel.com>,
        Vitaly Kuznetsov <vkuznets@redhat.com>,
        Wanpeng Li <wanpengli@tencent.com>,
        Jim Mattson <jmattson@google.com>,
        Joerg Roedel <joro@8bytes.org>,
        Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
        x86@kernel.org (maintainer:X86 ARCHITECTURE),
        "H . Peter Anvin" <hpa@zytor.com>, kvm@vger.kernel.org
Cc:     kernel-janitors@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH][next] KVM: SVM: nested: fix free of uninitialized pointers save and ctl
Date:   Fri, 11 Sep 2020 12:07:30 +0100
Message-Id: <20200911110730.24238-1-colin.king@canonical.com>
X-Mailer: git-send-email 2.27.0
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Colin Ian King <colin.king@canonical.com>

Currently the error exit path to outt_set_gif will kfree on uninitialized
pointers save and ctl.  Fix this by ensuring these pointers are
inintialized to NULL to avoid garbage pointer freeing.

Addresses-Coverity: ("Uninitialized pointer read")
Fixes: 6ccbd29ade0d ("KVM: SVM: nested: Don't allocate VMCB structures on stack")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
---
 arch/x86/kvm/svm/nested.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c
index 28036629abf8..2b15f49f9e5a 100644
--- a/arch/x86/kvm/svm/nested.c
+++ b/arch/x86/kvm/svm/nested.c
@@ -1060,8 +1060,8 @@ static int svm_set_nested_state(struct kvm_vcpu *vcpu,
 	struct vmcb *hsave = svm->nested.hsave;
 	struct vmcb __user *user_vmcb = (struct vmcb __user *)
 		&user_kvm_nested_state->data.svm[0];
-	struct vmcb_control_area *ctl;
-	struct vmcb_save_area *save;
+	struct vmcb_control_area *ctl = NULL;
+	struct vmcb_save_area *save = NULL;
 	int ret;
 	u32 cr0;
 
-- 
2.27.0