Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp2241150pxk;
        Mon, 14 Sep 2020 08:12:26 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJwChFfMzb/zURcfHe+liX2QqE2Bodu8/s7MgJeZFqDAS0L0UdlUlkHa1uLl81spk8Pw/xQR
X-Received: by 2002:a17:906:5f8a:: with SMTP id a10mr14805762eju.502.1600096346272;
        Mon, 14 Sep 2020 08:12:26 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1600096346; cv=none;
        d=google.com; s=arc-20160816;
        b=JunBAg75ouAoSqt+ukfooXcx8pSlwS8DK2VJHIHg6yDZWq6GGu1rRe8/4WIOB6v5s2
         i6yKpm3Gy2p9uIHvn48lZa+vzv21Npzr/HnJc0XEJo074TqnS7njkN7BkdB6z89MwHFr
         bf48IAotTVNI+EKKqMFYVnaTVMy3949b6r1QqPXorhA8bWGWiX9JlmJuNcYi/K7Ki0Zq
         pUJ0i9wAdmpFCg2kAYxhFUgL1ttbJaVMF+aLqjSJgE7cUlJYmkBERdJ3Yo6U+anHXY7o
         6Hx0CeDWRMhwDJcyqX/zXbN4eYDmttBspwlhfKho1XkW3uyoWtwRadmPISSD35dEtdbD
         kYxw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date:ironport-sdr:ironport-sdr;
        bh=SWKcZ8X/Iu0mZpmE9nV4Zc+4MVFfDhFyqAL8Nu7SZZg=;
        b=EBJE+xth27c5X9FMKMzZaBXWw+2d0bnfKhuGW9OwUmYDJw4+x3jQJFX3L8EXgKMBLQ
         O2yJibbjU6o3+s0jDdQ7YEGvbJS6KNId/H+zuT0saPojkooj7QDb8mVEnsaZjSw5McIX
         +azhcw5iDpwgT3ARFfpHh22mJTDOcMviCOmKY/5V2a2tV/ulgBDOhcZ5AAhybJ7tY44w
         JqnDGp+pAt4UD4Iaa18KGl0GtPX9gu8YiyUvsiEjIlS+o8/khKJ4MRTR/jrAkcOEcpIi
         /a/tPCy4OVgpuMLhkmnRUGb3LDonVhNUbrOgnok/ZNemBG8xwkM4JdXn/8T+cmhLheOK
         9BJA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id fy26si7461096ejb.319.2020.09.14.08.12.03;
        Mon, 14 Sep 2020 08:12:26 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726364AbgINPLO (ORCPT <rfc822;ketanpantkp@gmail.com>
        + 99 others); Mon, 14 Sep 2020 11:11:14 -0400
Received: from mga12.intel.com ([192.55.52.136]:49958 "EHLO mga12.intel.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726196AbgINPKn (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 14 Sep 2020 11:10:43 -0400
IronPort-SDR: miyeDnmuLLeex+Prc1eTQcv9PcF6i4+LBCvjXYVvf5rkp5ziBjwfmXDvdeDhlvRKOlC4T4J4Mf
 qxs0pmiFZj9Q==
X-IronPort-AV: E=McAfee;i="6000,8403,9744"; a="138598591"
X-IronPort-AV: E=Sophos;i="5.76,426,1592895600"; 
   d="scan'208";a="138598591"
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga008.fm.intel.com ([10.253.24.58])
  by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Sep 2020 08:10:41 -0700
IronPort-SDR: KkLa6eYD0Q7rxcvdqHWuq1CSPJH4bi5Sw1Sv+VGHkpe2kxGCTHMLroycW1flryiElnZiQyKrht
 4GUDwyeMdrXQ==
X-IronPort-AV: E=Sophos;i="5.76,426,1592895600"; 
   d="scan'208";a="287649586"
Received: from sjchrist-ice.jf.intel.com (HELO sjchrist-ice) ([10.54.31.34])
  by fmsmga008-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Sep 2020 08:10:40 -0700
Date:   Mon, 14 Sep 2020 08:10:39 -0700
From:   Sean Christopherson <sean.j.christopherson@intel.com>
To:     Vitaly Kuznetsov <vkuznets@redhat.com>
Cc:     x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
        Borislav Petkov <bp@alien8.de>,
        Paolo Bonzini <pbonzini@redhat.com>,
        Wanpeng Li <wanpengli@tencent.com>,
        Jim Mattson <jmattson@google.com>,
        Joerg Roedel <jroedel@suse.de>,
        Dan Carpenter <dan.carpenter@oracle.com>,
        Colin King <colin.king@canonical.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@redhat.com>
Subject: Re: [PATCH tip] KVM: nSVM: avoid freeing uninitialized pointers in
 svm_set_nested_state()
Message-ID: <20200914151039.GC6855@sjchrist-ice>
References: <20200914133725.650221-1-vkuznets@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20200914133725.650221-1-vkuznets@redhat.com>
User-Agent: Mutt/1.9.4 (2018-02-28)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, Sep 14, 2020 at 03:37:25PM +0200, Vitaly Kuznetsov wrote:
> The save and ctl pointers are passed uninitialized to kfree() when
> svm_set_nested_state() follows the 'goto out_set_gif' path. While
> the issue could've been fixed by initializing these on-stack varialbles
> to NULL, it seems preferable to eliminate 'out_set_gif' label completely
> as it is not actually a failure path and duplicating a single svm_set_gif()
> call doesn't look too bad.
> 
> Fixes: 6ccbd29ade0d ("KVM: SVM: nested: Don't allocate VMCB structures on stack")
> Addresses-Coverity: ("Uninitialized pointer read")
> Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
> Reported-by: Joerg Roedel <jroedel@suse.de>
> Reported-by: Colin King <colin.king@canonical.com>
> Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
> ---

Reviewed-by: Sean Christopherson <sean.j.christopherson@intel.com>