Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp2265587pxk;
        Mon, 14 Sep 2020 08:48:03 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJzvHZFTk4HzbFzI1jCSseNJ94IFlY6iKPuCbUtJMAeV4tn+wpGhte57qr59JSYFdNVfcZha
X-Received: by 2002:a17:906:4956:: with SMTP id f22mr14648933ejt.62.1600098483623;
        Mon, 14 Sep 2020 08:48:03 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1600098483; cv=none;
        d=google.com; s=arc-20160816;
        b=YTK/0ZPXq3THJA8sEuXMp4bGRHGzaMslvdcELhpdC+qxxVXmhV73Hh+lE1ccGlt1q0
         P7FGhKA8UMe8isO3kMJ0rbNDDdnMAAb3ojJmtKlNO/jpe6xKbLfpqeywn8S+vK0SbjWM
         7wokRWbyJK5MkVav0FPEmbcKIxFWGn/6UruBTibVgg5tQQChkCEmDIkRmXDAbsxLZisP
         rVocJCAJpPOX6O0b9KobrBcFDCsoeYUhRbUC9TJpr0ZiRT8zAO6OdYK8oEb3Sab+66FY
         vI/UlDLT5+M7I1JXpqDO0FKGdChTkK1lUMNdOU7aY6B2SELEBpK1mwhiC/hzlnN33Nsn
         Jvog==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date;
        bh=9y5jXiBn5cxNHAAHyF3K8d5EESRIHu/eq5Ss2ZEVYi8=;
        b=B/BTp3n5bYu40DffwFkrlcUFaX570zULy61D032bMHpoVr1ulyW7fnkMub5CWqDEhl
         Z/AtJ8X9Pb+h/0sm+HhWsaU1owDyoWCUqBzZxlGIypmovVg9b1rS5d+LUJxvWbRnO9ZL
         dKT1nGbvuk4gMSEFi9P6LQJS1vJle9BEPh8PgMGH7+fu24ymkhpuRqufvXodyj1KfuqN
         mF9z2F+SKHDoyFL+b1/aJ+v0yCjPsoetIQeZgLYK/GvAmGEt7LmVPm5B40xlZNlbANvR
         VpqOSjqi+xtu5PLwc3MB7e32oIANB56yrrw8DQwfdPic1GUxs2agyl5D/ru+FbQfNRcm
         xIQw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id q7si7275088ejd.647.2020.09.14.08.47.41;
        Mon, 14 Sep 2020 08:48:03 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726189AbgINPqy (ORCPT <rfc822;ketanpantkp@gmail.com>
        + 99 others); Mon, 14 Sep 2020 11:46:54 -0400
Received: from mx2.suse.de ([195.135.220.15]:51856 "EHLO mx2.suse.de"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726137AbgINPoj (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 14 Sep 2020 11:44:39 -0400
X-Virus-Scanned: by amavisd-new at test-mx.suse.de
Received: from relay2.suse.de (unknown [195.135.221.27])
        by mx2.suse.de (Postfix) with ESMTP id 49067ACCF;
        Mon, 14 Sep 2020 15:44:48 +0000 (UTC)
Date:   Mon, 14 Sep 2020 17:44:30 +0200
From:   Joerg Roedel <jroedel@suse.de>
To:     Vitaly Kuznetsov <vkuznets@redhat.com>
Cc:     x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
        Borislav Petkov <bp@alien8.de>,
        Paolo Bonzini <pbonzini@redhat.com>,
        Sean Christopherson <sean.j.christopherson@intel.com>,
        Wanpeng Li <wanpengli@tencent.com>,
        Jim Mattson <jmattson@google.com>,
        Dan Carpenter <dan.carpenter@oracle.com>,
        Colin King <colin.king@canonical.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@redhat.com>
Subject: Re: [PATCH tip] KVM: nSVM: avoid freeing uninitialized pointers in
 svm_set_nested_state()
Message-ID: <20200914154430.GE4414@suse.de>
References: <20200914133725.650221-1-vkuznets@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20200914133725.650221-1-vkuznets@redhat.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, Sep 14, 2020 at 03:37:25PM +0200, Vitaly Kuznetsov wrote:
> The save and ctl pointers are passed uninitialized to kfree() when
> svm_set_nested_state() follows the 'goto out_set_gif' path. While
> the issue could've been fixed by initializing these on-stack varialbles
> to NULL, it seems preferable to eliminate 'out_set_gif' label completely
> as it is not actually a failure path and duplicating a single svm_set_gif()
> call doesn't look too bad.
> 
> Fixes: 6ccbd29ade0d ("KVM: SVM: nested: Don't allocate VMCB structures on stack")
> Addresses-Coverity: ("Uninitialized pointer read")
> Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
> Reported-by: Joerg Roedel <jroedel@suse.de>
> Reported-by: Colin King <colin.king@canonical.com>
> Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>

Acked-by: Joerg Roedel <jroedel@suse.de>