Received: by 2002:a05:6a10:413:0:0:0:0 with SMTP id 19csp2873584pxp; Tue, 8 Mar 2022 03:44:21 -0800 (PST) X-Google-Smtp-Source: ABdhPJwBsBxkhoHkshY22/fRguaGPErL5DyN+JRY/Gy8SdZMxy9s2LiBF5PbIUDRY+ZByt9cOMsS X-Received: by 2002:a17:90b:388c:b0:1bf:4047:c7c6 with SMTP id mu12-20020a17090b388c00b001bf4047c7c6mr4288578pjb.24.1646739861005; Tue, 08 Mar 2022 03:44:21 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1646739860; cv=none; d=google.com; s=arc-20160816; b=m6RON0K+1j9N+LecW/IARkiZl0HRz9eFTs1Th86AS2LJxE71BEv1X74kSwAUAFBEhH E64owh8yJa+r5SPlvRmnArcWGwo9sWCijqQzydJAhdgKYG/48qQ9kwRowm0qEHIP9hst uGYWjuWTOsqwwVVB72pCyeCZR0Jm6sQHlWtZw+sujDqq+nMly9B+ZklXt+RJT1tRi7bU H1SBrf8pclnWV6y3mWcfJ5+oerSPhr1X0QqCrcDR2SnK8v/n3LUznz20RJQ9yS6umUrI onpuCfnE7Qzunaj6WdNPFAz+ETaDyPmbCNMtcP/TRZY5cT7E5p+CLoIxdY+TL9t19V07 M0pw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=WTPf4+AOQGgbq7pMLk9eUh6WofGxRz5W+7NnL1Nfx+w=; b=yC0tItjFwnbhhP2DxBRyCqKcWLxV9AlnG43sheE99IR3fIDunOkTIi4tULEnDN9zZR IHK1t/nYuTyO9UKxkeTtIjtk2xJUgmGiT7wDpDkmfQ7bJYFUzNY2SBk+bbBD7x/ZsiJR vovXSFab87fO5Gh/dLEQWvYgk94SYjz+5KmU8lWY2uKuWzjusCcIqvPaZ3tUe65YLkai 0obP2B1DqVpr6MNAe31JP7wua0MGWKjNfB+FTc0bnak8ZXpUZ7RImdxsmbxTsHgUt5JP UaNdTW/4JRvHFkM4DH85gdA53B9oEK24KF9tkIi9wnFqMFrU2Ob5DrYFi/m7GJNpK9QY J7bg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=nD1K+wHr; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q16-20020a056a00085000b004e1d48a623fsi16706093pfk.279.2022.03.08.03.44.06; Tue, 08 Mar 2022 03:44:20 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=nD1K+wHr; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345662AbiCHKPk (ORCPT + 99 others); Tue, 8 Mar 2022 05:15:40 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49206 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345627AbiCHKPi (ORCPT ); Tue, 8 Mar 2022 05:15:38 -0500 Received: from mail-yw1-x1132.google.com (mail-yw1-x1132.google.com [IPv6:2607:f8b0:4864:20::1132]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 866993B2B5 for ; Tue, 8 Mar 2022 02:14:41 -0800 (PST) Received: by mail-yw1-x1132.google.com with SMTP id 00721157ae682-2dbd97f9bfcso195420977b3.9 for ; Tue, 08 Mar 2022 02:14:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=WTPf4+AOQGgbq7pMLk9eUh6WofGxRz5W+7NnL1Nfx+w=; b=nD1K+wHr6IgLBaC/CEXc+rLxJKRnZZ1emaCQCpniaLobfFEnYkfAOZmr72z4E9XcSM xTh9kEXLOAasKxtA7DHHunHD9FmhgnrPrNpQy0ho+TA+0EStSDo6abRcWN/2waFLOTw1 eYwwHuToPXLkH4WhsS6DD17G5ETsOgn0F30vlq4lx4s5u+ZUSrHS1lUTNJJGULAGPgp1 yT2ZP7Fg7o706oPj0+9eSXpd9IRJTQb6PKOYiNI99AKe82Dd0HCXzN6hQ2xbqeuuqyE5 KlHEsdy861WQqj/WyA4Ax39y4KN5LtDK6hEUMxYRaMVGJYbini/hor6VMaUmmhLlW46S HoxA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=WTPf4+AOQGgbq7pMLk9eUh6WofGxRz5W+7NnL1Nfx+w=; b=KORgU5Six8eLguef82pDWFdmviyWLxe30Wu6fibquuP0hcz46BxXeaNTjxTVvSQ3Rm ZJbrAXrsV6VpyMCUC1NGRB8EhLRyODCElp7tcZxlpTE6bAoMa5o7O8U0olh1xp4HGBVl ApfxLkw93JYLAyElAMBJqwifcct7VN4wEZZNPyz3lqJWDSLEimzEJY3f7ceRzPC9tAZp yJJ8RG6PnOqLb+qo8ZGDWGoFLvu63AO+ieTWEuPwrfrkPVeGj9CweBOtVxseiAWf3td9 8Fpx7CLfe+he2Y7TUWT6zJ20gKxt19GmAdrKEqd3Nw8YG69QjmBTSpi38usTLbymfoYc 1f3w== X-Gm-Message-State: AOAM533iAhF/gW7NPU71S8MIuRQ99yEDxEuPgtWahjRvFgZCalR1wj+u qZO+ejdkEu2l1ssj15ZcpbrZvOLuwZ1svZpsagU= X-Received: by 2002:a81:8306:0:b0:2dc:2180:c754 with SMTP id t6-20020a818306000000b002dc2180c754mr12062055ywf.70.1646734480705; Tue, 08 Mar 2022 02:14:40 -0800 (PST) MIME-Version: 1.0 References: <20220308092047.1008409-1-butterflyhuangxx@gmail.com> In-Reply-To: From: butt3rflyh4ck Date: Tue, 8 Mar 2022 18:14:31 +0800 Message-ID: Subject: Re: [PATCH] virt: acrn: fix a memory leak in acrn_dev_ioctl() To: Greg KH Cc: fei1.li@intel.com, LKML Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org No, not yet. I just code audit. Regards, butt3rflyh4ck. On Tue, Mar 8, 2022 at 5:56 PM Greg KH wrote: > > On Tue, Mar 08, 2022 at 05:20:47PM +0800, Xiaolong Huang wrote: > > The vm_param and cpu_regs need to be freed via kfree() > > before return -EINVAL error. > > > > Fixes: 9c5137aedd11 ("virt: acrn: Introduce VM management interfaces") > > Fixes: 2ad2aaee1bc9 ("virt: acrn: Introduce an ioctl to set vCPU registers state") > > Signed-off-by: Xiaolong Huang > > Signed-off-by: Fei Li > > --- > > drivers/virt/acrn/hsm.c | 20 +++++++++++++++----- > > 1 file changed, 15 insertions(+), 5 deletions(-) > > > > diff --git a/drivers/virt/acrn/hsm.c b/drivers/virt/acrn/hsm.c > > index 5419794fccf1..423ea888d79a 100644 > > --- a/drivers/virt/acrn/hsm.c > > +++ b/drivers/virt/acrn/hsm.c > > @@ -136,8 +136,10 @@ static long acrn_dev_ioctl(struct file *filp, unsigned int cmd, > > if (IS_ERR(vm_param)) > > return PTR_ERR(vm_param); > > > > - if ((vm_param->reserved0 | vm_param->reserved1) != 0) > > + if ((vm_param->reserved0 | vm_param->reserved1) != 0) { > > + kfree(vm_param); > > return -EINVAL; > > + } > > > > vm = acrn_vm_create(vm, vm_param); > > if (!vm) { > > @@ -182,21 +184,29 @@ static long acrn_dev_ioctl(struct file *filp, unsigned int cmd, > > return PTR_ERR(cpu_regs); > > > > for (i = 0; i < ARRAY_SIZE(cpu_regs->reserved); i++) > > - if (cpu_regs->reserved[i]) > > + if (cpu_regs->reserved[i]) { > > + kfree(cpu_regs); > > return -EINVAL; > > + } > > > > for (i = 0; i < ARRAY_SIZE(cpu_regs->vcpu_regs.reserved_32); i++) > > - if (cpu_regs->vcpu_regs.reserved_32[i]) > > + if (cpu_regs->vcpu_regs.reserved_32[i]) { > > + kfree(cpu_regs); > > return -EINVAL; > > + } > > > > for (i = 0; i < ARRAY_SIZE(cpu_regs->vcpu_regs.reserved_64); i++) > > - if (cpu_regs->vcpu_regs.reserved_64[i]) > > + if (cpu_regs->vcpu_regs.reserved_64[i]) { > > + kfree(cpu_regs); > > return -EINVAL; > > + } > > > > for (i = 0; i < ARRAY_SIZE(cpu_regs->vcpu_regs.gdt.reserved); i++) > > if (cpu_regs->vcpu_regs.gdt.reserved[i] | > > - cpu_regs->vcpu_regs.idt.reserved[i]) > > + cpu_regs->vcpu_regs.idt.reserved[i]) { > > + kfree(cpu_regs); > > return -EINVAL; > > + } > > > > ret = hcall_set_vcpu_regs(vm->vmid, virt_to_phys(cpu_regs)); > > if (ret < 0) > > > > base-commit: 5859a2b1991101d6b978f3feb5325dad39421f29 > > -- > > 2.25.1 > > > > How did you test this? -- Active Defense Lab of Venustech