KVM: fix memory leak in kvm_io_bus_unregister_dev() (840e124f) · Commits · e / devices / android_kernel_fairphone_FP3

virt/kvm/kvm_main.c

+12 −9

Original line number	Diff line number	Diff line
		@@ -3639,7 +3639,7 @@ int kvm_io_bus_register_dev(struct kvm *kvm, enum kvm_bus bus_idx, gpa_t addr,
		void kvm_io_bus_unregister_dev(struct kvm *kvm, enum kvm_bus bus_idx,
		struct kvm_io_device *dev)
		{
		int i;
		int i, j;
		struct kvm_io_bus new_bus, bus;

		bus = kvm->buses[bus_idx];
		@@ -3656,17 +3656,20 @@ void kvm_io_bus_unregister_dev(struct kvm *kvm, enum kvm_bus bus_idx,

		new_bus = kmalloc(sizeof(bus) + ((bus->dev_count - 1)
		sizeof(struct kvm_io_range)), GFP_KERNEL);
		if (!new_bus) {
		pr_err("kvm: failed to shrink bus, removing it completely\n");
		goto broken;
		}

		if (new_bus) {
		memcpy(new_bus, bus, sizeof(bus) + i sizeof(struct kvm_io_range));
		new_bus->dev_count--;
		memcpy(new_bus->range + i, bus->range + i + 1,
		(new_bus->dev_count - i) * sizeof(struct kvm_io_range));
		} else {
		pr_err("kvm: failed to shrink bus, removing it completely\n");
		for (j = 0; j < bus->dev_count; j++) {
		if (j == i)
		continue;
		kvm_iodevice_destructor(bus->range[j].dev);
		}
		}

		broken:
		rcu_assign_pointer(kvm->buses[bus_idx], new_bus);
		synchronize_srcu_expedited(&kvm->srcu);
		kfree(bus);