Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a1a005f3 authored by Avi Kivity's avatar Avi Kivity
Browse files

KVM: Fix xsave and xcr save/restore memory leak 



We allocate temporary kernel buffers for these structures, but never free them.

Signed-off-by: default avatarAvi Kivity <avi@redhat.com>
parent 7d5993d6

arch/x86/kvm/x86.c

+4 −8
Original line number Diff line number Diff line
@@ -2437,6 +2437,8 @@ long kvm_arch_vcpu_ioctl(struct file *filp, 
	void __user *argp = (void __user *)arg;

	int r;

	struct kvm_lapic_state *lapic = NULL;

	struct kvm_xsave *xsave = NULL;

	struct kvm_xcrs *xcrs = NULL;



	switch (ioctl) {

	case KVM_GET_LAPIC: {
@@ -2632,8 +2634,6 @@ long kvm_arch_vcpu_ioctl(struct file *filp, 
		break;

	}

	case KVM_GET_XSAVE: {

		struct kvm_xsave *xsave;



		xsave = kzalloc(sizeof(struct kvm_xsave), GFP_KERNEL);

		r = -ENOMEM;

		if (!xsave)
@@ -2648,8 +2648,6 @@ long kvm_arch_vcpu_ioctl(struct file *filp, 
		break;

	}

	case KVM_SET_XSAVE: {

		struct kvm_xsave *xsave;



		xsave = kzalloc(sizeof(struct kvm_xsave), GFP_KERNEL);

		r = -ENOMEM;

		if (!xsave)
@@ -2663,8 +2661,6 @@ long kvm_arch_vcpu_ioctl(struct file *filp, 
		break;

	}

	case KVM_GET_XCRS: {

		struct kvm_xcrs *xcrs;



		xcrs = kzalloc(sizeof(struct kvm_xcrs), GFP_KERNEL);

		r = -ENOMEM;

		if (!xcrs)
@@ -2680,8 +2676,6 @@ long kvm_arch_vcpu_ioctl(struct file *filp, 
		break;

	}

	case KVM_SET_XCRS: {

		struct kvm_xcrs *xcrs;



		xcrs = kzalloc(sizeof(struct kvm_xcrs), GFP_KERNEL);

		r = -ENOMEM;

		if (!xcrs)
@@ -2700,6 +2694,8 @@ long kvm_arch_vcpu_ioctl(struct file *filp, 
	}

out:

	kfree(lapic);

	kfree(xsave);

	kfree(xcrs);

	return r;

}