KVM: Use kzalloc to avoid allocating kvm_regs from kernel stack (3e4bb3ac) · Commits · e / devices / android_kernel_xiaomi_nabu

virt/kvm/kvm_main.c

+22 −11

Original line number	Original line	Diff line number	Diff line
	@@ -852,28 +852,39 @@ static long kvm_vcpu_ioctl(struct file *filp,
	r = kvm_arch_vcpu_ioctl_run(vcpu, vcpu->run);		r = kvm_arch_vcpu_ioctl_run(vcpu, vcpu->run);
	break;		break;
	case KVM_GET_REGS: {		case KVM_GET_REGS: {
	struct kvm_regs kvm_regs;		struct kvm_regs *kvm_regs;

	memset(&kvm_regs, 0, sizeof kvm_regs);		r = -ENOMEM;
	r = kvm_arch_vcpu_ioctl_get_regs(vcpu, &kvm_regs);		kvm_regs = kzalloc(sizeof(struct kvm_regs), GFP_KERNEL);
	if (r)		if (!kvm_regs)
	goto out;		goto out;
			r = kvm_arch_vcpu_ioctl_get_regs(vcpu, kvm_regs);
			if (r)
			goto out_free1;
	r = -EFAULT;		r = -EFAULT;
	if (copy_to_user(argp, &kvm_regs, sizeof kvm_regs))		if (copy_to_user(argp, kvm_regs, sizeof(struct kvm_regs)))
	goto out;		goto out_free1;
	r = 0;		r = 0;
			out_free1:
			kfree(kvm_regs);
	break;		break;
	}		}
	case KVM_SET_REGS: {		case KVM_SET_REGS: {
	struct kvm_regs kvm_regs;		struct kvm_regs *kvm_regs;

	r = -EFAULT;		r = -ENOMEM;
	if (copy_from_user(&kvm_regs, argp, sizeof kvm_regs))		kvm_regs = kzalloc(sizeof(struct kvm_regs), GFP_KERNEL);
			if (!kvm_regs)
	goto out;		goto out;
	r = kvm_arch_vcpu_ioctl_set_regs(vcpu, &kvm_regs);		r = -EFAULT;
			if (copy_from_user(kvm_regs, argp, sizeof(struct kvm_regs)))
			goto out_free2;
			r = kvm_arch_vcpu_ioctl_set_regs(vcpu, kvm_regs);
	if (r)		if (r)
	goto out;		goto out_free2;
	r = 0;		r = 0;
			out_free2:
			kfree(kvm_regs);
	break;		break;
	}		}
	case KVM_GET_SREGS: {		case KVM_GET_SREGS: {