leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
811f95ff95
linux/arch/x86/kvm
History
Sean Christopherson 811f95ff95 KVM: x86: Free kvm_cpuid_entry2 array on post-KVM_RUN KVM_SET_CPUID{,2} 
Free the "struct kvm_cpuid_entry2" array on successful post-KVM_RUN
KVM_SET_CPUID{,2} to fix a memory leak, the callers of kvm_set_cpuid()
free the array only on failure.

 BUG: memory leak
 unreferenced object 0xffff88810963a800 (size 2048):
  comm "syz-executor025", pid 3610, jiffies 4294944928 (age 8.080s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 0d 00 00 00  ................
    47 65 6e 75 6e 74 65 6c 69 6e 65 49 00 00 00 00  GenuntelineI....
  backtrace:
    [<ffffffff814948ee>] kmalloc_node include/linux/slab.h:604 [inline]
    [<ffffffff814948ee>] kvmalloc_node+0x3e/0x100 mm/util.c:580
    [<ffffffff814950f2>] kvmalloc include/linux/slab.h:732 [inline]
    [<ffffffff814950f2>] vmemdup_user+0x22/0x100 mm/util.c:199
    [<ffffffff8109f5ff>] kvm_vcpu_ioctl_set_cpuid2+0x8f/0xf0 arch/x86/kvm/cpuid.c:423
    [<ffffffff810711b9>] kvm_arch_vcpu_ioctl+0xb99/0x1e60 arch/x86/kvm/x86.c:5251
    [<ffffffff8103e92d>] kvm_vcpu_ioctl+0x4ad/0x950 arch/x86/kvm/../../../virt/kvm/kvm_main.c:4066
    [<ffffffff815afacc>] vfs_ioctl fs/ioctl.c:51 [inline]
    [<ffffffff815afacc>] __do_sys_ioctl fs/ioctl.c:874 [inline]
    [<ffffffff815afacc>] __se_sys_ioctl fs/ioctl.c:860 [inline]
    [<ffffffff815afacc>] __x64_sys_ioctl+0xfc/0x140 fs/ioctl.c:860
    [<ffffffff844a3335>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff844a3335>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84600068>] entry_SYSCALL_64_after_hwframe+0x44/0xae

Fixes: c6617c61e8 ("KVM: x86: Partially allow KVM_SET_CPUID{,2} after KVM_RUN")
Cc: stable@vger.kernel.org
Reported-by: syzbot+be576ad7655690586eec@syzkaller.appspotmail.com
Signed-off-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20220125210445.2053429-1-seanjc@google.com>
Reviewed-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-01-26 12:42:31 -05:00
..
mmu KVM: x86/mmu: Improve TLB flush comment in kvm_mmu_slot_remove_write_access() 2022-01-19 12:09:07 -05:00
svm KVM: x86: Forcibly leave nested virt when SMM state is toggled 2022-01-26 12:15:03 -05:00
vmx KVM: nVMX: WARN on any attempt to allocate shadow VMCS for vmcs02 2022-01-26 12:15:04 -05:00
cpuid.c KVM: x86: Free kvm_cpuid_entry2 array on post-KVM_RUN KVM_SET_CPUID{,2} 2022-01-26 12:42:31 -05:00
cpuid.h kvm: x86: Add support for getting/setting expanded xstate buffer 2022-01-14 13:44:41 -05:00
debugfs.c Merge branch 'kvm-pi-raw-spinlock' into HEAD 2022-01-19 12:14:02 -05:00
emulate.c KVM: x86: Update vPMCs when retiring branch instructions 2022-01-07 10:44:43 -05:00
fpu.h KVM: x86: Move FPU register accessors into fpu.h 2021-06-17 13:09:24 -04:00
hyperv.c Merge remote-tracking branch 'kvm/master' into HEAD 2021-12-21 12:51:09 -05:00
hyperv.h KVM: x86: Query vcpu->vcpu_idx directly and drop its accessor 2021-09-22 10:33:11 -04:00
i8254.c KVM: Use 'unsigned long' as kvm_for_each_vcpu()'s index 2021-12-08 04:24:15 -05:00
i8254.h
i8259.c KVM: Use 'unsigned long' as kvm_for_each_vcpu()'s index 2021-12-08 04:24:15 -05:00
ioapic.c KVM: Use 'unsigned long' as kvm_for_each_vcpu()'s index 2021-12-08 04:24:15 -05:00
ioapic.h x86/kvm: remove unused ack_notifier callbacks 2021-11-18 07:05:57 -05:00
irq_comm.c KVM: x86/xen: Add KVM_IRQ_ROUTING_XEN_EVTCHN and event channel delivery 2022-01-07 10:44:45 -05:00
irq.c KVM: x86/xen: Add event channel interrupt vector upcall 2021-02-04 14:19:39 +00:00
irq.h x86/kvm: remove unused ack_notifier callbacks 2021-11-18 07:05:57 -05:00
Kconfig KVM: Reinstate gfn_to_pfn_cache with invalidation support 2022-01-07 10:44:44 -05:00
kvm_cache_regs.h KVM: X86: Remove kvm_register_clear_available() 2021-12-08 04:25:03 -05:00
kvm_emulate.h KVM: x86: Update vPMCs when retiring branch instructions 2022-01-07 10:44:43 -05:00
kvm_onhyperv.c KVM: Use 'unsigned long' as kvm_for_each_vcpu()'s index 2021-12-08 04:24:15 -05:00
kvm_onhyperv.h KVM: x86: hyper-v: Move the remote TLB flush logic out of vmx 2021-06-17 13:09:36 -04:00
lapic.c KVM: LAPIC: Also cancel preemption timer during SET_LAPIC 2022-01-26 12:14:58 -05:00
lapic.h KVM: x86: Rename kvm_lapic_enable_pv_eoi() 2021-11-11 10:56:22 -05:00
Makefile KVM: Add Makefile.kvm for common files, use it for x86 2021-12-09 12:56:02 -05:00
mmu.h KVM: X86: Add parameter huge_page_level to kvm_init_shadow_ept_mmu() 2021-12-08 04:25:12 -05:00
mtrr.c KVM: x86: Add helper to consolidate "raw" reserved GPA mask calculations 2021-02-04 09:27:30 -05:00
pmu.c KVM: x86/pmu: Use binary search to check filtered events 2022-01-19 12:11:26 -05:00
pmu.h KVM: x86: Update vPMCs when retiring instructions 2022-01-07 10:44:42 -05:00
reverse_cpuid.h KVM: SEV: Mask CPUID[0x8000001F].eax according to supported features 2021-04-26 05:27:15 -04:00
trace.h KVM: x86: add a tracepoint for APICv/AVIC interrupt delivery 2021-12-09 09:07:39 -05:00
tss.h
x86.c KVM: x86: Forcibly leave nested virt when SMM state is toggled 2022-01-26 12:15:03 -05:00
x86.h KVM: x86: Making the module parameter of vPMU more common 2022-01-17 12:56:03 -05:00
xen.c x86,kvm/xen: Remove superfluous .fixup usage 2022-01-24 08:53:00 -05:00
xen.h KVM: x86/xen: Add KVM_IRQ_ROUTING_XEN_EVTCHN and event channel delivery 2022-01-07 10:44:45 -05:00