[PATCH] KVM: fix possible coalesced_mmio_ring page leaks.

[PATCH] KVM: fix possible coalesced_mmio_ring page leaks.

[Xiubo Li]

It forgets to free coalesced_mmio_ring page after the anon_inode_getfd
fails.

Signed-off-by: Xiubo Li <lixiubo@cmss.chinamobile.com>
---
 virt/kvm/kvm_main.c | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index 8579f18..85e8106 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -2784,16 +2784,22 @@ static int kvm_dev_ioctl_create_vm(unsigned long type)
 		return PTR_ERR(kvm);
 #ifdef KVM_COALESCED_MMIO_PAGE_OFFSET
 	r = kvm_coalesced_mmio_init(kvm);
-	if (r < 0) {
-		kvm_put_kvm(kvm);
-		return r;
-	}
+	if (r < 0)
+		goto out_put_kvm;
 #endif
 	r = anon_inode_getfd("kvm-vm", &kvm_vm_fops, kvm, O_RDWR | O_CLOEXEC);
 	if (r < 0)
-		kvm_put_kvm(kvm);
+		goto out_mmio_free;
 
 	return r;
+
+out_mmio_free:
+#ifdef KVM_COALESCED_MMIO_PAGE_OFFSET
+	kvm_coalesced_mmio_free(kvm);
+#endif
+out_put_kvm:
+	kvm_put_kvm(kvm);
+	return r;
 }
 
 static long kvm_dev_ioctl(struct file *filp,
-- 
1.9.1

Re: [PATCH] KVM: fix possible coalesced_mmio_ring page leaks.

[Marcelo Tosatti]

On Thu, Feb 12, 2015 at 12:58:21PM +0800, Xiubo Li wrote:
> It forgets to free coalesced_mmio_ring page after the anon_inode_getfd
> fails.
> 
> Signed-off-by: Xiubo Li <lixiubo@cmss.chinamobile.com>
> ---
>  virt/kvm/kvm_main.c | 16 +++++++++++-----
>  1 file changed, 11 insertions(+), 5 deletions(-)
> 
> diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
> index 8579f18..85e8106 100644
> --- a/virt/kvm/kvm_main.c
> +++ b/virt/kvm/kvm_main.c
> @@ -2784,16 +2784,22 @@ static int kvm_dev_ioctl_create_vm(unsigned long type)
>  		return PTR_ERR(kvm);
>  #ifdef KVM_COALESCED_MMIO_PAGE_OFFSET
>  	r = kvm_coalesced_mmio_init(kvm);
> -	if (r < 0) {
> -		kvm_put_kvm(kvm);
> -		return r;
> -	}
> +	if (r < 0)
> +		goto out_put_kvm;
>  #endif
>  	r = anon_inode_getfd("kvm-vm", &kvm_vm_fops, kvm, O_RDWR | O_CLOEXEC);
>  	if (r < 0)
> -		kvm_put_kvm(kvm);
> +		goto out_mmio_free;

kvm_put_kvm -> kvm_destroy_vm -> kvm_coalesced_mmio_free.

Re: [PATCH] KVM: fix possible coalesced_mmio_ring page leaks.

[Xiubo Li]

On 25/02/2015 00:44, Marcelo Tosatti wrote:
> On Thu, Feb 12, 2015 at 12:58:21PM +0800, Xiubo Li wrote:
>> It forgets to free coalesced_mmio_ring page after the anon_inode_getfd
>> fails.
>>
>> Signed-off-by: Xiubo Li <lixiubo@cmss.chinamobile.com>
>> ---
>>   virt/kvm/kvm_main.c | 16 +++++++++++-----
>>   1 file changed, 11 insertions(+), 5 deletions(-)
>>
>> diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
>> index 8579f18..85e8106 100644
>> --- a/virt/kvm/kvm_main.c
>> +++ b/virt/kvm/kvm_main.c
>> @@ -2784,16 +2784,22 @@ static int kvm_dev_ioctl_create_vm(unsigned long type)
>>   		return PTR_ERR(kvm);
>>   #ifdef KVM_COALESCED_MMIO_PAGE_OFFSET
>>   	r = kvm_coalesced_mmio_init(kvm);
>> -	if (r < 0) {
>> -		kvm_put_kvm(kvm);
>> -		return r;
>> -	}
>> +	if (r < 0)
>> +		goto out_put_kvm;
>>   #endif
>>   	r = anon_inode_getfd("kvm-vm", &kvm_vm_fops, kvm, O_RDWR | O_CLOEXEC);
>>   	if (r < 0)
>> -		kvm_put_kvm(kvm);
>> +		goto out_mmio_free;
> kvm_put_kvm -> kvm_destroy_vm -> kvm_coalesced_mmio_free.
>
Yes, it is.

As in my mind that who use it, it will be whose duty to release it.

Thanks,

BRs
Xiubo