| Message ID | 20260316151612.13305-1-osama.abdelkader@gmail.com |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [v2] riscv: kvm: fix vector context allocation leak | expand |
Hi Osama, Thanks for spotting this, On Mon, Mar 16, 2026 at 10:16 AM Osama Abdelkader <osama.abdelkader@gmail.com> wrote: > > When the second kzalloc (host_context.vector.datap) fails in > kvm_riscv_vcpu_alloc_vector_context, the first allocation > (guest_context.vector.datap) is leaked. Free it before returning. > > Fixes: 0f4b82579716 ("riscv: KVM: Add vector lazy save/restore support") > Cc: stable@vger.kernel.org > Signed-off-by: Osama Abdelkader <osama.abdelkader@gmail.com> Reviewed-by: Andy Chiu <andybnac@gmail.com> > --- > v2: > - Add Fixes: tag > - Add Cc: stable@vger.kernel.org > --- > arch/riscv/kvm/vcpu_vector.c | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) > > diff --git a/arch/riscv/kvm/vcpu_vector.c b/arch/riscv/kvm/vcpu_vector.c > index 05f3cc2d8e31..5b6ad82d47be 100644 > --- a/arch/riscv/kvm/vcpu_vector.c > +++ b/arch/riscv/kvm/vcpu_vector.c > @@ -80,8 +80,11 @@ int kvm_riscv_vcpu_alloc_vector_context(struct kvm_vcpu *vcpu) > return -ENOMEM; > > vcpu->arch.host_context.vector.datap = kzalloc(riscv_v_vsize, GFP_KERNEL); > - if (!vcpu->arch.host_context.vector.datap) > + if (!vcpu->arch.host_context.vector.datap) { > + kfree(vcpu->arch.guest_context.vector.datap); > + vcpu->arch.guest_context.vector.datap = NULL; > return -ENOMEM; > + } > > return 0; > } > -- > 2.43.0 >
On Mon, Mar 16, 2026 at 8:46 PM Osama Abdelkader <osama.abdelkader@gmail.com> wrote: > > When the second kzalloc (host_context.vector.datap) fails in > kvm_riscv_vcpu_alloc_vector_context, the first allocation > (guest_context.vector.datap) is leaked. Free it before returning. > > Fixes: 0f4b82579716 ("riscv: KVM: Add vector lazy save/restore support") > Cc: stable@vger.kernel.org > Signed-off-by: Osama Abdelkader <osama.abdelkader@gmail.com> Queued this patch for Linux-7.1 Thanks, Anup > --- > v2: > - Add Fixes: tag > - Add Cc: stable@vger.kernel.org > --- > arch/riscv/kvm/vcpu_vector.c | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) > > diff --git a/arch/riscv/kvm/vcpu_vector.c b/arch/riscv/kvm/vcpu_vector.c > index 05f3cc2d8e31..5b6ad82d47be 100644 > --- a/arch/riscv/kvm/vcpu_vector.c > +++ b/arch/riscv/kvm/vcpu_vector.c > @@ -80,8 +80,11 @@ int kvm_riscv_vcpu_alloc_vector_context(struct kvm_vcpu *vcpu) > return -ENOMEM; > > vcpu->arch.host_context.vector.datap = kzalloc(riscv_v_vsize, GFP_KERNEL); > - if (!vcpu->arch.host_context.vector.datap) > + if (!vcpu->arch.host_context.vector.datap) { > + kfree(vcpu->arch.guest_context.vector.datap); > + vcpu->arch.guest_context.vector.datap = NULL; > return -ENOMEM; > + } > > return 0; > } > -- > 2.43.0 >
diff --git a/arch/riscv/kvm/vcpu_vector.c b/arch/riscv/kvm/vcpu_vector.c index 05f3cc2d8e31..5b6ad82d47be 100644 --- a/arch/riscv/kvm/vcpu_vector.c +++ b/arch/riscv/kvm/vcpu_vector.c @@ -80,8 +80,11 @@ int kvm_riscv_vcpu_alloc_vector_context(struct kvm_vcpu *vcpu) return -ENOMEM; vcpu->arch.host_context.vector.datap = kzalloc(riscv_v_vsize, GFP_KERNEL); - if (!vcpu->arch.host_context.vector.datap) + if (!vcpu->arch.host_context.vector.datap) { + kfree(vcpu->arch.guest_context.vector.datap); + vcpu->arch.guest_context.vector.datap = NULL; return -ENOMEM; + } return 0; }
When the second kzalloc (host_context.vector.datap) fails in kvm_riscv_vcpu_alloc_vector_context, the first allocation (guest_context.vector.datap) is leaked. Free it before returning. Fixes: 0f4b82579716 ("riscv: KVM: Add vector lazy save/restore support") Cc: stable@vger.kernel.org Signed-off-by: Osama Abdelkader <osama.abdelkader@gmail.com> --- v2: - Add Fixes: tag - Add Cc: stable@vger.kernel.org --- arch/riscv/kvm/vcpu_vector.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-)