[PATCH] riscv/kvm: fix guest vector leak on host alloc failure

public inbox for kvm@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH] riscv/kvm: fix guest vector leak on host alloc failure
@ 2026-03-28  9:21 Yufan Chen
  2026-03-28 10:06 ` Anup Patel
  0 siblings, 1 reply; 2+ messages in thread
From: Yufan Chen @ 2026-03-28  9:21 UTC (permalink / raw)
  To: Anup Patel, Atish Patra, Paul Walmsley, Palmer Dabbelt, Albert Ou,
	Alexandre Ghiti, kvm, kvm-riscv, linux-riscv, linux-kernel
  Cc: yufan.chen, Yufan Chen

From: Yufan Chen <ericterminal@gmail.com>

When allocating vector context for a vCPU, guest_context.vector.datap is allocated before host_context.vector.datap. If the second allocation fails, the function returns -ENOMEM directly and leaks the guest buffer.

Switch the failure path to centralized cleanup. On host allocation failure, free guest_context.vector.datap, clear the pointer, and return -ENOMEM through a shared exit label.

Signed-off-by: Yufan Chen <ericterminal@gmail.com>
---
 arch/riscv/kvm/vcpu_vector.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/arch/riscv/kvm/vcpu_vector.c b/arch/riscv/kvm/vcpu_vector.c
index 05f3cc2d8..4c2f92dce 100644
--- a/arch/riscv/kvm/vcpu_vector.c
+++ b/arch/riscv/kvm/vcpu_vector.c
@@ -75,15 +75,23 @@ void kvm_riscv_vcpu_host_vector_restore(struct kvm_cpu_context *cntx)
 
 int kvm_riscv_vcpu_alloc_vector_context(struct kvm_vcpu *vcpu)
 {
+	int rc = -ENOMEM;
+
 	vcpu->arch.guest_context.vector.datap = kzalloc(riscv_v_vsize, GFP_KERNEL);
 	if (!vcpu->arch.guest_context.vector.datap)
-		return -ENOMEM;
+		goto out;
 
 	vcpu->arch.host_context.vector.datap = kzalloc(riscv_v_vsize, GFP_KERNEL);
 	if (!vcpu->arch.host_context.vector.datap)
-		return -ENOMEM;
+		goto free_guest_vector_datap;
 
 	return 0;
+
+free_guest_vector_datap:
+	kfree(vcpu->arch.guest_context.vector.datap);
+	vcpu->arch.guest_context.vector.datap = NULL;
+out:
+	return rc;
 }
 
 void kvm_riscv_vcpu_free_vector_context(struct kvm_vcpu *vcpu)
-- 
2.47.3


^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH] riscv/kvm: fix guest vector leak on host alloc failure
  2026-03-28  9:21 [PATCH] riscv/kvm: fix guest vector leak on host alloc failure Yufan Chen
@ 2026-03-28 10:06 ` Anup Patel
  0 siblings, 0 replies; 2+ messages in thread
From: Anup Patel @ 2026-03-28 10:06 UTC (permalink / raw)
  To: Yufan Chen
  Cc: Atish Patra, Paul Walmsley, Palmer Dabbelt, Albert Ou,
	Alexandre Ghiti, kvm, kvm-riscv, linux-riscv, linux-kernel,
	Yufan Chen

On Sat, Mar 28, 2026 at 2:52 PM Yufan Chen <yufan.chen@linux.dev> wrote:
>
> From: Yufan Chen <ericterminal@gmail.com>
>
> When allocating vector context for a vCPU, guest_context.vector.datap is allocated before host_context.vector.datap. If the second allocation fails, the function returns -ENOMEM directly and leaks the guest buffer.
>
> Switch the failure path to centralized cleanup. On host allocation failure, free guest_context.vector.datap, clear the pointer, and return -ENOMEM through a shared exit label.
>
> Signed-off-by: Yufan Chen <ericterminal@gmail.com>

This is already fixed by patch "riscv: kvm: fix vector context allocation leak".

Regards,
Anup

> ---
>  arch/riscv/kvm/vcpu_vector.c | 12 ++++++++++--
>  1 file changed, 10 insertions(+), 2 deletions(-)
>
> diff --git a/arch/riscv/kvm/vcpu_vector.c b/arch/riscv/kvm/vcpu_vector.c
> index 05f3cc2d8..4c2f92dce 100644
> --- a/arch/riscv/kvm/vcpu_vector.c
> +++ b/arch/riscv/kvm/vcpu_vector.c
> @@ -75,15 +75,23 @@ void kvm_riscv_vcpu_host_vector_restore(struct kvm_cpu_context *cntx)
>
>  int kvm_riscv_vcpu_alloc_vector_context(struct kvm_vcpu *vcpu)
>  {
> +       int rc = -ENOMEM;
> +
>         vcpu->arch.guest_context.vector.datap = kzalloc(riscv_v_vsize, GFP_KERNEL);
>         if (!vcpu->arch.guest_context.vector.datap)
> -               return -ENOMEM;
> +               goto out;
>
>         vcpu->arch.host_context.vector.datap = kzalloc(riscv_v_vsize, GFP_KERNEL);
>         if (!vcpu->arch.host_context.vector.datap)
> -               return -ENOMEM;
> +               goto free_guest_vector_datap;
>
>         return 0;
> +
> +free_guest_vector_datap:
> +       kfree(vcpu->arch.guest_context.vector.datap);
> +       vcpu->arch.guest_context.vector.datap = NULL;
> +out:
> +       return rc;
>  }
>
>  void kvm_riscv_vcpu_free_vector_context(struct kvm_vcpu *vcpu)
> --
> 2.47.3
>

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2026-03-28 10:06 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-03-28  9:21 [PATCH] riscv/kvm: fix guest vector leak on host alloc failure Yufan Chen
2026-03-28 10:06 ` Anup Patel

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox