Patch "KVM: arm64: its: Fix missing dynamic allocation check in scan_its_table" has been added to the 4.13-stable tree

<gregkh@xxxxxxxxxxxxxxxxxxx> · Sun, 05 Nov 2017 15:44:38 +0100

This is a note to let you know that I've just added the patch titled

    KVM: arm64: its: Fix missing dynamic allocation check in scan_its_table

to the 4.13-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     kvm-arm64-its-fix-missing-dynamic-allocation-check-in-scan_its_table.patch
and it can be found in the queue-4.13 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From 8c1a8a32438b95792bbd8719d1cd4fe36e9eba03 Mon Sep 17 00:00:00 2001
From: Christoffer Dall <christoffer.dall@xxxxxxxxxx>
Date: Fri, 13 Oct 2017 11:40:11 +0200
Subject: KVM: arm64: its: Fix missing dynamic allocation check in scan_its_table

From: Christoffer Dall <christoffer.dall@xxxxxxxxxx>

commit 8c1a8a32438b95792bbd8719d1cd4fe36e9eba03 upstream.

We currently allocate an entry dynamically, but we never check if the
allocation actually succeeded.  We actually don't need a dynamic
allocation, because we know the maximum size of an ITS table entry, so
we can simply use an allocation on the stack.

Signed-off-by: Christoffer Dall <christoffer.dall@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
 virt/kvm/arm/vgic/vgic-its.c |   18 +++++++-----------
 1 file changed, 7 insertions(+), 11 deletions(-)

--- a/virt/kvm/arm/vgic/vgic-its.c
+++ b/virt/kvm/arm/vgic/vgic-its.c
@@ -1803,37 +1803,33 @@ typedef int (*entry_fn_t)(struct vgic_it
 static int scan_its_table(struct vgic_its *its, gpa_t base, int size, int esz,
 			  int start_id, entry_fn_t fn, void *opaque)
 {
-	void *entry = kzalloc(esz, GFP_KERNEL);
 	struct kvm *kvm = its->dev->kvm;
 	unsigned long len = size;
 	int id = start_id;
 	gpa_t gpa = base;
+	char entry[esz];
 	int ret;
 
+	memset(entry, 0, esz);
+
 	while (len > 0) {
 		int next_offset;
 		size_t byte_offset;
 
 		ret = kvm_read_guest(kvm, gpa, entry, esz);
 		if (ret)
-			goto out;
+			return ret;
 
 		next_offset = fn(its, id, entry, opaque);
-		if (next_offset <= 0) {
-			ret = next_offset;
-			goto out;
-		}
+		if (next_offset <= 0)
+			return next_offset;
 
 		byte_offset = next_offset * esz;
 		id += next_offset;
 		gpa += byte_offset;
 		len -= byte_offset;
 	}
-	ret =  1;
-
-out:
-	kfree(entry);
-	return ret;
+	return 1;
 }
 
 /**


Patches currently in stable-queue which might be from christoffer.dall@xxxxxxxxxx are

queue-4.13/arm-arm64-kvm-disable-branch-profiling-in-hyp-code.patch
queue-4.13/kvm-arm64-its-fix-missing-dynamic-allocation-check-in-scan_its_table.patch






