From nobody Wed May 15 09:59:01 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender) client-ip=192.237.175.120;
 envelope-from=xen-devel-bounces@lists.xenproject.org;
 helo=lists.xenproject.org;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender)
  smtp.mailfrom=xen-devel-bounces@lists.xenproject.org;
	dmarc=pass(p=reject dis=none)  header.from=citrix.com
ARC-Seal: i=1; a=rsa-sha256; t=1677245844; cv=none;
	d=zohomail.com; s=zohoarc;
	b=XULlqIfXXN8gi+nZpw4oa7p2ykKVpANkSUkSvVsugMwnxb7WMLVnqbpQE6ZOF698pwyhXSK07YUPGzi3LH0PTLiJOd+EpjCQB5ZWz1xAa2qXuCRXince/zQpSUVJHyTUbH7Yo7cmGPTbTj+Q4AvifQ9Zd4D4Mk7t0+5cbw2rwQ8=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1677245844;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=KtI0SXdjGslXiEQCYVFmB0FKMrJAm7AiHU+hbKXUx4k=;
	b=QQ8E+uqD9Y5N8aQnU8mh0O7eWOnWQLR3i16qO6w/0+I5Qqc62Hl/jD97zRT7GXY/d/Z5Iqv8oEoLiI+T4sJZ5BlsFQcXeb0VyM4hlk96UM5lkLd1lsdJLXMzBMJYsYzqu2WGxWCTz+zWJCx/uH84y5OD+WR+/8PbmqkSjoujxTM=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender)
  smtp.mailfrom=xen-devel-bounces@lists.xenproject.org;
	dmarc=pass header.from=<edvin.torok@citrix.com> (p=reject dis=none)
Return-Path: <xen-devel-bounces@lists.xenproject.org>
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
 by mx.zohomail.com
	with SMTPS id 167724584462722.442628127993316;
 Fri, 24 Feb 2023 05:37:24 -0800 (PST)
Received: from list by lists.xenproject.org with
 outflank-mailman.501053.772646 (Exim 4.92)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1pVYFu-0004qH-CP; Fri, 24 Feb 2023 13:36:58 +0000
Received: by outflank-mailman (output) from mailman id 501053.772646;
 Fri, 24 Feb 2023 13:36:58 +0000
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.92)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1pVYFu-0004q7-98; Fri, 24 Feb 2023 13:36:58 +0000
Received: by outflank-mailman (input) for mailman id 501053;
 Fri, 24 Feb 2023 13:36:57 +0000
Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50]
 helo=se1-gles-flk1.inumbo.com)
 by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from
 <SRS0=iPiP=6U=citrix.com=prvs=412d30f06=edvin.torok@srs-se1.protection.inumbo.net>)
 id 1pVYFt-0004am-BQ
 for xen-devel@lists.xenproject.org; Fri, 24 Feb 2023 13:36:57 +0000
Received: from esa2.hc3370-68.iphmx.com (esa2.hc3370-68.iphmx.com
 [216.71.145.153]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS
 id 4bae5d63-b448-11ed-a82a-c9ca1d2f71af;
 Fri, 24 Feb 2023 14:36:54 +0100 (CET)
X-Outflank-Mailman: Message body and most headers restored to incoming version
X-BeenThere: xen-devel@lists.xenproject.org
List-Id: Xen developer discussion <xen-devel.lists.xenproject.org>
List-Unsubscribe: <https://lists.xenproject.org/mailman/options/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xenproject.org>
List-Help: <mailto:xen-devel-request@lists.xenproject.org?subject=help>
List-Subscribe: <https://lists.xenproject.org/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xenproject.org
Precedence: list
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>
X-Inumbo-ID: 4bae5d63-b448-11ed-a82a-c9ca1d2f71af
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;
  d=citrix.com; s=securemail; t=1677245814;
  h=from:to:cc:subject:date:message-id:in-reply-to:
   references:mime-version:content-transfer-encoding;
  bh=cm/Hn5vaptcJiAlYcN7JDgSNF6QhhER+noAm3OqySF4=;
  b=IMgs2QUuKVdxmH1iFHcAMfSs8mW1kNY2QCsbv0hK28/PVa6iIYMTBjXT
   5jXZvq0b+bb9CR5fxNu6KHHMbytv0kK3lTk1jnIQSrKZEKW3O2Cj+mpVU
   go/ogHYAhgniZ3RtgyekxkU9ue2aAw+TvPyVr6cd4fA4qnC7ayezmifDT
   4=;
Authentication-Results: esa2.hc3370-68.iphmx.com;
 dkim=none (message not signed) header.i=none
X-SBRS: 4.0
X-MesageID: 98321074
X-Ironport-Server: esa2.hc3370-68.iphmx.com
X-Remote-IP: 162.221.156.123
X-Policy: $RELAYED
IronPort-Data: A9a23:QWrHOap7bfrWqmO513hF/xN5al5eBmIQZRIvgKrLsJaIsI4StFCzt
 garIBmGbvyCY2TzKoh0OYzkoR8Pv5LTydBjTAZupC8zHn5DpJuZCYyVIHmrMnLJJKUvbq7FA
 +Y2MYCccZ9uHhcwgj/3b9ANeFEljfngqoLUUbKCYWYpA1c/Ek/NsDo788YhmIlknNOlNA2Ev
 NL2sqX3NUSsnjV5KQr40YrawP9UlKm06WxwUmAWP6gR5weEzSVNVvrzGInqR5fGatgMdgKFb
 76rIIGRpgvx4xorA9W5pbf3GmVirmn6ZFXmZtJ+AsBOszAazsAA+v9T2Mk0MC+7vw6hjdFpo
 OihgLTrIesf0g8gr8xGO/VQO3kW0aSrY9YrK1Dn2SCY5xWun3cBX5yCpaz5VGEV0r8fPI1Ay
 RAXADYhVC6IurOt+4+mbsdwjJx/cNHyE7pK7xmMzRmBZRonaZXKQqGM7t5ExjYgwMtJGJ4yZ
 eJAN2ApNk6ZJUQSZBFOUslWcOSA3xETdxVVpEyUo+wr5HLUzyR60aT3McqTcduPLSlQthfI/
 Tifpzulav0cHIKekySMtVvvuvHOkQ/1AdsXObLlpsc/1TV/wURMUUZLBDNXu8KRmkO4Ht5SN
 UEQ0i4vtrQpslymSMHnWB+1q2LCuQQTM/JPF8Uq5QfLzbDbiy6bCXIDVSVpc8E9uYk9QjlC6
 7OSt4q3X3o16uTTEC/DsO7O9lteJBT5M0cESRU6RjZU+OLevaUdkhiXEop7CYGM24id9S7L/
 xiGqy03hrM2hMEN1rmm8V2vvw9AtqQlXSZuuFyJAzvNAhdRIdf8Otf2sQSzAeNodt7xc7WXg
 JQTdyFyBsgqBIrFqiGCSf5l8FqBt6fca220bbKC8vAcG9WRF5yLJ904DNJWfh0B3iM4ldjBM
 SfuVft5vsM7AZdTRfYfj3iNI8or17P8Mt/uS+rZaNFDCrAoKlDYpX4xPxHNjjC8+KTJrU3YE
 c3GGftA8F5AUfg3pNZIb7p1PUAXKtAWmjqIGMGTI+WP2ruCfn+FIYrpw3PXBt3VGJis+V2Pm
 /4Gbpvi9vmqeLGmCsUh2dJJfA9iwLlSLcyelvG7gcbaeFI+Rzt+Vq6BqV7jEqQ895loei7z1
 inVcidlJJDX3BUr9S3ihqhfVY7S
IronPort-HdrOrdr: A9a23:uWYXOKCjBLEML3blHem955DYdb4zR+YMi2TDtnoddfUxSKfzqy
 nApoV56faKskdyZJhNo7690cq7LU80l6QU3WB5B97LYOCMggSVxe9ZjLcKygeQfhHDyg==
X-IronPort-AV: E=Sophos;i="5.97,324,1669093200";
   d="scan'208";a="98321074"
From: =?UTF-8?q?Edwin=20T=C3=B6r=C3=B6k?= <edvin.torok@citrix.com>
To: <xen-devel@lists.xenproject.org>
CC: =?UTF-8?q?Edwin=20T=C3=B6r=C3=B6k?= <edwin.torok@cloud.com>, Wei Liu
	<wl@xen.org>, Anthony PERARD <anthony.perard@citrix.com>, Juergen Gross
	<jgross@suse.com>
Subject: [PATCH v1 1/2] xc_core_arch_map_p2m_tree_rw: fix memory leak
Date: Fri, 24 Feb 2023 13:36:45 +0000
Message-ID: 
 <c721e627bc74047c0c5e55c0aeae7d72bbc3ce0e.1677245356.git.edwin.torok@cloud.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1677245356.git.edwin.torok@cloud.com>
References: <cover.1677245356.git.edwin.torok@cloud.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @citrix.com)
X-ZM-MESSAGEID: 1677245845436100002

From: Edwin T=C3=B6r=C3=B6k <edwin.torok@cloud.com>

Prior to bd7a29c3d0 'out' would've always been executed and memory
freed, but that commit changed it such that it returns early and leaks.

Found using gcc 12.2.1 `-fanalyzer`:
```
xg_core_x86.c: In function =E2=80=98xc_core_arch_map_p2m_tree_rw=E2=80=99:
xg_core_x86.c:300:5: error: leak of =E2=80=98p2m_frame_list_list=E2=80=99 [=
CWE-401] [-Werror=3Danalyzer-malloc-leak]
  300 |     return p2m_frame_list;
      |     ^~~~~~
  =E2=80=98xc_core_arch_map_p2m_writable=E2=80=99: events 1-2
    |
    |  378 | xc_core_arch_map_p2m_writable(xc_interface *xch, struct domain=
_info_context *dinfo, xc_dominfo_t *info,
    |      | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    |      | |
    |      | (1) entry to =E2=80=98xc_core_arch_map_p2m_writable=E2=80=99
    |......
    |  381 |     return xc_core_arch_map_p2m_rw(xch, dinfo, info, live_shin=
fo, live_p2m, 1);
    |      |            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~=
~~~~~~~~~~~~~~~~
    |      |            |
    |      |            (2) calling =E2=80=98xc_core_arch_map_p2m_rw=E2=80=
=99 from =E2=80=98xc_core_arch_map_p2m_writable=E2=80=99
    |
    +--> =E2=80=98xc_core_arch_map_p2m_rw=E2=80=99: events 3-10
           |
           |  319 | xc_core_arch_map_p2m_rw(xc_interface *xch, struct domai=
n_info_context *dinfo, xc_dominfo_t *info,
           |      | ^~~~~~~~~~~~~~~~~~~~~~~
           |      | |
           |      | (3) entry to =E2=80=98xc_core_arch_map_p2m_rw=E2=80=99
           |......
           |  328 |     if ( xc_domain_nr_gpfns(xch, info->domid, &dinfo->p=
2m_size) < 0 )
           |      |        ~
           |      |        |
           |      |        (4) following =E2=80=98false=E2=80=99 branch...
           |......
           |  334 |     if ( dinfo->p2m_size < info->nr_pages  )
           |      |     ~~ ~
           |      |     |  |
           |      |     |  (6) following =E2=80=98false=E2=80=99 branch...
           |      |     (5) ...to here
           |......
           |  340 |     p2m_cr3 =3D GET_FIELD(live_shinfo, arch.p2m_cr3, di=
nfo->guest_width);
           |      |     ~~~~~~~
           |      |     |
           |      |     (7) ...to here
           |  341 |
           |  342 |     p2m_frame_list =3D p2m_cr3 ? xc_core_arch_map_p2m_l=
ist_rw(xch, dinfo, dom, live_shinfo, p2m_cr3)
           |      |                      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~=
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
           |  343 |                              : xc_core_arch_map_p2m_tre=
e_rw(xch, dinfo, dom, live_shinfo);
           |      |                              ~~~~~~~~~~~~~~~~~~~~~~~~~~=
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
           |      |                              | |
           |      |                              | (9) ...to here
           |      |                              | (10) calling =E2=80=98xc=
_core_arch_map_p2m_tree_rw=E2=80=99 from =E2=80=98xc_core_arch_map_p2m_rw=
=E2=80=99
           |      |                              (8) following =E2=80=98fal=
se=E2=80=99 branch...
           |
           +--> =E2=80=98xc_core_arch_map_p2m_tree_rw=E2=80=99: events 11-24
                  |
                  |  228 | xc_core_arch_map_p2m_tree_rw(xc_interface *xch, =
struct domain_info_context *dinfo,
                  |      | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
                  |      | |
                  |      | (11) entry to =E2=80=98xc_core_arch_map_p2m_tree=
_rw=E2=80=99
                  |......
                  |  245 |     if ( !live_p2m_frame_list_list )
                  |      |        ~
                  |      |        |
                  |      |        (12) following =E2=80=98false=E2=80=99 br=
anch (when =E2=80=98live_p2m_frame_list_list=E2=80=99 is non-NULL)...
                  |......
                  |  252 |     if ( !(p2m_frame_list_list =3D malloc(PAGE_S=
IZE)) )
                  |      |     ~~ ~                         ~~~~~~~~~~~~~~~=
~~
                  |      |     |  |                         |
                  |      |     |  |                         (14) allocated =
here
                  |      |     |  (15) assuming =E2=80=98p2m_frame_list_lis=
t=E2=80=99 is non-NULL
                  |      |     |  (16) following =E2=80=98false=E2=80=99 br=
anch (when =E2=80=98p2m_frame_list_list=E2=80=99 is non-NULL)...
                  |      |     (13) ...to here
                  |......
                  |  257 |     memcpy(p2m_frame_list_list, live_p2m_frame_l=
ist_list, PAGE_SIZE);
                  |      |     ~~~~~~
                  |      |     |
                  |      |     (17) ...to here
                  |......
                  |  266 |     else if ( dinfo->guest_width < sizeof(unsign=
ed long) )
                  |      |             ~
                  |      |             |
                  |      |             (18) following =E2=80=98false=E2=80=
=99 branch...
                  |......
                  |  270 |     live_p2m_frame_list =3D
                  |      |     ~~~~~~~~~~~~~~~~~~~
                  |      |     |
                  |      |     (19) ...to here
                  |......
                  |  275 |     if ( !live_p2m_frame_list )
                  |      |        ~
                  |      |        |
                  |      |        (20) following =E2=80=98false=E2=80=99 br=
anch (when =E2=80=98live_p2m_frame_list=E2=80=99 is non-NULL)...
                  |......
                  |  282 |     if ( !(p2m_frame_list =3D malloc(P2M_TOOLS_F=
L_SIZE)) )
                  |      |     ~~ ~
                  |      |     |  |
                  |      |     |  (22) following =E2=80=98false=E2=80=99 br=
anch (when =E2=80=98p2m_frame_list=E2=80=99 is non-NULL)...
                  |      |     (21) ...to here
                  |......
                  |  287 |     memset(p2m_frame_list, 0, P2M_TOOLS_FL_SIZE);
                  |      |     ~~~~~~
                  |      |     |
                  |      |     (23) ...to here
                  |......
                  |  300 |     return p2m_frame_list;
                  |      |     ~~~~~~
                  |      |     |
                  |      |     (24) =E2=80=98p2m_frame_list_list=E2=80=99 l=
eaks here; was allocated at (14)
                  |
```
Fixes: bd7a29c3d0 ("tools/libs/ctrl: fix xc_core_arch_map_p2m() to support =
linear p2m table")

Signed-off-by: Edwin T=C3=B6r=C3=B6k <edwin.torok@cloud.com>
Reviewed-by: Juergen Gross <jgross@suse.com>
---
 tools/libs/guest/xg_core_x86.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/tools/libs/guest/xg_core_x86.c b/tools/libs/guest/xg_core_x86.c
index 61106b98b8..69929879d7 100644
--- a/tools/libs/guest/xg_core_x86.c
+++ b/tools/libs/guest/xg_core_x86.c
@@ -297,6 +297,8 @@ xc_core_arch_map_p2m_tree_rw(xc_interface *xch, struct =
domain_info_context *dinf
=20
     dinfo->p2m_frames =3D P2M_FL_ENTRIES;
=20
+    free(p2m_frame_list_list);
+
     return p2m_frame_list;
=20
  out:
--=20
2.39.1


From nobody Wed May 15 09:59:01 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender) client-ip=192.237.175.120;
 envelope-from=xen-devel-bounces@lists.xenproject.org;
 helo=lists.xenproject.org;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender)
  smtp.mailfrom=xen-devel-bounces@lists.xenproject.org;
	dmarc=pass(p=reject dis=none)  header.from=citrix.com
ARC-Seal: i=1; a=rsa-sha256; t=1677245834; cv=none;
	d=zohomail.com; s=zohoarc;
	b=On9r718VqUG373ypV+axUbtkcKiMyp86/9KuB+MoPUU9suSd/N8jGlSc1vTi8trunyO9VICqBeg2Vh+xJrk6Ac3SGr1FgB6chuZyKuqVUGX/edXG43hRl3uywfev88IQ9FzjuJxbCJyNNlMOWTJ5c8NSg7mQhtJo+LkAzeSSRPs=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1677245834;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=z+pRNvD75kT9VP1A59QjFvrhs9F0Ufr9jLn9uUjagtc=;
	b=bWtSUnHb5UrM/8U2WpDN544CkuELhv88Ns/A9uBPzfpJnzv6jP4ro15P61vBw+4vYHcuK9qb/ey7pjyLNcXC0EetNljKiLfl4wwWcRH1fxqVPshP/ASNtZ1qUEA0Zz0Y4D9oU1q/qoZXrweBZiuluPwYeXvy9LtY7hdI/8TYo5E=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender)
  smtp.mailfrom=xen-devel-bounces@lists.xenproject.org;
	dmarc=pass header.from=<edvin.torok@citrix.com> (p=reject dis=none)
Return-Path: <xen-devel-bounces@lists.xenproject.org>
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
 by mx.zohomail.com
	with SMTPS id 1677245833975188.07849107259256;
 Fri, 24 Feb 2023 05:37:13 -0800 (PST)
Received: from list by lists.xenproject.org with
 outflank-mailman.501052.772636 (Exim 4.92)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1pVYFt-0004av-44; Fri, 24 Feb 2023 13:36:57 +0000
Received: by outflank-mailman (output) from mailman id 501052.772636;
 Fri, 24 Feb 2023 13:36:57 +0000
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.92)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1pVYFt-0004ao-1F; Fri, 24 Feb 2023 13:36:57 +0000
Received: by outflank-mailman (input) for mailman id 501052;
 Fri, 24 Feb 2023 13:36:56 +0000
Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254]
 helo=se1-gles-sth1.inumbo.com)
 by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from
 <SRS0=iPiP=6U=citrix.com=prvs=412d30f06=edvin.torok@srs-se1.protection.inumbo.net>)
 id 1pVYFr-0004LB-SG
 for xen-devel@lists.xenproject.org; Fri, 24 Feb 2023 13:36:55 +0000
Received: from esa3.hc3370-68.iphmx.com (esa3.hc3370-68.iphmx.com
 [216.71.145.155]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS
 id 4d67cd02-b448-11ed-88bb-e56d68cac8db;
 Fri, 24 Feb 2023 14:36:55 +0100 (CET)
X-Outflank-Mailman: Message body and most headers restored to incoming version
X-BeenThere: xen-devel@lists.xenproject.org
List-Id: Xen developer discussion <xen-devel.lists.xenproject.org>
List-Unsubscribe: <https://lists.xenproject.org/mailman/options/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xenproject.org>
List-Help: <mailto:xen-devel-request@lists.xenproject.org?subject=help>
List-Subscribe: <https://lists.xenproject.org/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xenproject.org
Precedence: list
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>
X-Inumbo-ID: 4d67cd02-b448-11ed-88bb-e56d68cac8db
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;
  d=citrix.com; s=securemail; t=1677245815;
  h=from:to:cc:subject:date:message-id:in-reply-to:
   references:mime-version:content-transfer-encoding;
  bh=+p41LuGA6ZH/mH4WZJzQfHg34IdLZsNOgxsII11jPNw=;
  b=NS5Y681LWvY5qmQWxLoSdmHfbIxB8XJdQWa5oIfrks3Y0b1qCno0//VI
   lAkcVy5FvS6wlcMp8em5f8naDm8WEC7KJ2cLskr7W+tgGHorY8+SeNOeS
   i0TvlOe1w5mPdYtYgcEc5MUqiADhy988JH6xYDYfu+YY+rrXjcsjlgzAd
   g=;
Authentication-Results: esa3.hc3370-68.iphmx.com;
 dkim=none (message not signed) header.i=none
X-SBRS: 4.0
X-MesageID: 98414697
X-Ironport-Server: esa3.hc3370-68.iphmx.com
X-Remote-IP: 162.221.156.123
X-Policy: $RELAYED
IronPort-Data: A9a23:VkUb7aNvXiD9M5TvrR2tl8FynXyQoLVcMsEvi/4bfWQNrUon1DZRz
 mMaCG+DM6yJYGLyKowkPIu+8EtS6p6GyIRjSQto+SlhQUwRpJueD7x1DKtS0wC6dZSfER09v
 63yTvGacajYm1eF/k/F3oDJ9CU6jufQAOKnUoYoAwgpLSd8UiAtlBl/rOAwh49skLCRDhiE/
 Nj/uKUzAnf8s9JPGj9Suv3rRC9H5qyo42tC5ABmP5ingXeF/5UrJMNHTU2OByOQrrl8RoaSW
 +vFxbelyWLVlz9F5gSNy+uTnuUiG9Y+DCDW4pZkc/HKbitq/0Te5p0TJvsEAXq7vh3S9zxHJ
 HehgrTrIeshFvWkdO3wyHC0GQkmVUFN0OevzXRSLaV/ZqAJGpfh66wGMa04AWEX0slYLEpQz
 6E1EWFXUjCutsCkzq6KF9A506zPLOGzVG8eknRpzDWfBvc6W5HTBa7N4Le03h9p2JoIR6yHI
 ZNEN3w2Nk+ojx5nYz/7DLozkPmpgD/jdCdfq3qepLYt4niVxwt0uFToGIuFJoXWG5QK9qqej
 jP+zkjwKwpLDfy092aPrSiombbzugquDer+E5Xnr6U30TV/3Fc7ChIMUkCgieKkkUP4UNVaQ
 2QL/gI+oK5081akJvHtUhv9rHOasxo0X9tLD/Z8+AyL0rDT4QuSGi4DVDEpVTA9nJZoH3pwj
 AbPxo63Q2U169V5VE5x6J+7gh6ZJxJIAFZTPxMkYDon8df/kdwK20enoslYLIa5idj8GDfVy
 j+MrTQji7h7sfPnx5lX7nic3Wvy+8Ghohodo1yOAzn7tl8RiJuNPdTA1LTN0RpXwG91pHGlt
 WNMpcWR5ftm4XqlxH3UG7Vl8F1ECp+43NzgbbxHRcRJG9eFoSTLkWVsDNZWdS9U3j4sI2OBX
 aMqkVo5CGVvFHWrd7RrRIm6Ft4ny6Ptffy8CK+LN4UROMcsJV/WlM2LWaJ39zqw+HXAbIllY
 cvLGSpSJSty5VtbIMqeGL5GjO5DKtEWzmLPX5HrpylLIpLHDEN5vYwtaQPUBshgtfPsnekg2
 4oHXyd840kFAbKWj+i+2dJ7EG3m2lBiX8iu9JYIK7/TSuekcUl4Y8LsLXoaU9QNt8xoei3gp
 RlRhmcwJILDuED6
IronPort-HdrOrdr: A9a23:Ib6Edq9yrJCVMQYRarJuk+DiI+orL9Y04lQ7vn2YSXRuE/Bw8P
 re5MjztCWE8Qr5N0tQ+uxoVJPufZqYz+8Q3WBzB8bFYOCFghrLEGgK1+KLqFeMdxEWtNQtsp
 uIG5IOc+EYZmIbsS+V2meF+q4bsby6zJw=
X-IronPort-AV: E=Sophos;i="5.97,324,1669093200";
   d="scan'208";a="98414697"
From: =?UTF-8?q?Edwin=20T=C3=B6r=C3=B6k?= <edvin.torok@citrix.com>
To: <xen-devel@lists.xenproject.org>
CC: =?UTF-8?q?Edwin=20T=C3=B6r=C3=B6k?= <edwin.torok@cloud.com>, Wei Liu
	<wl@xen.org>, Anthony PERARD <anthony.perard@citrix.com>, Juergen Gross
	<jgross@suse.com>
Subject: [PATCH v1 2/2] backup_ptes: fix leak on realloc failure
Date: Fri, 24 Feb 2023 13:36:46 +0000
Message-ID: 
 <2f23492a3861a3ebddbf1f811296e98143b9b8f4.1677245356.git.edwin.torok@cloud.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1677245356.git.edwin.torok@cloud.com>
References: <cover.1677245356.git.edwin.torok@cloud.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @citrix.com)
X-ZM-MESSAGEID: 1677245835837100001

From: Edwin T=C3=B6r=C3=B6k <edwin.torok@cloud.com>

From `man 2 realloc`:
`If realloc() fails, the original block is left untouched; it is not freed =
or moved.`

Found using GCC -fanalyzer:
```
|  184 |         backup->entries =3D realloc(backup->entries,
|      |         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|      |         |               | |
|      |         |               | (91) when =E2=80=98realloc=E2=80=99 fails
|      |         |               (92) =E2=80=98old_ptes.entries=E2=80=99 le=
aks here; was allocated at (44)
|      |         (90) ...to here
```

Signed-off-by: Edwin T=C3=B6r=C3=B6k <edwin.torok@cloud.com>
---
 tools/libs/guest/xg_offline_page.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/tools/libs/guest/xg_offline_page.c b/tools/libs/guest/xg_offli=
ne_page.c
index c594fdba41..a8bcea768b 100644
--- a/tools/libs/guest/xg_offline_page.c
+++ b/tools/libs/guest/xg_offline_page.c
@@ -181,10 +181,13 @@ static int backup_ptes(xen_pfn_t table_mfn, int offse=
t,
=20
     if (backup->max =3D=3D backup->cur)
     {
-        backup->entries =3D realloc(backup->entries,
+        void* orig =3D backup->entries;
+        backup->entries =3D realloc(orig,
                             backup->max * 2 * sizeof(struct pte_backup_ent=
ry));
-        if (backup->entries =3D=3D NULL)
+        if (backup->entries =3D=3D NULL) {
+            free(orig);
             return -1;
+        }
         else
             backup->max *=3D 2;
     }
--=20
2.39.1