From nobody Tue Oct 7 05:22:14 2025 Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by smtp.subspace.kernel.org (Postfix) with ESMTP id B3DAB27B4E5; Fri, 3 Oct 2025 22:27:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=13.77.154.182 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1759530445; cv=none; b=U/a/4+oyewAEZN/whYZMYpG2w2OqLrqgmV5BJVJHwxwRa54OOAGw00xLeDhlXcK3C/u1z1eM+4XKv2cCKAqMdifOE0tVB8F5N00G7wAXJsjeXKYJbb3WcT5CzQmhvIonOmxsf8EmZE6rJa4zbQdhcMtBEhq2Epn1SSzWs4gR7ek= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1759530445; c=relaxed/simple; bh=Fkn/javTiww3cFoTkMbsTMJizV3BWu9Hp9OMgATsTkM=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=BetrW3MaOWn3Q7p6cwzoTkOib8ApUGjdmrmZJHMeRuT1xZ1H1YDKphWhOYNzy3PjUsmlqsmrSJtl8lZF2sYWk0GOGMVQAGtUp6p1Y7VuK/Y8m5JvGRla9y3B0c09syONWLAvImUJX0fwp/9ULpxq01cqxtoIgwHDZKf5fxa6pfo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com; spf=pass smtp.mailfrom=linux.microsoft.com; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b=skGNtAaH; arc=none smtp.client-ip=13.77.154.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b="skGNtAaH" Received: from romank-3650.corp.microsoft.com (unknown [131.107.1.188]) by linux.microsoft.com (Postfix) with ESMTPSA id 148E1211C27F; Fri, 3 Oct 2025 15:27:23 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 148E1211C27F DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1759530443; bh=KOeZVTeTzRHNYVd4hRy4Pl2r3BRcW7MVMnUEOSxzTv8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=skGNtAaHOaCpeay5u6LSqN2AnKr0jPNhmYCorB9ZcOOETtmkl9Mk0nrEocN2vv726 vcfTaPaaQqIl36uWX2Kwq9Ri+HucteE7M3NZm1AG27aymCDhvO78Fj9dUKtdFXYaZx tGuGhzRaOjw9JEjPL5vhx2cb6+wxLSO3fyP4BMJ0= From: Roman Kisel To: arnd@arndb.de, bp@alien8.de, corbet@lwn.net, dave.hansen@linux.intel.com, decui@microsoft.com, haiyangz@microsoft.com, hpa@zytor.com, kys@microsoft.com, mikelley@microsoft.com, mingo@redhat.com, tglx@linutronix.de, Tianyu.Lan@microsoft.com, wei.liu@kernel.org, x86@kernel.org, linux-hyperv@vger.kernel.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-arch@vger.kernel.org Cc: benhill@microsoft.com, bperkins@microsoft.com, sunilmut@microsoft.com, romank@linux.microsoft.com Subject: [PATCH hyperv-next v6 14/17] Drivers: hv: Free msginfo when the buffer fails to decrypt Date: Fri, 3 Oct 2025 15:27:07 -0700 Message-ID: <20251003222710.6257-15-romank@linux.microsoft.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251003222710.6257-1-romank@linux.microsoft.com> References: <20251003222710.6257-1-romank@linux.microsoft.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The early failure path in __vmbus_establish_gpadl() doesn't deallocate msginfo if the buffer fails to decrypt. Fix the leak by breaking out the cleanup code into a separate function and calling it where required. Fixes: d4dccf353db80 ("Drivers: hv: vmbus: Mark vmbus ring buffer visible t= o host in Isolation VM") Reported-by: Michael Kelley Closes: https://lore.kernel.org/linux-hyperv/SN6PR02MB41573796F9787F67E0E97= 049D472A@SN6PR02MB4157.namprd02.prod.outlook.com Signed-off-by: Roman Kisel Reviewed-by: Michael Kelley --- drivers/hv/channel.c | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/drivers/hv/channel.c b/drivers/hv/channel.c index d69713201bef..88485d255a42 100644 --- a/drivers/hv/channel.c +++ b/drivers/hv/channel.c @@ -410,6 +410,21 @@ static int create_gpadl_header(enum hv_gpadl_type type= , void *kbuffer, return 0; } =20 +static void vmbus_free_channel_msginfo(struct vmbus_channel_msginfo *msgin= fo) +{ + struct vmbus_channel_msginfo *submsginfo, *tmp; + + if (!msginfo) + return; + + list_for_each_entry_safe(submsginfo, tmp, &msginfo->submsglist, + msglistentry) { + kfree(submsginfo); + } + + kfree(msginfo); +} + /* * __vmbus_establish_gpadl - Establish a GPADL for a buffer or ringbuffer * @@ -429,7 +444,7 @@ static int __vmbus_establish_gpadl(struct vmbus_channel= *channel, struct vmbus_channel_gpadl_header *gpadlmsg; struct vmbus_channel_gpadl_body *gpadl_body; struct vmbus_channel_msginfo *msginfo =3D NULL; - struct vmbus_channel_msginfo *submsginfo, *tmp; + struct vmbus_channel_msginfo *submsginfo; struct list_head *curr; u32 next_gpadl_handle; unsigned long flags; @@ -459,6 +474,7 @@ static int __vmbus_establish_gpadl(struct vmbus_channel= *channel, dev_warn(&channel->device_obj->device, "Failed to set host visibility for new GPADL %d.\n", ret); + vmbus_free_channel_msginfo(msginfo); return ret; } } @@ -535,12 +551,8 @@ static int __vmbus_establish_gpadl(struct vmbus_channe= l *channel, spin_lock_irqsave(&vmbus_connection.channelmsg_lock, flags); list_del(&msginfo->msglistentry); spin_unlock_irqrestore(&vmbus_connection.channelmsg_lock, flags); - list_for_each_entry_safe(submsginfo, tmp, &msginfo->submsglist, - msglistentry) { - kfree(submsginfo); - } =20 - kfree(msginfo); + vmbus_free_channel_msginfo(msginfo); =20 if (ret) { /* --=20 2.43.0