KVM: s390: avoid memory leaks if __inject_vm() fails

commit 428d53be5e7468769d4e7899cca06ed5f783a6e1 upstream.

We have to delete the allocated interrupt info if __inject_vm() fails.

Otherwise user space can keep flooding kvm with floating interrupts and
provoke more and more memory leaks.

Reported-by: Dominik Dingel <dingel@linux.vnet.ibm.com>
Reviewed-by: Dominik Dingel <dingel@linux.vnet.ibm.com>
Signed-off-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/arch/s390/kvm/interrupt.c b/arch/s390/kvm/interrupt.c
index 57ed057cba65f77297e2739b97668752541c57a0..29e2e5aa21116ed7514d9de32b3bacbd7a870c6b 100644 (file)
--- a/arch/s390/kvm/interrupt.c
+++ b/arch/s390/kvm/interrupt.c
@@ -876,6 +876,7 @@ int kvm_s390_inject_vm(struct kvm *kvm,
                       struct kvm_s390_interrupt *s390int)
 {
        struct kvm_s390_interrupt_info *inti;
+       int rc;
 
        inti = kzalloc(sizeof(*inti), GFP_KERNEL);
        if (!inti)
@@ -923,7 +924,10 @@ int kvm_s390_inject_vm(struct kvm *kvm,
        trace_kvm_s390_inject_vm(s390int->type, s390int->parm, s390int->parm64,
                                 2);
 
-       return __inject_vm(kvm, inti);
+       rc = __inject_vm(kvm, inti);
+       if (rc)
+               kfree(inti);
+       return rc;
 }
 
 void kvm_s390_reinject_io_int(struct kvm *kvm,