From: Roman Kisel <[email protected]> Sent: Wednesday, August 27, 2025 6:06 PM > > The early failure path in __vmbus_establish_gpadl() doesn't deallocate > msginfo if the buffer fails to decrypt. > > Fix the leak by breaking out the cleanup code into a separate function > and calling it where required. > > Fixes: d4dccf353db80 ("Drivers: hv: vmbus: Mark vmbus ring buffer visible to > host in Isolation VM") > Reported-by: Michael Kelley <[email protected]> > Closes: > https://lore.kernel.org/linux-hyperv/sn6pr02mb41573796f9787f67e0e97049d4...@sn6pr02mb4157.namprd02.prod.outlook.com/ > > Signed-off-by: Roman Kisel <[email protected]>
Reviewed-by: Michael Kelley <[email protected]> > --- > drivers/hv/channel.c | 24 ++++++++++++++++++------ > 1 file changed, 18 insertions(+), 6 deletions(-) > > diff --git a/drivers/hv/channel.c b/drivers/hv/channel.c > index 1621b95263a5..70270202209b 100644 > --- a/drivers/hv/channel.c > +++ b/drivers/hv/channel.c > @@ -410,6 +410,21 @@ static int create_gpadl_header(enum hv_gpadl_type type, > void *kbuffer, > return 0; > } > > +static void vmbus_free_channel_msginfo(struct vmbus_channel_msginfo *msginfo) > +{ > + struct vmbus_channel_msginfo *submsginfo, *tmp; > + > + if (!msginfo) > + return; > + > + list_for_each_entry_safe(submsginfo, tmp, &msginfo->submsglist, > + msglistentry) { > + kfree(submsginfo); > + } > + > + kfree(msginfo); > +} > + > /* > * __vmbus_establish_gpadl - Establish a GPADL for a buffer or ringbuffer > * > @@ -429,7 +444,7 @@ static int __vmbus_establish_gpadl(struct vmbus_channel > *channel, > struct vmbus_channel_gpadl_header *gpadlmsg; > struct vmbus_channel_gpadl_body *gpadl_body; > struct vmbus_channel_msginfo *msginfo = NULL; > - struct vmbus_channel_msginfo *submsginfo, *tmp; > + struct vmbus_channel_msginfo *submsginfo; > struct list_head *curr; > u32 next_gpadl_handle; > unsigned long flags; > @@ -459,6 +474,7 @@ static int __vmbus_establish_gpadl(struct vmbus_channel > *channel, > dev_warn(&channel->device_obj->device, > "Failed to set host visibility for new GPADL > %d.\n", > ret); > + vmbus_free_channel_msginfo(msginfo); > return ret; > } > } > @@ -535,12 +551,8 @@ static int __vmbus_establish_gpadl(struct vmbus_channel > *channel, > spin_lock_irqsave(&vmbus_connection.channelmsg_lock, flags); > list_del(&msginfo->msglistentry); > spin_unlock_irqrestore(&vmbus_connection.channelmsg_lock, flags); > - list_for_each_entry_safe(submsginfo, tmp, &msginfo->submsglist, > - msglistentry) { > - kfree(submsginfo); > - } > > - kfree(msginfo); > + vmbus_free_channel_msginfo(msginfo); > > if (ret) { > /* > -- > 2.43.0 >
