linux/arch/powerpc/kvm
David Gibson 5b73d6347e KVM: PPC: Book3S HV: Prevent double-free on HPT resize commit path
resize_hpt_release(), called once the HPT resize of a KVM guest is
completed (successfully or unsuccessfully) frees the state structure for
the resize.  It is currently not safe to call with a NULL pointer.

However, one of the error paths in kvm_vm_ioctl_resize_hpt_commit() can
invoke it with a NULL pointer.  This will occur if userspace improperly
invokes KVM_PPC_RESIZE_HPT_COMMIT without previously calling
KVM_PPC_RESIZE_HPT_PREPARE, or if it calls COMMIT twice without an
intervening PREPARE.

To fix this potential crash bug - and maybe others like it, make it safe
(and a no-op) to call resize_hpt_release() with a NULL resize pointer.

Found by Dan Carpenter with a static checker.

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
2017-02-16 16:32:19 +11:00
..
book3s_32_mmu_host.c powerpc/mm: Move hash related mmu-*.h headers to book3s/ 2016-03-03 21:19:21 +11:00
book3s_32_mmu.c arch: powerpc: kvm: book3s_32_mmu.c: Remove unused function 2014-12-17 13:12:25 +01:00
book3s_32_sr.S KVM: PPC: book3s_pr: Simplify transitions between virtual and real mode 2011-09-25 19:52:29 +03:00
book3s_64_mmu_host.c powerpc/mm: Move hash table ops to a separate structure 2016-07-21 18:59:09 +10:00
book3s_64_mmu_hv.c KVM: PPC: Book3S HV: Prevent double-free on HPT resize commit path 2017-02-16 16:32:19 +11:00
book3s_64_mmu_radix.c KVM: PPC: Book3S HV: Enable radix guest support 2017-01-31 19:11:52 +11:00
book3s_64_mmu.c powerpc/mm: Move hash related mmu-*.h headers to book3s/ 2016-03-03 21:19:21 +11:00
book3s_64_slb.S KVM: PPC: Book3S PR: Rework SLB switching code 2014-05-30 14:26:30 +02:00
book3s_64_vio_hv.c KVM: PPC: Book3S: Move prototypes for KVM functions into kvm_ppc.h 2016-12-01 14:03:46 +11:00
book3s_64_vio.c KVM: PPC: Book 3S: Fix error return in kvm_vm_ioctl_create_spapr_tce() 2017-02-09 22:06:28 +11:00
book3s_emulate.c KVM: PPC: Book3s PR: Allow access to unprivileged MMCR2 register 2016-09-27 15:14:29 +10:00
book3s_exports.c KVM: PPC: Make shared struct aka magic page guest endian 2014-05-30 14:26:21 +02:00
book3s_hv_builtin.c Merge remote-tracking branch 'remotes/powerpc/topic/ppc-kvm' into kvm-ppc-next 2017-02-08 19:35:34 +11:00
book3s_hv_hmi.c powerpc: move hmi.c to arch/powerpc/kvm/ 2016-09-09 16:18:07 +10:00
book3s_hv_interrupts.S powerpc/kvm: Create proper names for the kvm_host_state PMU fields 2014-12-29 15:45:55 +11:00
book3s_hv_ras.c KVM: PPC: Book3S: Move prototypes for KVM functions into kvm_ppc.h 2016-12-01 14:03:46 +11:00
book3s_hv_rm_mmu.c KVM: PPC: Book3S HV: Don't store values derivable from HPT order 2017-01-31 21:59:34 +11:00
book3s_hv_rm_xics.c Merge remote-tracking branch 'remotes/powerpc/topic/ppc-kvm' into kvm-ppc-next 2017-02-08 19:35:34 +11:00
book3s_hv_rmhandlers.S KVM: PPC: Book3S HV: Invalidate ERAT on guest entry/exit for POWER9 DD1 2017-01-31 19:11:52 +11:00
book3s_hv.c KVM: PPC: Book3S HV: Outline of KVM-HV HPT resizing implementation 2017-01-31 21:59:56 +11:00
book3s_interrupts.S powerpc: Define and use PPC64_ELF_ABI_v2/v1 2016-06-14 13:58:27 +10:00
book3s_mmu_hpte.c kvm: powerpc: book3s: pr: move PR related tracepoints to a separate header 2013-10-17 15:36:22 +02:00
book3s_paired_singles.c powerpc: Create disable_kernel_{fp,altivec,vsx,spe}() 2015-12-01 13:52:25 +11:00
book3s_pr_papr.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
book3s_pr.c KVM: PPC: Book3S PR: Refactor program interrupt related code into separate function 2017-01-27 20:34:28 +11:00
book3s_rmhandlers.S powerpc: Define and use PPC64_ELF_ABI_v2/v1 2016-06-14 13:58:27 +10:00
book3s_rtas.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
book3s_segment.S KVM: PPC: Book3S: 64-bit CONFIG_RELOCATABLE support for interrupts 2017-01-31 19:07:39 +11:00
book3s_xics.c KVM: PPC: Book 3S: XICS: Don't lock twice when checking for resend 2017-01-27 10:27:21 +11:00
book3s_xics.h KVM: PPC: Book 3S: XICS: Implement ICS P/Q states 2017-01-27 10:27:02 +11:00
book3s.c KVM: PPC: Book3S HV: Page table construction and page faults for radix guests 2017-01-31 19:11:49 +11:00
book3s.h kvm: Fix page ageing bugs 2014-09-24 14:07:58 +02:00
booke_emulate.c KVM: PPC: BOOKE: Emulate debug registers and exception 2014-09-22 10:11:33 +02:00
booke_interrupts.S KVM: PPC: Remove 440 support 2014-07-28 15:23:15 +02:00
booke.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
booke.h KVM: PPC: Book3e: Add AltiVec support 2014-09-22 10:11:32 +02:00
bookehv_interrupts.S powerpc/kvm: common sw breakpoint instr across ppc 2014-09-22 10:11:36 +02:00
e500_emulate.c KVM: PPC: e500: Emulate TMCFG0 TMRN register 2015-10-15 15:58:16 +11:00
e500_mmu_host.c kvm: rename pfn_t to kvm_pfn_t 2016-01-15 17:56:32 -08:00
e500_mmu_host.h KVM: PPC: E500: Make clear_tlb_refs and clear_tlb1_bitmap static 2013-01-24 19:23:33 +01:00
e500_mmu.c KVM: PPC: e500: Rename jump labels in kvmppc_e500_tlb_init() 2016-09-13 14:32:47 +10:00
e500.c KVM: PPC: e500: fix handling local_sid_lookup result 2015-10-15 15:58:16 +11:00
e500.h kvm: rename pfn_t to kvm_pfn_t 2016-01-15 17:56:32 -08:00
e500mc.c powerpc: Fix misspellings in comments. 2016-03-01 19:27:20 +11:00
emulate_loadstore.c KVM: PPC: Pass enum to kvmppc_get_last_inst 2014-09-22 10:11:36 +02:00
emulate.c KVM: PPC: Book3S PR: Fix illegal opcode emulation 2016-06-20 14:11:25 +10:00
fpu.S powerpc: Remove fpscr use from [kvm_]cvt_{fd,df} 2010-09-02 14:07:32 +10:00
irq.h KVM: PPC: Book3S: Add API for in-kernel XICS emulation 2013-05-02 15:28:36 +02:00
Kconfig KVM: PPC: select IRQ_BYPASS_MANAGER 2016-09-09 16:26:19 +10:00
Makefile KVM: PPC: Book3S HV: Add basic infrastructure for radix guests 2017-01-31 19:11:48 +11:00
mpic.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
powerpc.c KVM: PPC: Book3S HV: Advertise availablity of HPT resizing on KVM HV 2017-01-31 22:00:07 +11:00
timing.c KVM: PPC: Remove DCR handling 2014-07-28 19:29:15 +02:00
timing.h KVM: PPC: Remove DCR handling 2014-07-28 19:29:15 +02:00
trace_book3s.h KVM: PPC: Book3S HV: Tracepoints for KVM HV guest interactions 2014-12-17 13:29:27 +01:00
trace_booke.h KVM: PPC: BookE: Improve irq inject tracepoint 2014-12-15 13:27:23 +01:00
trace_hv.h KVM: PPC: Book3S HV: Comment style and print format fixups 2016-11-28 11:48:47 +11:00
trace_pr.h kvm: rename pfn_t to kvm_pfn_t 2016-01-15 17:56:32 -08:00
trace.h kvm: powerpc: booke: Move booke related tracepoints to separate header 2013-10-17 15:37:16 +02:00