|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [PATCH] xen/arm: optee: fix possible memory leaks
On Thu, 7 Oct 2021, Volodymyr Babchuk wrote:
> translate_noncontig() allocates domheap page for translated list
> before calling to allocate_optee_shm_buf(), which can fail for number
> of reason. Anyways, after fail we need to free the allocated page(s).
>
> Another leak is possible if the same translate_noncontig() function
> fails to get domain page. In this case it should free allocated
> optee_shm_buf prior exit. This will also free allocated domheap page.
>
> Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@xxxxxxxx>
Acked-by: Stefano Stabellini <sstabellini@xxxxxxxxxx>
> ---
> xen/arch/arm/tee/optee.c | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/xen/arch/arm/tee/optee.c b/xen/arch/arm/tee/optee.c
> index 6df0d44eb9..131d2f9a8a 100644
> --- a/xen/arch/arm/tee/optee.c
> +++ b/xen/arch/arm/tee/optee.c
> @@ -781,7 +781,10 @@ static int translate_noncontig(struct optee_domain *ctx,
> optee_shm_buf = allocate_optee_shm_buf(ctx, param->u.tmem.shm_ref,
> pg_count, xen_pgs, order);
> if ( IS_ERR(optee_shm_buf) )
> + {
> + free_domheap_pages(xen_pgs, order);
> return PTR_ERR(optee_shm_buf);
> + }
>
> gfn = gaddr_to_gfn(param->u.tmem.buf_ptr &
> ~(OPTEE_MSG_NONCONTIG_PAGE_SIZE - 1));
> @@ -807,7 +810,7 @@ static int translate_noncontig(struct optee_domain *ctx,
> {
> guest_pg = get_domain_ram_page(gfn);
> if ( !guest_pg )
> - return -EINVAL;
> + goto free_shm_buf;
>
> guest_data = __map_domain_page(guest_pg);
> xen_data = __map_domain_page(xen_pgs);
> @@ -854,6 +857,7 @@ err_unmap:
> unmap_domain_page(guest_data);
> unmap_domain_page(xen_data);
> put_page(guest_pg);
> +free_shm_buf:
> free_optee_shm_buf(ctx, optee_shm_buf->cookie);
>
> return -EINVAL;
> --
> 2.33.0
>
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |