diff options
author | Paolo Bonzini <pbonzini@redhat.com> | 2024-06-11 04:22:18 -0400 |
---|---|---|
committer | Paolo Bonzini <pbonzini@redhat.com> | 2024-06-20 17:12:11 -0400 |
commit | c31745d2c508796a0996c88bf2e55f552d513f65 (patch) | |
tree | b6d21cb721eff72a4b310f7e0bb8a2f2b84379e7 | |
parent | f474092c6fe1e2154a35308a1a1aef3212c3ecf2 (diff) |
virt: guest_memfd: fix reference leak on hwpoisoned page
If kvm_gmem_get_pfn() detects an hwpoisoned page, it returns -EHWPOISON
but it does not put back the reference that kvm_gmem_get_folio() had
grabbed. Add the forgotten folio_put().
Fixes: a7800aa80ea4 ("KVM: Add KVM_CREATE_GUEST_MEMFD ioctl() for guest-specific backing memory")
Cc: stable@vger.kernel.org
Reviewed-by: Liam Merwick <liam.merwick@oracle.com>
Reviewed-by: Isaku Yamahata <isaku.yamahata@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-rw-r--r-- | virt/kvm/guest_memfd.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/virt/kvm/guest_memfd.c b/virt/kvm/guest_memfd.c index 0f4e0cf4f158..747fe251e445 100644 --- a/virt/kvm/guest_memfd.c +++ b/virt/kvm/guest_memfd.c @@ -510,8 +510,10 @@ int kvm_gmem_get_pfn(struct kvm *kvm, struct kvm_memory_slot *slot, } if (folio_test_hwpoison(folio)) { + folio_unlock(folio); + folio_put(folio); r = -EHWPOISON; - goto out_unlock; + goto out_fput; } page = folio_file_page(folio, index); @@ -522,7 +524,6 @@ int kvm_gmem_get_pfn(struct kvm *kvm, struct kvm_memory_slot *slot, r = 0; -out_unlock: folio_unlock(folio); out_fput: fput(file); |