[PATCH] KVM: x86/xen: Fix eventfd error handling in kvm_xen_eventfd_assign()

From: Eiichi Tsukata
Date: Fri Oct 28 2022 - 06:06:38 EST

Next message: Ziyang Xuan (William): "Re: [PATCH net] ipv6/gro: fix an out of bounds memory bug in ipv6_gro_receive()"
Previous message: Ville Syrjälä: "Re: [PATCH] drm/simpledrm: Only advertise formats that are supported"
Next in thread: Paolo Bonzini: "Re: [PATCH] KVM: x86/xen: Fix eventfd error handling in kvm_xen_eventfd_assign()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Should not call eventfd_ctx_put() in case of error.

Fixes: 2fd6df2f2b47 ("KVM: x86/xen: intercept EVTCHNOP_send from guests")
Reported-by: syzbot+6f0c896c5a9449a10ded@xxxxxxxxxxxxxxxxxxxxxxxxx
Signed-off-by: Eiichi Tsukata <eiichi.tsukata@xxxxxxxxxxx>
---
arch/x86/kvm/xen.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/x86/kvm/xen.c b/arch/x86/kvm/xen.c
index 93c628d3e3a9..a357994982c6 100644
--- a/arch/x86/kvm/xen.c
+++ b/arch/x86/kvm/xen.c
@@ -1716,7 +1716,7 @@ static int kvm_xen_eventfd_assign(struct kvm *kvm,
if (ret == -ENOSPC)
ret = -EEXIST;
out:
- if (eventfd)
+ if (eventfd && !IS_ERR(eventfd))
eventfd_ctx_put(eventfd);
kfree(evtchnfd);
return ret;
--
2.37.3

Next message: Ziyang Xuan (William): "Re: [PATCH net] ipv6/gro: fix an out of bounds memory bug in ipv6_gro_receive()"
Previous message: Ville Syrjälä: "Re: [PATCH] drm/simpledrm: Only advertise formats that are supported"
Next in thread: Paolo Bonzini: "Re: [PATCH] KVM: x86/xen: Fix eventfd error handling in kvm_xen_eventfd_assign()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]