[PATCH] KVM/arm64: vgic-its: Fix memory leak when vgic_its_set_abi() fails

[Jackie Liu]

From: Jackie Liu <liuyun01 at kylinos.cn>

In vgic_its_create(), if vgic_its_set_abi() fails after allocating the
its structure and setting kvm state, the allocated 'its' is leaked
because the function returns without freeing it.

Fix by rolling back the kvm state flags and freeing the its structure
when vgic_its_set_abi() returns an error.

Fixes: 71afe470e20d ("KVM: arm64: vgic-its: Introduce migration ABI infrastructure")
Signed-off-by: Jackie Liu <liuyun01 at kylinos.cn>
---
 arch/arm64/kvm/vgic/vgic-its.c | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/arch/arm64/kvm/vgic/vgic-its.c b/arch/arm64/kvm/vgic/vgic-its.c
index 1d7e5d560af4..83718eab4e06 100644
--- a/arch/arm64/kvm/vgic/vgic-its.c
+++ b/arch/arm64/kvm/vgic/vgic-its.c
@@ -1878,8 +1878,6 @@ static int vgic_its_create(struct kvm_device *dev, u32 type)
 	INIT_LIST_HEAD(&its->collection_list);
 	xa_init(&its->translation_cache);
 
-	dev->kvm->arch.vgic.msis_require_devid = true;
-	dev->kvm->arch.vgic.has_its = true;
 	its->enabled = false;
 	its->dev = dev;
 
@@ -1887,15 +1885,21 @@ static int vgic_its_create(struct kvm_device *dev, u32 type)
 		((u64)GITS_BASER_TYPE_DEVICE << GITS_BASER_TYPE_SHIFT);
 	its->baser_coll_table = INITIAL_BASER_VALUE |
 		((u64)GITS_BASER_TYPE_COLLECTION << GITS_BASER_TYPE_SHIFT);
-	dev->kvm->arch.vgic.propbaser = INITIAL_PROPBASER_VALUE;
-
-	dev->private = its;
 
 	ret = vgic_its_set_abi(its, NR_ITS_ABIS - 1);
+	if (ret) {
+		mutex_unlock(&dev->kvm->arch.config_lock);
+		kfree(its);
+		return ret;
+	}
 
-	mutex_unlock(&dev->kvm->arch.config_lock);
+	dev->kvm->arch.vgic.msis_require_devid = true;
+	dev->kvm->arch.vgic.has_its = true;
+	dev->kvm->arch.vgic.propbaser = INITIAL_PROPBASER_VALUE;
+	dev->private = its;
 
-	return ret;
+	mutex_unlock(&dev->kvm->arch.config_lock);
+	return 0;
 }
 
 static void vgic_its_destroy(struct kvm_device *kvm_dev)
-- 
2.54.0