Commit c31745d2 authored Jun 11, 2024 by Paolo Bonzini

virt: guest_memfd: fix reference leak on hwpoisoned page



If kvm_gmem_get_pfn() detects an hwpoisoned page, it returns -EHWPOISON
but it does not put back the reference that kvm_gmem_get_folio() had
grabbed.  Add the forgotten folio_put().

Fixes: a7800aa8 ("KVM: Add KVM_CREATE_GUEST_MEMFD ioctl() for guest-specific backing memory")
Cc: stable@vger.kernel.org
Reviewed-by: Liam Merwick <liam.merwick@oracle.com>
Reviewed-by: Isaku Yamahata <isaku.yamahata@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

parent f474092c

virt/kvm/guest_memfd.c

+3 −2

Original line number	Diff line number	Diff line
		@@ -510,8 +510,10 @@ int kvm_gmem_get_pfn(struct kvm kvm, struct kvm_memory_slot slot,
		}

		if (folio_test_hwpoison(folio)) {
		folio_unlock(folio);
		folio_put(folio);
		r = -EHWPOISON;
		goto out_unlock;
		goto out_fput;
		}

		page = folio_file_page(folio, index);
		@@ -522,7 +524,6 @@ int kvm_gmem_get_pfn(struct kvm kvm, struct kvm_memory_slot slot,

		r = 0;

		out_unlock:
		folio_unlock(folio);
		out_fput:
		fput(file);