vfio/type1: Fix leak on error pathvfio-v3.11

We also don't handle unpinning zero pages as an error on other exits so we can fix that inconsistency by rolling in the next conditional return. Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
author: Alex Williamson <alex.williamson@redhat.com> 2013-07-01 08:28:58 -0600
committer: Alex Williamson <alex.williamson@redhat.com> 2013-07-01 08:28:58 -0600
commit: 8d38ef1948bd415a5cb653a5c0ec16f3402aaca1 (patch)
tree: a28c39a7e8f7b4855a4ff867051fd90297aad670
parent: 6d6768c61b39a2184bc11bb0342e4f7f35642bcc (diff)
1 files changed, 8 insertions, 5 deletions
diff --git a/drivers/vfio/vfio_iommu_type1.c b/drivers/vfio/vfio_iommu_type1.c
index 98231d10890c..a9807dea3887 100644
--- a/drivers/vfio/vfio_iommu_type1.c
+++ b/drivers/vfio/vfio_iommu_type1.c
@@ -436,6 +436,12 @@ static int vfio_remove_dma_overlap(struct vfio_iommu *iommu, dma_addr_t start,
 	}
 
 	/* Split existing */
+
+	/*
+	 * Allocate our tracking structure early even though it may not
+	 * be used.  An Allocation failure later loses track of pages and
+	 * is more difficult to unwind.
+	 */
 	split = kzalloc(sizeof(*split), GFP_KERNEL);
 	if (!split)
 		return -ENOMEM;
@@ -443,12 +449,9 @@ static int vfio_remove_dma_overlap(struct vfio_iommu *iommu, dma_addr_t start,
 	offset = start - dma->iova;
 
 	ret = vfio_unmap_unpin(iommu, dma, start, size);
-	if (ret)
-		return ret;
-
-	if (!*size) {
+	if (ret || !*size) {
 		kfree(split);
-		return -EINVAL;
+		return ret;
 	}
 
 	tmp = dma->size;
author	Alex Williamson <alex.williamson@redhat.com>	2013-07-01 08:28:58 -0600
committer	Alex Williamson <alex.williamson@redhat.com>	2013-07-01 08:28:58 -0600
commit	8d38ef1948bd415a5cb653a5c0ec16f3402aaca1 (patch)
tree	a28c39a7e8f7b4855a4ff867051fd90297aad670
parent	6d6768c61b39a2184bc11bb0342e4f7f35642bcc (diff)