RE: [PATCH hyperv-next v5 13/16] Drivers: hv: Free msginfo when the buffer... | linux-doc

[PATCH hyperv-next v5 00/16] Confidential VMBus · Roman Kisel <hidden> · 2025-08-28
[PATCH hyperv-next v5 01/16] Documentation: hyperv: Confidential VMBus · Roman Kisel <hidden> · 2025-08-28
RE: [PATCH hyperv-next v5 01/16] Documentation: hyperv: Confidential VMBus · Michael Kelley <hidden> · 2025-09-09
[PATCH hyperv-next v5 02/16] drivers: hv: VMBus protocol version 6.0 · Roman Kisel <hidden> · 2025-08-28
RE: [PATCH hyperv-next v5 02/16] drivers: hv: VMBus protocol version 6.0 · Michael Kelley <hidden> · 2025-09-09
[PATCH hyperv-next v5 04/16] arch/x86: mshyperv: Trap on access for some synthetic MSRs · Roman Kisel <hidden> · 2025-08-28
RE: [PATCH hyperv-next v5 04/16] arch/x86: mshyperv: Trap on access for some synthetic MSRs · Michael Kelley <hidden> · 2025-09-09
Re: [PATCH hyperv-next v5 04/16] arch/x86: mshyperv: Trap on access for some synthetic MSRs · Wei Liu <wei.liu@kernel.org> · 2025-09-30
[PATCH hyperv-next v5 03/16] arch: hyperv: Get/set SynIC synth.registers via paravisor · Roman Kisel <hidden> · 2025-08-28
RE: [PATCH hyperv-next v5 03/16] arch: hyperv: Get/set SynIC synth.registers via paravisor · Michael Kelley <hidden> · 2025-09-09
[PATCH hyperv-next v5 05/16] Drivers: hv: Rename fields for SynIC message and event pages · Roman Kisel <hidden> · 2025-08-28
[PATCH hyperv-next v5 06/16] Drivers: hv: Allocate the paravisor SynIC pages when required · Roman Kisel <hidden> · 2025-08-28
[PATCH hyperv-next v5 07/16] Drivers: hv: Post messages through the confidential VMBus if available · Roman Kisel <hidden> · 2025-08-28
[PATCH hyperv-next v5 08/16] Drivers: hv: remove stale comment · Roman Kisel <hidden> · 2025-08-28
[PATCH hyperv-next v5 09/16] Drivers: hv: Check message and event pages for non-NULL before iounmap() · Roman Kisel <hidden> · 2025-08-28
[PATCH hyperv-next v5 10/16] Drivers: hv: Rename the SynIC enable and disable routines · Roman Kisel <hidden> · 2025-08-28
[PATCH hyperv-next v5 12/16] Drivers: hv: Allocate encrypted buffers when requested · Roman Kisel <hidden> · 2025-08-28
[PATCH hyperv-next v5 11/16] Drivers: hv: Functions for setting up and tearing down the paravisor SynIC · Roman Kisel <hidden> · 2025-08-28
RE: [PATCH hyperv-next v5 11/16] Drivers: hv: Functions for setting up and tearing down the paravisor SynIC · Michael Kelley <hidden> · 2025-09-09
[PATCH hyperv-next v5 13/16] Drivers: hv: Free msginfo when the buffer fails to decrypt · Roman Kisel <hidden> · 2025-08-28
RE: [PATCH hyperv-next v5 13/16] Drivers: hv: Free msginfo when the buffer fails to decrypt · Michael Kelley <hidden> · 2025-09-09
[PATCH hyperv-next v5 14/16] Drivers: hv: Support confidential VMBus channels · Roman Kisel <hidden> · 2025-08-28
[PATCH hyperv-next v5 15/16] Drivers: hv: Set the default VMBus version to 6.0 · Roman Kisel <hidden> · 2025-08-28
[PATCH hyperv-next v5 16/16] Drivers: hv: Support establishing the confidential VMBus connection · Roman Kisel <hidden> · 2025-08-28
RE: [PATCH hyperv-next v5 00/16] Confidential VMBus · Michael Kelley <hidden> · 2025-09-09

RE: [PATCH hyperv-next v5 13/16] Drivers: hv: Free msginfo when the buffer fails to decrypt

From: Michael Kelley <hidden>
Date: 2025-09-09 03:14:56
Also in: linux-arch, linux-hyperv, lkml

From: Roman Kisel <redacted> Sent: Wednesday, August 27, 2025 6:06 PM

The early failure path in __vmbus_establish_gpadl() doesn't deallocate
msginfo if the buffer fails to decrypt.

Fix the leak by breaking out the cleanup code into a separate function
and calling it where required.

Fixes: d4dccf353db80 ("Drivers: hv: vmbus: Mark vmbus ring buffer visible to host in Isolation VM")
Reported-by: Michael Kelley <redacted>
Closes: https://lore.kernel.org/linux-hyperv/SN6PR02MB41573796F9787F67E0E97049D472A@SN6PR02MB4157.namprd02.prod.outlook.com/ (local) > Signed-off-by: Roman Kisel [off-list ref]

Reviewed-by: Michael Kelley <redacted>

quoted hunk ↗ jump to hunk

---
 drivers/hv/channel.c | 24 ++++++++++++++++++------
 1 file changed, 18 insertions(+), 6 deletions(-)

diff --git a/drivers/hv/channel.c b/drivers/hv/channel.c
index 1621b95263a5..70270202209b 100644
--- a/drivers/hv/channel.c
+++ b/drivers/hv/channel.c

@@ -410,6 +410,21 @@ static int create_gpadl_header(enum hv_gpadl_type type,

void *kbuffer,
 	return 0;
 }

+static void vmbus_free_channel_msginfo(struct vmbus_channel_msginfo *msginfo)
+{
+	struct vmbus_channel_msginfo *submsginfo, *tmp;
+
+	if (!msginfo)
+		return;
+
+	list_for_each_entry_safe(submsginfo, tmp, &msginfo->submsglist,
+				 msglistentry) {
+		kfree(submsginfo);
+	}
+
+	kfree(msginfo);
+}
+
 /*
  * __vmbus_establish_gpadl - Establish a GPADL for a buffer or ringbuffer
  *

@@ -429,7 +444,7 @@ static int __vmbus_establish_gpadl(struct vmbus_channel *channel,
 	struct vmbus_channel_gpadl_header *gpadlmsg;
 	struct vmbus_channel_gpadl_body *gpadl_body;
 	struct vmbus_channel_msginfo *msginfo = NULL;
-	struct vmbus_channel_msginfo *submsginfo, *tmp;
+	struct vmbus_channel_msginfo *submsginfo;
 	struct list_head *curr;
 	u32 next_gpadl_handle;
 	unsigned long flags;
@@ -459,6 +474,7 @@ static int __vmbus_establish_gpadl(struct vmbus_channel *channel,
 			dev_warn(&channel->device_obj->device,
 				"Failed to set host visibility for new GPADL %d.\n",
 				ret);
+			vmbus_free_channel_msginfo(msginfo);
 			return ret;
 		}
 	}
@@ -535,12 +551,8 @@ static int __vmbus_establish_gpadl(struct vmbus_channel *channel,
 	spin_lock_irqsave(&vmbus_connection.channelmsg_lock, flags);
 	list_del(&msginfo->msglistentry);
 	spin_unlock_irqrestore(&vmbus_connection.channelmsg_lock, flags);
-	list_for_each_entry_safe(submsginfo, tmp, &msginfo->submsglist,
-				 msglistentry) {
-		kfree(submsginfo);
-	}

-	kfree(msginfo);
+	vmbus_free_channel_msginfo(msginfo);

 	if (ret) {
 		/*
--

2.43.0

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help