aboutsummaryrefslogtreecommitdiffstats
path: root/arch/powerpc/kvm/book3s_hv_builtin.c
diff options
context:
space:
mode:
authorPaul Mackerras <paulus@samba.org>2012-02-02 19:45:02 -0500
committerPaul Mackerras <paulus@samba.org>2012-04-03 02:42:22 -0400
commitb4e51229d8a1e499fe65153766437152cca42053 (patch)
tree3aec12257db287a7a05b4a416b5e5b50702587fb /arch/powerpc/kvm/book3s_hv_builtin.c
parentb8e6f8ae511d88732247aa2af26bfd1bef21b2f4 (diff)
KVM: PPC: Book3S HV: Fix kvm_alloc_linear in case where no linears exist
In kvm_alloc_linear we were using and deferencing ri after the list_for_each_entry had come to the end of the list. In that situation, ri is not really defined and probably points to the list head. This will happen every time if the free_linears list is empty, for instance. This led to a NULL pointer dereference crash in memset on POWER7 while trying to allocate an HPT in the case where no HPTs were preallocated. This fixes it by using a separate variable for the return value from the loop iterator. Signed-off-by: Paul Mackerras <paulus@samba.org> Signed-off-by: Alexander Graf <agraf@suse.de> Signed-off-by: Paul Mackerras <paulus@samba.org>
Diffstat (limited to 'arch/powerpc/kvm/book3s_hv_builtin.c')
-rw-r--r--arch/powerpc/kvm/book3s_hv_builtin.c9
1 files changed, 5 insertions, 4 deletions
diff --git a/arch/powerpc/kvm/book3s_hv_builtin.c b/arch/powerpc/kvm/book3s_hv_builtin.c
index bed1279aa6a8..e1b60f56f2a1 100644
--- a/arch/powerpc/kvm/book3s_hv_builtin.c
+++ b/arch/powerpc/kvm/book3s_hv_builtin.c
@@ -173,9 +173,9 @@ static void __init kvm_linear_init_one(ulong size, int count, int type)
173 173
174static struct kvmppc_linear_info *kvm_alloc_linear(int type) 174static struct kvmppc_linear_info *kvm_alloc_linear(int type)
175{ 175{
176 struct kvmppc_linear_info *ri; 176 struct kvmppc_linear_info *ri, *ret;
177 177
178 ri = NULL; 178 ret = NULL;
179 spin_lock(&linear_lock); 179 spin_lock(&linear_lock);
180 list_for_each_entry(ri, &free_linears, list) { 180 list_for_each_entry(ri, &free_linears, list) {
181 if (ri->type != type) 181 if (ri->type != type)
@@ -183,11 +183,12 @@ static struct kvmppc_linear_info *kvm_alloc_linear(int type)
183 183
184 list_del(&ri->list); 184 list_del(&ri->list);
185 atomic_inc(&ri->use_count); 185 atomic_inc(&ri->use_count);
186 memset(ri->base_virt, 0, ri->npages << PAGE_SHIFT);
187 ret = ri;
186 break; 188 break;
187 } 189 }
188 spin_unlock(&linear_lock); 190 spin_unlock(&linear_lock);
189 memset(ri->base_virt, 0, ri->npages << PAGE_SHIFT); 191 return ret;
190 return ri;
191} 192}
192 193
193static void kvm_release_linear(struct kvmppc_linear_info *ri) 194static void kvm_release_linear(struct kvmppc_linear_info *ri)