xen/gntdev: don't leak memory from IOCTL_GNTDEV_MAP_GRANT_REF

map->kmap_ops allocated in gntdev_alloc_map() wasn't freed by gntdev_put_map(). Add a gntdev_free_map() helper function to free everything allocated by gntdev_alloc_map(). Signed-off-by: David Vrabel <david.vrabel@citrix.com> Cc: stable@vger.kernel.org Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>

xen/gntdev: don't leak memory from IOCTL_GNTDEV_MAP_GRANT_REF
map->kmap_ops allocated in gntdev_alloc_map() wasn't freed by gntdev_put_map(). Add a gntdev_free_map() helper function to free everything allocated by gntdev_alloc_map(). Signed-off-by: David Vrabel <david.vrabel@citrix.com> Cc: stable@vger.kernel.org Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
David Vrabel · Konrad Rzeszutek Wilk
1 parent b6514633bd
Showing 1 changed file with 19 additions and 17 deletions Side-by-side Diff
drivers/xen/gntdev.c
@@ -105,6 +105,21 @@
 #endif
 }
  
+static void gntdev_free_map(struct grant_map *map)
+{
+	if (map == NULL)
+		return;
+
+	if (map->pages)
+		free_xenballooned_pages(map->count, map->pages);
+	kfree(map->pages);
+	kfree(map->grants);
+	kfree(map->map_ops);
+	kfree(map->unmap_ops);
+	kfree(map->kmap_ops);
+	kfree(map);
+}
+
 static struct grant_map *gntdev_alloc_map(struct gntdev_priv *priv, int count)
 {
 	struct grant_map *add;
@@ -142,12 +157,7 @@
 	return add;
  
 err:
-	kfree(add->pages);
-	kfree(add->grants);
-	kfree(add->map_ops);
-	kfree(add->unmap_ops);
-	kfree(add->kmap_ops);
-	kfree(add);
+	gntdev_free_map(add);
 	return NULL;
 }
  
@@ -198,17 +208,9 @@
 		evtchn_put(map->notify.event);
 	}
  
-	if (map->pages) {
-		if (!use_ptemod)
-			unmap_grant_pages(map, 0, map->count);
-
-		free_xenballooned_pages(map->count, map->pages);
-	}
-	kfree(map->pages);
-	kfree(map->grants);
-	kfree(map->map_ops);
-	kfree(map->unmap_ops);
-	kfree(map);
+	if (map->pages && !use_ptemod)
+		unmap_grant_pages(map, 0, map->count);
+	gntdev_free_map(map);
 }
  
 /* ------------------------------------------------------------------ */
...	...	@@ -105,6 +105,21 @@
105	105	#endif
106	106	}
107	107
	108	+static void gntdev_free_map(struct grant_map *map)
	109	+{
	110	+ if (map == NULL)
	111	+ return;
	112	+
	113	+ if (map->pages)
	114	+ free_xenballooned_pages(map->count, map->pages);
	115	+ kfree(map->pages);
	116	+ kfree(map->grants);
	117	+ kfree(map->map_ops);
	118	+ kfree(map->unmap_ops);
	119	+ kfree(map->kmap_ops);
	120	+ kfree(map);
	121	+}
	122	+
108	123	static struct grant_map gntdev_alloc_map(struct gntdev_priv priv, int count)
109	124	{
110	125	struct grant_map *add;
...	...	@@ -142,12 +157,7 @@
142	157	return add;
143	158
144	159	err:
145		- kfree(add->pages);
146		- kfree(add->grants);
147		- kfree(add->map_ops);
148		- kfree(add->unmap_ops);
149		- kfree(add->kmap_ops);
150		- kfree(add);
	160	+ gntdev_free_map(add);
151	161	return NULL;
152	162	}
153	163
...	...	@@ -198,17 +208,9 @@
198	208	evtchn_put(map->notify.event);
199	209	}
200	210
201		- if (map->pages) {
202		- if (!use_ptemod)
203		- unmap_grant_pages(map, 0, map->count);
204		-
205		- free_xenballooned_pages(map->count, map->pages);
206		- }
207		- kfree(map->pages);
208		- kfree(map->grants);
209		- kfree(map->map_ops);
210		- kfree(map->unmap_ops);
211		- kfree(map);
	211	+ if (map->pages && !use_ptemod)
	212	+ unmap_grant_pages(map, 0, map->count);
	213	+ gntdev_free_map(map);
212	214	}
213	215
214	216	/* ------------------------------------------------------------------ */