Xen project Mailing List

[PATCH] xen/arm: optee: fix possible memory leaks

To: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>

From: Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>

Date: Thu, 7 Oct 2021 23:25:02 +0000

Accept-language: en-US

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com; dkim=pass header.d=epam.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=fuZI90lAAIKpFQMzV5avlUK1NGDhGgySXt1h3s9njuo=; b=l+7l6Jj6Gmtqq1X+Zxke+ueA88IIt66o/0VroMMjJ1GIVdPuOTQYGuyTW3R7rw51Orb8CDFNNZjsik45cwEBt23FfRV3YRfOGOtM47HZTc1xQHoa7xcOwDUxTuHowndY6huPrPgyfJWDojXOdyyBaYFpVPz0H01q0BkoHOLEb/PyrQlu6JhnX8Vb37GwUpwzeM0Ya8Y5vCbQGrO6dFo42S8blhyL7doUJMHKbCaVl1BDGbp6qIiMoqPlTsoId5vnXlprYAN1oxnnwDgK3HGD4deqm1ORsd8JHeHPHJqUsD4aeUlBG5Ox0evxN7otTWMKi09jxBv3n8tv5asnqAhInA==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=kWACLVBep/EjGcDRWdem+cWhO6hib95j1FOykwWkA9NT0ZTy0PvqROtnWx2JzEm7JpB3CrdH+g8e382tmPRTijQyzfQ03jLW/KAFWDpqAE9PVDFFZheQ3melk2saaSc1Giog9094vC9l25I8N9HFF1h9+dnxp8L7u1IEnDyPr95D8azemaZ2tVdEQ+nimcDCUaEDCGuYPIXkEqVv/B13obboRJE4VJTBIsJsB4NFG6guP/vefKFabKr6Y0Bf9lDc/ANHktkGNlopncSHXRE0xWrsmmhca+EMTT7uC9WORNRzXUeUiP14Mb+2eCXs8hK3g7R0qvXYevH2D6uz9QMAUw==

Authentication-results: lists.xenproject.org; dkim=none (message not signed) header.d=none;lists.xenproject.org; dmarc=none action=none header.from=epam.com;

Cc: "tee-dev@xxxxxxxxxxxxxxxx" <tee-dev@xxxxxxxxxxxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>

Delivery-date: Thu, 07 Oct 2021 23:25:14 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Thread-index: AQHXu9KNK+VfP9tRZUeeM3jP6MNf8A==

Thread-topic: [PATCH] xen/arm: optee: fix possible memory leaks

translate_noncontig() allocates domheap page for translated list before calling to allocate_optee_shm_buf(), which can fail for number of reason. Anyways, after fail we need to free the allocated page(s). Another leak is possible if the same translate_noncontig() function fails to get domain page. In this case it should free allocated optee_shm_buf prior exit. This will also free allocated domheap page. Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@xxxxxxxx> --- xen/arch/arm/tee/optee.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/xen/arch/arm/tee/optee.c b/xen/arch/arm/tee/optee.c index 6df0d44eb9..131d2f9a8a 100644 --- a/xen/arch/arm/tee/optee.c +++ b/xen/arch/arm/tee/optee.c @@ -781,7 +781,10 @@ static int translate_noncontig(struct optee_domain *ctx, optee_shm_buf = allocate_optee_shm_buf(ctx, param->u.tmem.shm_ref, pg_count, xen_pgs, order); if ( IS_ERR(optee_shm_buf) ) + { + free_domheap_pages(xen_pgs, order); return PTR_ERR(optee_shm_buf); + } gfn = gaddr_to_gfn(param->u.tmem.buf_ptr & ~(OPTEE_MSG_NONCONTIG_PAGE_SIZE - 1)); @@ -807,7 +810,7 @@ static int translate_noncontig(struct optee_domain *ctx, { guest_pg = get_domain_ram_page(gfn); if ( !guest_pg ) - return -EINVAL; + goto free_shm_buf; guest_data = __map_domain_page(guest_pg); xen_data = __map_domain_page(xen_pgs); @@ -854,6 +857,7 @@ err_unmap: unmap_domain_page(guest_data); unmap_domain_page(xen_data); put_page(guest_pg); +free_shm_buf: free_optee_shm_buf(ctx, optee_shm_buf->cookie); return -EINVAL; -- 2.33.0

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.