KVM: s390: Fix leaking kvm_s390_mmu_cache in case of errors

Fix a memory leak that can happen if gmap_ucas_map_one() or
kvm_s390_mmu_cache_topup() return error values.

Also fix a similar issue in gmap_set_limit().

Signed-off-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
Fixes: a2c17f9270cc ("KVM: s390: New gmap code")
Reported-by: Jiaxin Fan <jiaxin.fan@ibm.com>
Reviewed-by: Christian Borntraeger <borntraeger@linux.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@linux.ibm.com>

diff --git a/arch/s390/kvm/gmap.c b/arch/s390/kvm/gmap.c
index fd19277619809b8e89243f887d1cca0d996b4938..10c98c8cc1d8867cecead08e7d21f3e377d0fb06 100644 (file)
--- a/arch/s390/kvm/gmap.c
+++ b/arch/s390/kvm/gmap.c
@@ -125,7 +125,7 @@ struct gmap *gmap_new_child(struct gmap *parent, gfn_t limit)
 
 int gmap_set_limit(struct gmap *gmap, gfn_t limit)
 {
-       struct kvm_s390_mmu_cache *mc;
+       struct kvm_s390_mmu_cache *mc __free(kvm_s390_mmu_cache) = NULL;
        int rc, type;
 
        type = gmap_limit_to_type(limit);
@@ -142,7 +142,6 @@ int gmap_set_limit(struct gmap *gmap, gfn_t limit)
                        rc = dat_set_asce_limit(mc, &gmap->asce, type);
        } while (rc == -ENOMEM);
 
-       kvm_s390_free_mmu_cache(mc);
        return 0;
 }
 
@@ -822,8 +821,8 @@ int gmap_ucas_translate(struct kvm_s390_mmu_cache *mc, struct gmap *gmap, gpa_t
 
 int gmap_ucas_map(struct gmap *gmap, gfn_t p_gfn, gfn_t c_gfn, unsigned long count)
 {
-       struct kvm_s390_mmu_cache *mc;
-       int rc;
+       struct kvm_s390_mmu_cache *mc __free(kvm_s390_mmu_cache) = NULL;
+       int rc = 0;
 
        mc = kvm_s390_new_mmu_cache();
        if (!mc)