KVM: s390: Fix possible reference leak in fault-in code

If kvm_s390_new_mmu_cache() fails, kvm_s390_faultin_gfn() returns
without releasing the faulted page.

Fix this by moving the allocation of the memory cache outside of the
loop. There is no reason to check at every iteration.

Opportunistically fix a comment.

Fixes: e907ae530133 ("KVM: s390: Add helper functions for fault handling")
Signed-off-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
Message-ID: <20260602142356.169458-10-imbrenda@linux.ibm.com>

diff --git a/arch/s390/kvm/faultin.c b/arch/s390/kvm/faultin.c
index cf542b0a7e8e308258b17b07316babf753b5e04d..fee80047bd94ffd044e917cfa5441b9724e4080c 100644 (file)
--- a/arch/s390/kvm/faultin.c
+++ b/arch/s390/kvm/faultin.c
@@ -54,6 +54,13 @@ int kvm_s390_faultin_gfn(struct kvm_vcpu *vcpu, struct kvm *kvm, struct guest_fa
                        return 0;
        }
 
+       if (!mc) {
+               local_mc = kvm_s390_new_mmu_cache();
+               if (!local_mc)
+                       return -ENOMEM;
+               mc = local_mc;
+       }
+
        while (rc == -EAGAIN) {
                f->valid = false;
                inv_seq = kvm->mmu_invalidate_seq;
@@ -94,14 +101,7 @@ int kvm_s390_faultin_gfn(struct kvm_vcpu *vcpu, struct kvm *kvm, struct guest_fa
                if (is_error_pfn(f->pfn))
                        return -EFAULT;
 
-               if (!mc) {
-                       local_mc = kvm_s390_new_mmu_cache();
-                       if (!local_mc)
-                               return -ENOMEM;
-                       mc = local_mc;
-               }
-
-               /* Loop, will automatically release the faulted page. */
+               /* Loop, release the faulted page. */
                if (mmu_invalidate_retry_gfn_unsafe(kvm, inv_seq, f->gfn)) {
                        kvm_release_faultin_page(kvm, f->page, true, false);
                        continue;