Skip to content

Commit 506cfba

Browse files
Al Virobonzini
Al Viro
authored and
bonzini
committed
KVM: don't use anon_inode_getfd() before possible failures
Once anon_inode_getfd() has succeeded, it's impossible to undo in a clean way and no, sys_close() is not usable in such cases. Use anon_inode_getfile() and get_unused_fd_flags() to get struct file and descriptor and do *not* install the file into the descriptor table until after the last possible failure exit. Signed-off-by: Paolo Bonzini <[email protected]>
1 parent 7964218 commit 506cfba

File tree

1 file changed

+11
-2
lines changed

1 file changed

+11
-2
lines changed

virt/kvm/kvm_main.c

Lines changed: 11 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3050,6 +3050,7 @@ static int kvm_dev_ioctl_create_vm(unsigned long type)
30503050
{
30513051
int r;
30523052
struct kvm *kvm;
3053+
struct file *file;
30533054

30543055
kvm = kvm_create_vm(type);
30553056
if (IS_ERR(kvm))
@@ -3061,17 +3062,25 @@ static int kvm_dev_ioctl_create_vm(unsigned long type)
30613062
return r;
30623063
}
30633064
#endif
3064-
r = anon_inode_getfd("kvm-vm", &kvm_vm_fops, kvm, O_RDWR | O_CLOEXEC);
3065+
r = get_unused_fd_flags(O_CLOEXEC);
30653066
if (r < 0) {
30663067
kvm_put_kvm(kvm);
30673068
return r;
30683069
}
3070+
file = anon_inode_getfile("kvm-vm", &kvm_vm_fops, kvm, O_RDWR);
3071+
if (IS_ERR(file)) {
3072+
put_unused_fd(r);
3073+
kvm_put_kvm(kvm);
3074+
return PTR_ERR(file);
3075+
}
30693076

30703077
if (kvm_create_vm_debugfs(kvm, r) < 0) {
3071-
kvm_put_kvm(kvm);
3078+
put_unused_fd(r);
3079+
fput(file);
30723080
return -ENOMEM;
30733081
}
30743082

3083+
fd_install(r, file);
30753084
return r;
30763085
}
30773086

0 commit comments

Comments
 (0)