13309 bhyve movs emulation leaks mem refcnt

Reviewed by: Dan McDonald <danmcd@joyent.com> Reviewed by: Jason King <jason.brian.king@gmail.com> Reviewed by: Ryan Zezeski <ryan@zinascii.com> Reviewed by: Rick V <rick@snowlight.net> Approved by: Robert Mustacchi <rm@fingolfin.org>
author: Patrick Mooney <pmooney@pfmooney.com> 2020-11-12 23:16:20 +0000
committer: Patrick Mooney <pmooney@oxide.computer> 2020-11-13 21:09:09 +0000
commit: 83cd75bb2949d26e6eb38ddefc60fdeed1909643 (patch)
tree: 3af06e88dde4b957316ebaf475e482c75c3aaac3
parent: b713c91e508f40be7797bedd4ae1146ef0652625 (diff)
download: illumos-joyent-83cd75bb2949d26e6eb38ddefc60fdeed1909643.tar.gz
1 files changed, 12 insertions, 4 deletions
diff --git a/usr/src/uts/i86pc/io/vmm/vmm_instruction_emul.c b/usr/src/uts/i86pc/io/vmm/vmm_instruction_emul.c
index 18d756e363..31f6ea75b5 100644
--- a/usr/src/uts/i86pc/io/vmm/vmm_instruction_emul.c
+++ b/usr/src/uts/i86pc/io/vmm/vmm_instruction_emul.c
@@ -993,11 +993,19 @@ vie_emulate_movs(struct vie *vie, struct vm *vm, int vcpuid, uint64_t gpa)
 			 */
 			error = vie_mmio_read(vie, vm, vcpuid, gpa, &val,
 			    opsize);
-			if (error)
-				goto done;
 
-			vm_copyout(vm, vcpuid, &val, copyinfo, opsize);
-			vm_copy_teardown(vm, vcpuid, copyinfo, nitems(copyinfo));
+			if (error == 0) {
+				vm_copyout(vm, vcpuid, &val, copyinfo, opsize);
+			}
+			/*
+			 * Regardless of whether the MMIO read was successful or
+			 * not, the copy resources must be cleaned up.
+			 */
+			vm_copy_teardown(vm, vcpuid, copyinfo,
+			    nitems(copyinfo));
+			if (error != 0) {
+				goto done;
+			}
 		} else {
 			/*
 			 * Case (4): read from and write to mmio.
author	Patrick Mooney <pmooney@pfmooney.com>	2020-11-12 23:16:20 +0000
committer	Patrick Mooney <pmooney@oxide.computer>	2020-11-13 21:09:09 +0000
commit	83cd75bb2949d26e6eb38ddefc60fdeed1909643 (patch)
tree	3af06e88dde4b957316ebaf475e482c75c3aaac3
parent	b713c91e508f40be7797bedd4ae1146ef0652625 (diff)
download	illumos-joyent-83cd75bb2949d26e6eb38ddefc60fdeed1909643.tar.gz