From 825c17428a476d8be25d9caa6671c08da464267c Mon Sep 17 00:00:00 2001
From: Keir Fraser <keirf@google.com>
Date: Fri, 10 Nov 2023 09:22:41 +0000
Subject: [PATCH] ANDROID: KVM: arm64: Fix error path in pkvm_mem_abort()

On one error path, pin_user_pages has succeeded and should be
undone.

Bug: 310131277
Change-Id: I92fe0c54bb5b8005f848491f5e9be1090b61fbd1
Signed-off-by: Keir Fraser <keirf@google.com>
---
 arch/arm64/kvm/mmu.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/arch/arm64/kvm/mmu.c b/arch/arm64/kvm/mmu.c
index 807e66c05709..0f3817fc7ecc 100644
--- a/arch/arm64/kvm/mmu.c
+++ b/arch/arm64/kvm/mmu.c
@@ -1388,7 +1388,7 @@ static int pkvm_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa,
 		 * prevent try_to_unmap() from succeeding.
 		 */
 		ret = -EIO;
-		goto dec_account;
+		goto unpin;
 	}
 
 	write_lock(&kvm->mmu_lock);
@@ -1397,7 +1397,7 @@ static int pkvm_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa,
 	if (ret) {
 		if (ret == -EAGAIN)
 			ret = 0;
-		goto unpin;
+		goto unlock;
 	}
 
 	ppage->page = page;
@@ -1407,8 +1407,9 @@ static int pkvm_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa,
 
 	return 0;
 
-unpin:
+unlock:
 	write_unlock(&kvm->mmu_lock);
+unpin:
 	unpin_user_pages(&page, 1);
 dec_account:
 	account_locked_vm(mm, 1, false);