git.openpandora.org / pandora-kernel.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
KVM: VMX: fix use after free of vmx->loaded_vmcs
[pandora-kernel.git] / arch / x86 / kvm / vmx.c
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 9cc5484..7661eb1 100644 (file)
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -6521,11 +6521,8 @@ static bool nested_vmx_exit_handled_io(struct kvm_vcpu *vcpu,
        int size;
        u8 b;
 
-       if (nested_cpu_has(vmcs12, CPU_BASED_UNCOND_IO_EXITING))
-               return 1;
-
        if (!nested_cpu_has(vmcs12, CPU_BASED_USE_IO_BITMAPS))
-               return 0;
+               return nested_cpu_has(vmcs12, CPU_BASED_UNCOND_IO_EXITING);
 
        exit_qualification = vmcs_readl(EXIT_QUALIFICATION);
 
@@ -7393,8 +7390,8 @@ static void vmx_free_vcpu(struct kvm_vcpu *vcpu)
        struct vcpu_vmx *vmx = to_vmx(vcpu);
 
        free_vpid(vmx);
-       free_nested(vmx);
        free_loaded_vmcs(vmx->loaded_vmcs);
+       free_nested(vmx);
        kfree(vmx->guest_msrs);
        kvm_vcpu_uninit(vcpu);
        kmem_cache_free(kvm_vcpu_cache, vmx);
Pandora Kernel Repository