git.openpandora.org / pandora-kernel.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
KVM: VMX: fix use after free of vmx->loaded_vmcs
[pandora-kernel.git] / arch / x86 / kvm / vmx.c
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index f90320b..7661eb1 100644 (file)
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -5137,10 +5137,14 @@ static int handle_dr(struct kvm_vcpu *vcpu)
        reg = DEBUG_REG_ACCESS_REG(exit_qualification);
        if (exit_qualification & TYPE_MOV_FROM_DR) {
                unsigned long val;
-               if (!kvm_get_dr(vcpu, dr, &val))
-                       kvm_register_write(vcpu, reg, val);
+
+               if (kvm_get_dr(vcpu, dr, &val))
+                       return 1;
+               kvm_register_write(vcpu, reg, val);
        } else
-               kvm_set_dr(vcpu, dr, vcpu->arch.regs[reg]);
+               if (kvm_set_dr(vcpu, dr, vcpu->arch.regs[reg]))
+                       return 1;
+
        skip_emulated_instruction(vcpu);
        return 1;
 }
@@ -6517,11 +6521,8 @@ static bool nested_vmx_exit_handled_io(struct kvm_vcpu *vcpu,
        int size;
        u8 b;
 
-       if (nested_cpu_has(vmcs12, CPU_BASED_UNCOND_IO_EXITING))
-               return 1;
-
        if (!nested_cpu_has(vmcs12, CPU_BASED_USE_IO_BITMAPS))
-               return 0;
+               return nested_cpu_has(vmcs12, CPU_BASED_UNCOND_IO_EXITING);
 
        exit_qualification = vmcs_readl(EXIT_QUALIFICATION);
 
@@ -7389,8 +7390,8 @@ static void vmx_free_vcpu(struct kvm_vcpu *vcpu)
        struct vcpu_vmx *vmx = to_vmx(vcpu);
 
        free_vpid(vmx);
-       free_nested(vmx);
        free_loaded_vmcs(vmx->loaded_vmcs);
+       free_nested(vmx);
        kfree(vmx->guest_msrs);
        kvm_vcpu_uninit(vcpu);
        kmem_cache_free(kvm_vcpu_cache, vmx);
@@ -7763,6 +7764,11 @@ static void prepare_vmcs02(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12)
                        else
                                vmcs_write64(APIC_ACCESS_ADDR,
                                  page_to_phys(vmx->nested.apic_access_page));
+               } else if (vm_need_virtualize_apic_accesses(vmx->vcpu.kvm)) {
+                       exec_control |=
+                               SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES;
+                       vmcs_write64(APIC_ACCESS_ADDR,
+                               page_to_phys(vcpu->kvm->arch.apic_access_page));
                }
 
                vmcs_write32(SECONDARY_VM_EXEC_CONTROL, exec_control);
Pandora Kernel Repository