Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit be6d05cf authored by Jan Kiszka's avatar Jan Kiszka Committed by Avi Kivity
Browse files

KVM: VMX: Ensure that vmx_create_vcpu always returns proper error 



In case certain allocations fail, vmx_create_vcpu may return 0 as error
instead of a negative value encoded via ERR_PTR. This causes a NULL
pointer dereferencing later on in kvm_vm_ioctl_vcpu_create.

Reported-by: default avatarSasha Levin <levinsasha928@gmail.com>
Signed-off-by: default avatarJan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: default avatarMarcelo Tosatti <mtosatti@redhat.com>
parent 7ae441ea

arch/x86/kvm/vmx.c

+3 −2
Original line number Original line Diff line number Diff line
@@ -4251,8 +4251,8 @@ static struct kvm_vcpu *vmx_create_vcpu(struct kvm *kvm, unsigned int id) 
		goto free_vcpu;

		goto free_vcpu;





	vmx->guest_msrs = kmalloc(PAGE_SIZE, GFP_KERNEL);

	vmx->guest_msrs = kmalloc(PAGE_SIZE, GFP_KERNEL);

	if (!vmx->guest_msrs) {

	err = -ENOMEM;

	err = -ENOMEM;

	if (!vmx->guest_msrs) {

		goto uninit_vcpu;

		goto uninit_vcpu;

	}

	}
@@ -4271,7 +4271,8 @@ static struct kvm_vcpu *vmx_create_vcpu(struct kvm *kvm, unsigned int id) 
	if (err)

	if (err)

		goto free_vmcs;

		goto free_vmcs;

	if (vm_need_virtualize_apic_accesses(kvm))

	if (vm_need_virtualize_apic_accesses(kvm))

		if (alloc_apic_access_page(kvm) != 0)

		err = alloc_apic_access_page(kvm);

		if (err)

			goto free_vmcs;

			goto free_vmcs;





	if (enable_ept) {

	if (enable_ept) {