Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm

Pull KVM fixes from Paolo Bonzini: "Two vmx bugfixes" * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: kvm: x86: vmx: fix vpid leak KVM: vmx: use local variable for current_vmptr when emulating VMPTRST
author: Linus Torvalds <torvalds@linux-foundation.org> 2018-08-03 16:43:59 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2018-08-03 16:43:59 -0400
commit: 0b5b1f9a78b5e1bb3c3972fcd27dc013367550f8 (patch)
tree: 13aa83993f5119ae70b19023abcecb594b5aa612
parent: f6229c395874a37ea72137337242055dcaf30112 (diff)
parent: 63aff65573d73eb8dda4732ad4ef222dd35e4862 (diff)
1 files changed, 10 insertions, 12 deletions
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index e30da9a2430c..5d8e317c2b04 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -7893,6 +7893,8 @@ static int enter_vmx_operation(struct kvm_vcpu *vcpu)
                     HRTIMER_MODE_REL_PINNED);
        vmx->nested.preemption_timer.function = vmx_preemption_timer_fn;
+        vmx->nested.vpid02 = allocate_vpid();
        vmx->nested.vmxon = true;
        return 0;
@@ -8480,21 +8482,20 @@ static int handle_vmptrld(struct kvm_vcpu *vcpu)
 /* Emulate the VMPTRST instruction */
 static int handle_vmptrst(struct kvm_vcpu *vcpu)
 {
-        unsigned long exit_qualification = vmcs_readl(EXIT_QUALIFICATION);
+        unsigned long exit_qual = vmcs_readl(EXIT_QUALIFICATION);
-        u32 vmx_instruction_info = vmcs_read32(VMX_INSTRUCTION_INFO);
+        u32 instr_info = vmcs_read32(VMX_INSTRUCTION_INFO);
-        gva_t vmcs_gva;
+        gpa_t current_vmptr = to_vmx(vcpu)->nested.current_vmptr;
        struct x86_exception e;
+        gva_t gva;
        if (!nested_vmx_check_permission(vcpu))
                return 1;
-        if (get_vmx_mem_address(vcpu, exit_qualification,
+        if (get_vmx_mem_address(vcpu, exit_qual, instr_info, true, &gva))
-                        vmx_instruction_info, true, &vmcs_gva))
                return 1;
        /* *_system ok, nested_vmx_check_permission has verified cpl=0 */
-        if (kvm_write_guest_virt_system(vcpu, vmcs_gva,
+        if (kvm_write_guest_virt_system(vcpu, gva, (void *)&current_vmptr,
-                                        (void *)&to_vmx(vcpu)->nested.current_vmptr,
+                                        sizeof(gpa_t), &e)) {
-                                        sizeof(u64), &e)) {
                kvm_inject_page_fault(vcpu, &e);
                return 1;
        }
@@ -10370,11 +10371,9 @@ static struct kvm_vcpu *vmx_create_vcpu(struct kvm *kvm, unsigned int id)
                        goto free_vmcs;
        }
-        if (nested) {
+        if (nested)
                nested_vmx_setup_ctls_msrs(&vmx->nested.msrs,
                                           kvm_vcpu_apicv_active(&vmx->vcpu));
-                vmx->nested.vpid02 = allocate_vpid();
-        }
        vmx->nested.posted_intr_nv = -1;
        vmx->nested.current_vmptr = -1ull;
@@ -10391,7 +10390,6 @@ static struct kvm_vcpu *vmx_create_vcpu(struct kvm *kvm, unsigned int id)
        return &vmx->vcpu;
 free_vmcs:
-        free_vpid(vmx->nested.vpid02);
        free_loaded_vmcs(vmx->loaded_vmcs);
 free_msrs:
        kfree(vmx->guest_msrs);
author	Linus Torvalds <torvalds@linux-foundation.org>	2018-08-03 16:43:59 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2018-08-03 16:43:59 -0400
commit	0b5b1f9a78b5e1bb3c3972fcd27dc013367550f8 (patch)
tree	13aa83993f5119ae70b19023abcecb594b5aa612
parent	f6229c395874a37ea72137337242055dcaf30112 (diff)
parent	63aff65573d73eb8dda4732ad4ef222dd35e4862 (diff)