KVM: x86: handle invalid root_hpa everywhere

Rom Freiman <rom@stratoscale.com> notes other code paths vulnerable to
bug fixed by 989c6b34f6a9480e397b.

Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>

1 files changed, 8 insertions, 0 deletions

diff --git a/arch/x86/kvm/paging_tmpl.h b/arch/x86/kvm/paging_tmpl.h
index ad75d77999d0..cba218a2f08d 100644
--- a/arch/x86/kvm/paging_tmpl.h
+++ b/arch/x86/kvm/paging_tmpl.h
@@ -569,6 +569,9 @@ static int FNAME(fetch)(struct kvm_vcpu *vcpu, gva_t addr,
         if (FNAME(gpte_changed)(vcpu, gw, top_level))
                 goto out_gpte_changed;
 
+        if (!VALID_PAGE(vcpu->arch.mmu.root_hpa))
+                goto out_gpte_changed;
+
         for (shadow_walk_init(&it, vcpu, addr);
              shadow_walk_okay(&it) && it.level > gw->level;
              shadow_walk_next(&it)) {
@@ -820,6 +823,11 @@ static void FNAME(invlpg)(struct kvm_vcpu *vcpu, gva_t gva)
          */
         mmu_topup_memory_caches(vcpu);
 
+        if (!VALID_PAGE(vcpu->arch.mmu.root_hpa)) {
+                WARN_ON(1);
+                return;
+        }
+
         spin_lock(&vcpu->kvm->mmu_lock);
         for_each_shadow_entry(vcpu, gva, iterator) {
                 level = iterator.level;