4 files changed, 15 insertions, 12 deletions
diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
index 3063a0c4858b..ba8c045da782 100644
--- a/arch/x86/kvm/lapic.c
+++ b/arch/x86/kvm/lapic.c
@@ -373,6 +373,12 @@ static int __apic_accept_irq(struct kvm_lapic *apic, int delivery_mode,
                if (unlikely(!apic_enabled(apic)))
                        break;
+                if (trig_mode) {
+                        apic_debug("level trig mode for vector %d", vector);
+                        apic_set_vector(vector, apic->regs + APIC_TMR);
+                } else
+                        apic_clear_vector(vector, apic->regs + APIC_TMR);
                result = !apic_test_and_set_irr(vector, apic);
                trace_kvm_apic_accept_irq(vcpu->vcpu_id, delivery_mode,
                                          trig_mode, vector, !result);
@@ -383,11 +389,6 @@ static int __apic_accept_irq(struct kvm_lapic *apic, int delivery_mode,
                        break;
                }
-                if (trig_mode) {
-                        apic_debug("level trig mode for vector %d", vector);
-                        apic_set_vector(vector, apic->regs + APIC_TMR);
-                } else
-                        apic_clear_vector(vector, apic->regs + APIC_TMR);
                kvm_vcpu_kick(vcpu);
                break;
diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
index 4c3e5b2314cb..89a49fb46a27 100644
--- a/arch/x86/kvm/mmu.c
+++ b/arch/x86/kvm/mmu.c
@@ -477,7 +477,7 @@ static int host_mapping_level(struct kvm *kvm, gfn_t gfn)
        addr = gfn_to_hva(kvm, gfn);
        if (kvm_is_error_hva(addr))
-                return page_size;
+                return PT_PAGE_TABLE_LEVEL;
        down_read(&current->mm->mmap_sem);
        vma = find_vma(current->mm, addr);
@@ -515,11 +515,9 @@ static int mapping_level(struct kvm_vcpu *vcpu, gfn_t large_gfn)
        if (host_level == PT_PAGE_TABLE_LEVEL)
                return host_level;
-        for (level = PT_DIRECTORY_LEVEL; level <= host_level; ++level) {
+        for (level = PT_DIRECTORY_LEVEL; level <= host_level; ++level)
                if (has_wrprotected_page(vcpu->kvm, large_gfn, level))
                        break;
-        }
        return level - 1;
 }
diff --git a/arch/x86/kvm/paging_tmpl.h b/arch/x86/kvm/paging_tmpl.h
index 58a0f1e88596..ede2131a9225 100644
--- a/arch/x86/kvm/paging_tmpl.h
+++ b/arch/x86/kvm/paging_tmpl.h
@@ -150,7 +150,9 @@ walk:
                walker->table_gfn[walker->level - 1] = table_gfn;
                walker->pte_gpa[walker->level - 1] = pte_gpa;
-                kvm_read_guest(vcpu->kvm, pte_gpa, &pte, sizeof(pte));
+                if (kvm_read_guest(vcpu->kvm, pte_gpa, &pte, sizeof(pte)))
+                        goto not_present;
                trace_kvm_mmu_paging_element(pte, walker->level);
                if (!is_present_gpte(pte))
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 6651dbf58675..1ddcad452add 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -5072,12 +5072,13 @@ int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu)
                                       GFP_KERNEL);
        if (!vcpu->arch.mce_banks) {
                r = -ENOMEM;
-                goto fail_mmu_destroy;
+                goto fail_free_lapic;
        }
        vcpu->arch.mcg_cap = KVM_MAX_MCE_BANKS;
        return 0;
+fail_free_lapic:
+        kvm_free_lapic(vcpu);
 fail_mmu_destroy:
        kvm_mmu_destroy(vcpu);
 fail_free_pio_data:
@@ -5088,6 +5089,7 @@ fail:
 void kvm_arch_vcpu_uninit(struct kvm_vcpu *vcpu)
 {
+        kfree(vcpu->arch.mce_banks);
        kvm_free_lapic(vcpu);
        down_read(&vcpu->kvm->slots_lock);
        kvm_mmu_destroy(vcpu);

diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c index 3063a0c4858b..ba8c045da782 100644 --- a/arch/x86/kvm/lapic.c +++ b/arch/x86/kvm/lapic.c
@@ -373,6 +373,12 @@ static int __apic_accept_irq(struct kvm_lapic *apic, int delivery_mode,
373	if (unlikely(!apic_enabled(apic)))	373	if (unlikely(!apic_enabled(apic)))
374	break;	374	break;
375		375
		376	if (trig_mode) {
		377	apic_debug("level trig mode for vector %d", vector);
		378	apic_set_vector(vector, apic->regs + APIC_TMR);
		379	} else
		380	apic_clear_vector(vector, apic->regs + APIC_TMR);
		381
376	result = !apic_test_and_set_irr(vector, apic);	382	result = !apic_test_and_set_irr(vector, apic);
377	trace_kvm_apic_accept_irq(vcpu->vcpu_id, delivery_mode,	383	trace_kvm_apic_accept_irq(vcpu->vcpu_id, delivery_mode,
378	trig_mode, vector, !result);	384	trig_mode, vector, !result);
@@ -383,11 +389,6 @@ static int __apic_accept_irq(struct kvm_lapic *apic, int delivery_mode,
383	break;	389	break;
384	}	390	}
385		391
386	if (trig_mode) {
387	apic_debug("level trig mode for vector %d", vector);
388	apic_set_vector(vector, apic->regs + APIC_TMR);
389	} else
390	apic_clear_vector(vector, apic->regs + APIC_TMR);
391	kvm_vcpu_kick(vcpu);	392	kvm_vcpu_kick(vcpu);
392	break;	393	break;
393		394


diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c index 4c3e5b2314cb..89a49fb46a27 100644 --- a/arch/x86/kvm/mmu.c +++ b/arch/x86/kvm/mmu.c
@@ -477,7 +477,7 @@ static int host_mapping_level(struct kvm *kvm, gfn_t gfn)
477		477
478	addr = gfn_to_hva(kvm, gfn);	478	addr = gfn_to_hva(kvm, gfn);
479	if (kvm_is_error_hva(addr))	479	if (kvm_is_error_hva(addr))
480	return page_size;	480	return PT_PAGE_TABLE_LEVEL;
481		481
482	down_read(&current->mm->mmap_sem);	482	down_read(&current->mm->mmap_sem);
483	vma = find_vma(current->mm, addr);	483	vma = find_vma(current->mm, addr);
@@ -515,11 +515,9 @@ static int mapping_level(struct kvm_vcpu *vcpu, gfn_t large_gfn)
515	if (host_level == PT_PAGE_TABLE_LEVEL)	515	if (host_level == PT_PAGE_TABLE_LEVEL)
516	return host_level;	516	return host_level;
517		517
518	for (level = PT_DIRECTORY_LEVEL; level <= host_level; ++level) {	518	for (level = PT_DIRECTORY_LEVEL; level <= host_level; ++level)
519
520	if (has_wrprotected_page(vcpu->kvm, large_gfn, level))	519	if (has_wrprotected_page(vcpu->kvm, large_gfn, level))
521	break;	520	break;
522	}
523		521
524	return level - 1;	522	return level - 1;
525	}	523	}


diff --git a/arch/x86/kvm/paging_tmpl.h b/arch/x86/kvm/paging_tmpl.h index 58a0f1e88596..ede2131a9225 100644 --- a/arch/x86/kvm/paging_tmpl.h +++ b/arch/x86/kvm/paging_tmpl.h
@@ -150,7 +150,9 @@ walk:
150	walker->table_gfn[walker->level - 1] = table_gfn;	150	walker->table_gfn[walker->level - 1] = table_gfn;
151	walker->pte_gpa[walker->level - 1] = pte_gpa;	151	walker->pte_gpa[walker->level - 1] = pte_gpa;
152		152
153	kvm_read_guest(vcpu->kvm, pte_gpa, &pte, sizeof(pte));	153	if (kvm_read_guest(vcpu->kvm, pte_gpa, &pte, sizeof(pte)))
		154	goto not_present;
		155
154	trace_kvm_mmu_paging_element(pte, walker->level);	156	trace_kvm_mmu_paging_element(pte, walker->level);
155		157
156	if (!is_present_gpte(pte))	158	if (!is_present_gpte(pte))


diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 6651dbf58675..1ddcad452add 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c
@@ -5072,12 +5072,13 @@ int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu)
5072	GFP_KERNEL);	5072	GFP_KERNEL);
5073	if (!vcpu->arch.mce_banks) {	5073	if (!vcpu->arch.mce_banks) {
5074	r = -ENOMEM;	5074	r = -ENOMEM;
5075	goto fail_mmu_destroy;	5075	goto fail_free_lapic;
5076	}	5076	}
5077	vcpu->arch.mcg_cap = KVM_MAX_MCE_BANKS;	5077	vcpu->arch.mcg_cap = KVM_MAX_MCE_BANKS;
5078		5078
5079	return 0;	5079	return 0;
5080		5080	fail_free_lapic:
		5081	kvm_free_lapic(vcpu);
5081	fail_mmu_destroy:	5082	fail_mmu_destroy:
5082	kvm_mmu_destroy(vcpu);	5083	kvm_mmu_destroy(vcpu);
5083	fail_free_pio_data:	5084	fail_free_pio_data:
@@ -5088,6 +5089,7 @@ fail:
5088		5089
5089	void kvm_arch_vcpu_uninit(struct kvm_vcpu *vcpu)	5090	void kvm_arch_vcpu_uninit(struct kvm_vcpu *vcpu)
5090	{	5091	{
		5092	kfree(vcpu->arch.mce_banks);
5091	kvm_free_lapic(vcpu);	5093	kvm_free_lapic(vcpu);
5092	down_read(&vcpu->kvm->slots_lock);	5094	down_read(&vcpu->kvm->slots_lock);
5093	kvm_mmu_destroy(vcpu);	5095	kvm_mmu_destroy(vcpu);