| Message ID | 20210614113851.1667567-1-vkuznets@redhat.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | KVM: svm: Avoid NULL pointer dereference in svm_hv_update_vp_id() | expand |
On 14/06/21 13:38, Vitaly Kuznetsov wrote: > Hyper-V context is allocated dynamically when Hyper-V features are enabled > on a vCPU but svm_hv_update_vp_id() is called unconditionally from > svm_vcpu_run(), this leads to dereferencing to_hv_vcpu(vcpu) which can > be NULL. Use kvm_hv_get_vpindex() wrapper to avoid the problem. > > Fixes: 4ba0d72aaa32 ("KVM: SVM: hyper-v: Direct Virtual Flush support") > Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com> > --- > - The patch introducing the issue is currently in kvm/queue. > --- > arch/x86/kvm/svm/svm_onhyperv.h | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > > diff --git a/arch/x86/kvm/svm/svm_onhyperv.h b/arch/x86/kvm/svm/svm_onhyperv.h > index ce23149670ea..9b9a55abc29f 100644 > --- a/arch/x86/kvm/svm/svm_onhyperv.h > +++ b/arch/x86/kvm/svm/svm_onhyperv.h > @@ -99,9 +99,10 @@ static inline void svm_hv_update_vp_id(struct vmcb *vmcb, > { > struct hv_enlightenments *hve = > (struct hv_enlightenments *)vmcb->control.reserved_sw; > + u32 vp_index = kvm_hv_get_vpindex(vcpu); > > - if (hve->hv_vp_id != to_hv_vcpu(vcpu)->vp_index) { > - hve->hv_vp_id = to_hv_vcpu(vcpu)->vp_index; > + if (hve->hv_vp_id != vp_index) { > + hve->hv_vp_id = vp_index; > vmcb_mark_dirty(vmcb, VMCB_HV_NESTED_ENLIGHTENMENTS); > } > } > Squashed, thanks. Paolo
diff --git a/arch/x86/kvm/svm/svm_onhyperv.h b/arch/x86/kvm/svm/svm_onhyperv.h index ce23149670ea..9b9a55abc29f 100644 --- a/arch/x86/kvm/svm/svm_onhyperv.h +++ b/arch/x86/kvm/svm/svm_onhyperv.h @@ -99,9 +99,10 @@ static inline void svm_hv_update_vp_id(struct vmcb *vmcb, { struct hv_enlightenments *hve = (struct hv_enlightenments *)vmcb->control.reserved_sw; + u32 vp_index = kvm_hv_get_vpindex(vcpu); - if (hve->hv_vp_id != to_hv_vcpu(vcpu)->vp_index) { - hve->hv_vp_id = to_hv_vcpu(vcpu)->vp_index; + if (hve->hv_vp_id != vp_index) { + hve->hv_vp_id = vp_index; vmcb_mark_dirty(vmcb, VMCB_HV_NESTED_ENLIGHTENMENTS); } }
Hyper-V context is allocated dynamically when Hyper-V features are enabled on a vCPU but svm_hv_update_vp_id() is called unconditionally from svm_vcpu_run(), this leads to dereferencing to_hv_vcpu(vcpu) which can be NULL. Use kvm_hv_get_vpindex() wrapper to avoid the problem. Fixes: 4ba0d72aaa32 ("KVM: SVM: hyper-v: Direct Virtual Flush support") Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com> --- - The patch introducing the issue is currently in kvm/queue. --- arch/x86/kvm/svm/svm_onhyperv.h | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)