From: Vitaly Kuznetsov <vkuznets@redhat.com>
To: kvm@vger.kernel.org, Paolo Bonzini <pbonzini@redhat.com>
Cc: Vineeth Pillai <viremana@linux.microsoft.com>,
Sean Christopherson <seanjc@google.com>,
Wanpeng Li <wanpengli@tencent.com>,
Jim Mattson <jmattson@google.com>,
Maxim Levitsky <mlevitsk@redhat.com>,
linux-kernel@vger.kernel.org
Subject: [PATCH] KVM: svm: Avoid NULL pointer dereference in svm_hv_update_vp_id()
Date: Mon, 14 Jun 2021 13:38:51 +0200 [thread overview]
Message-ID: <20210614113851.1667567-1-vkuznets@redhat.com> (raw)
Hyper-V context is allocated dynamically when Hyper-V features are enabled
on a vCPU but svm_hv_update_vp_id() is called unconditionally from
svm_vcpu_run(), this leads to dereferencing to_hv_vcpu(vcpu) which can
be NULL. Use kvm_hv_get_vpindex() wrapper to avoid the problem.
Fixes: 4ba0d72aaa32 ("KVM: SVM: hyper-v: Direct Virtual Flush support")
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
---
- The patch introducing the issue is currently in kvm/queue.
---
arch/x86/kvm/svm/svm_onhyperv.h | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/arch/x86/kvm/svm/svm_onhyperv.h b/arch/x86/kvm/svm/svm_onhyperv.h
index ce23149670ea..9b9a55abc29f 100644
--- a/arch/x86/kvm/svm/svm_onhyperv.h
+++ b/arch/x86/kvm/svm/svm_onhyperv.h
@@ -99,9 +99,10 @@ static inline void svm_hv_update_vp_id(struct vmcb *vmcb,
{
struct hv_enlightenments *hve =
(struct hv_enlightenments *)vmcb->control.reserved_sw;
+ u32 vp_index = kvm_hv_get_vpindex(vcpu);
- if (hve->hv_vp_id != to_hv_vcpu(vcpu)->vp_index) {
- hve->hv_vp_id = to_hv_vcpu(vcpu)->vp_index;
+ if (hve->hv_vp_id != vp_index) {
+ hve->hv_vp_id = vp_index;
vmcb_mark_dirty(vmcb, VMCB_HV_NESTED_ENLIGHTENMENTS);
}
}
--
2.31.1
next reply other threads:[~2021-06-14 11:43 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-14 11:38 Vitaly Kuznetsov [this message]
2021-06-14 13:31 ` [PATCH] KVM: svm: Avoid NULL pointer dereference in svm_hv_update_vp_id() Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210614113851.1667567-1-vkuznets@redhat.com \
--to=vkuznets@redhat.com \
--cc=jmattson@google.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mlevitsk@redhat.com \
--cc=pbonzini@redhat.com \
--cc=seanjc@google.com \
--cc=viremana@linux.microsoft.com \
--cc=wanpengli@tencent.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.