On 11/27/2017 2:04 PM, Mark Kanda wrote:
On 11/27/2017 11:51 AM, Paolo Bonzini wrote:
On 27/11/2017 18:43, Mark Kanda wrote:
On 11/23/2017 5:46 PM, Paolo Bonzini wrote:
On 21/11/2017 18:22, Mark Kanda wrote:
- nested_free_all_saved_vmcss(vmx);
+ free_loaded_vmcs(&vmx->nested.vmcs02);
Please add to free_loaded_vmcs a WARN that the passed vmcs is not
vmx->loaded_vmcs.
Sure.
However, I don't see a way to access vmx from the passed in vmcs, which
would necessitate passing in vmx for the WARN (multiple callers) - I may
be missing something..
free_loaded_vmcs is only ever used on VMCS02's, so you can change it to
Perhaps I'm missing something, but it seems the free_loaded_vmcs() use
in vmx_create_vcpu() (and perhaps vmx_free_vcpu()) is for VMCS01 ..correct?
How about I leave vmx_create_vcpu(), vmx_free_vcpu(), and
free_loaded_vmcs() unmodified, and use the following for VMCS02 cases
(in enter_vmx_operation() and free_nested()):
static void vmx_nested_free_vmcs02(struct vcpu_vmx *vmx)
{
struct loaded_vmcs *loaded_vmcs = &vmx->nested.vmcs02;
/*
* Just leak the VMCS02 if the WARN triggers. Better than
* a use-after-free.
*/
if (WARN_ON(vmx->loaded_vmcs == loaded_vmcs))
return;
free_loaded_vmcs(loaded_vmcs);
}
..okay?
Thanks,
-Mark
