On 27/11/2017 21:36, Mark Kanda wrote:
>>>
>>
>> Perhaps I'm missing something, but it seems the free_loaded_vmcs() use
>> in vmx_create_vcpu() (and perhaps vmx_free_vcpu()) is for VMCS01
>> ..correct?
>>
>
> How about I leave vmx_create_vcpu(), vmx_free_vcpu(), and
> free_loaded_vmcs() unmodified, and use the following for VMCS02 cases
> (in enter_vmx_operation() and free_nested()):
>
> static void vmx_nested_free_vmcs02(struct vcpu_vmx *vmx)
> {
> struct loaded_vmcs *loaded_vmcs = &vmx->nested.vmcs02;
>
> /*
> * Just leak the VMCS02 if the WARN triggers. Better than
> * a use-after-free.
> */
> if (WARN_ON(vmx->loaded_vmcs == loaded_vmcs))
> return;
> free_loaded_vmcs(loaded_vmcs);
> }
Yes, perfect.
Paolo
