> On 13 Sep 2018, at 0:22, Patrick Colp <patrick.colp@xxxxxxxxxx> wrote:
>
> On Thu, 2018-09-13 at 00:00 +0300, Liran Alon wrote:
>> The handlers of IOCTLs in kvm_arch_vcpu_ioctl() are expected to set
>> their return value in "r" local var and break out of switch block
>> when they encounter some error.
>> This is because vcpu_load() is called before the switch block which
>> have a proper cleanup of vcpu_put() afterwards.
>>
>> However, KVM_{GET,SET}_NESTED_STATE IOCTLs handlers just return
>> immediately on error without performing above mentioned cleanup.
>>
>> Thus, change these handlers to behave as expected.
>>
>> Fixes: 8fcc4b5923af ("kvm: nVMX: Introduce KVM_CAP_NESTED_STATE")
>>
>> Reviewed-by: Mark Kanda <mark.kanda@xxxxxxxxxx>
>> Signed-off-by: Liran Alon <liran.alon@xxxxxxxxxx>
>
> Reviewed-by: Patrick Colp <patrick.colp@xxxxxxxxxx>
>
Paolo/Radim, don’t apply this version of the patch.
I have sent a v2 which fixes an issue in the following block of code:
>>
>> if (r > user_data_size) {
>> + r = -E2BIG;
>> if (put_user(r, &user_kvm_nested_state->size))
>> - return -EFAULT;
>> - return -E2BIG;
>> + r = -EFAULT;
>> + break;
>> }
>> +
>> r = 0;
>> break;
>> }
As you can see, -E2BUG will mistakenly be written to user_kvm_nested_state->size.
I have fixed this in v2 of this patch.
-Liran
