On Thu, Apr 25, 2019 at 07:01:09PM -0700, Sean Christopherson wrote:
> ...to avoid dereferencing a null pointer when querying the per-vCPU
> timer advance.
>
> Fixes: 39497d7660d98 ("KVM: lapic: Track lapic timer advance per vCPU")
> Reported-by: syzbot+f7e65445a40d3e0e4ebf@xxxxxxxxxxxxxxxxxxxxxxxxx
Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>
> Signed-off-by: Sean Christopherson <sean.j.christopherson@xxxxxxxxx>
> ---
> arch/x86/kvm/lapic.c | 3 ---
> arch/x86/kvm/x86.c | 3 ++-
> 2 files changed, 2 insertions(+), 4 deletions(-)
>
> diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
> index 7decd58c9cea..35b8ac8f04fe 100644
> --- a/arch/x86/kvm/lapic.c
> +++ b/arch/x86/kvm/lapic.c
> @@ -1487,9 +1487,6 @@ void wait_lapic_expire(struct kvm_vcpu *vcpu)
> u32 timer_advance_ns = apic->lapic_timer.timer_advance_ns;
> u64 guest_tsc, tsc_deadline, ns;
>
> - if (!lapic_in_kernel(vcpu))
> - return;
> -
> if (apic->lapic_timer.expired_tscdeadline == 0)
> return;
>
> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
> index aa26a3cfc765..21cb34d8ae01 100644
> --- a/arch/x86/kvm/x86.c
> +++ b/arch/x86/kvm/x86.c
> @@ -7872,7 +7872,8 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu)
> }
>
> trace_kvm_entry(vcpu->vcpu_id);
> - if (vcpu->arch.apic->lapic_timer.timer_advance_ns)
> + if (lapic_in_kernel(vcpu) &&
> + vcpu->arch.apic->lapic_timer.timer_advance_ns)
> wait_lapic_expire(vcpu);
> guest_enter_irqoff();
>
> --
> 2.21.0
>
