kvm->arch.vioapic is always set either kvm_ioapic_init() is success or fail. If kvm_ioapic_init() is fail, the kvm->arch.vioapic may point a freed memory. Signed-off-by: Wei Yongjun <yjwei@xxxxxxxxxxxxxx> --- virt/kvm/ioapic.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/virt/kvm/ioapic.c b/virt/kvm/ioapic.c index a2edfd1..e13f529 100644 --- a/virt/kvm/ioapic.c +++ b/virt/kvm/ioapic.c @@ -386,7 +386,6 @@ int kvm_ioapic_init(struct kvm *kvm) if (!ioapic) return -ENOMEM; mutex_init(&ioapic->lock); - kvm->arch.vioapic = ioapic; kvm_ioapic_reset(ioapic); kvm_iodevice_init(&ioapic->dev, &ioapic_mmio_ops); ioapic->kvm = kvm; @@ -395,6 +394,8 @@ int kvm_ioapic_init(struct kvm *kvm) mutex_unlock(&kvm->slots_lock); if (ret < 0) kfree(ioapic); + else + kvm->arch.vioapic = ioapic; return ret; } -- 1.6.3.3 -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
