On Mon, Feb 08, 2010 at 05:36:45PM +0800, Wei Yongjun wrote: > kvm->arch.vioapic is always set either kvm_ioapic_init() is > success or fail. If kvm_ioapic_init() is fail, the kvm->arch.vioapic > may point a freed memory. > > Signed-off-by: Wei Yongjun <yjwei@xxxxxxxxxxxxxx> > --- > virt/kvm/ioapic.c | 3 ++- > 1 files changed, 2 insertions(+), 1 deletions(-) > > diff --git a/virt/kvm/ioapic.c b/virt/kvm/ioapic.c > index a2edfd1..e13f529 100644 > --- a/virt/kvm/ioapic.c > +++ b/virt/kvm/ioapic.c > @@ -386,7 +386,6 @@ int kvm_ioapic_init(struct kvm *kvm) > if (!ioapic) > return -ENOMEM; > mutex_init(&ioapic->lock); > - kvm->arch.vioapic = ioapic; > kvm_ioapic_reset(ioapic); > kvm_iodevice_init(&ioapic->dev, &ioapic_mmio_ops); > ioapic->kvm = kvm; > @@ -395,6 +394,8 @@ int kvm_ioapic_init(struct kvm *kvm) > mutex_unlock(&kvm->slots_lock); > if (ret < 0) > kfree(ioapic); > + else > + kvm->arch.vioapic = ioapic; > > return ret; > } Same thing as with the PIT issue, kvm->arch.vioapic must be set before kvm_io_bus_register_dev. But you're right that kvm->arch.vioapic should be NULLified in case of failure. -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
