Hi, all!
Here is another potential NULL pointer dereference in kvm subsystem of linux stable vanilla 6.10,
as GCC 12.3.0 complains.
(Please don't throw stuff at me, I think this is the last one for today :-)
arch/x86/include/asm/mshyperv.h
-------------------------------
242 static inline struct hv_vp_assist_page *hv_get_vp_assist_page(unsigned int cpu)
243 {
244 if (!hv_vp_assist_page)
245 return NULL;
246
247 return hv_vp_assist_page[cpu];
248 }
arch/x86/kvm/vmx/vmx_onhyperv.h
-------------------------------
102 static inline void evmcs_load(u64 phys_addr)
103 {
104 struct hv_vp_assist_page *vp_ap =
105 hv_get_vp_assist_page(smp_processor_id());
106
107 if (current_evmcs->hv_enlightenments_control.nested_flush_hypercall)
108 vp_ap->nested_control.features.directhypercall = 1;
109 vp_ap->current_nested_vmcs = phys_addr;
110 vp_ap->enlighten_vmentry = 1;
111 }
Now, this one is simple: hv_vp_assist_page(cpu) can return NULL, and in line 104 it is assigned
to wp_ap, which is dereferenced in lines 108, 109, and 110, which is not checked against returning
NULL by hv_vp_assist_page().
Commits 50a82b0eb88c1 and a46d15cc1ae5a are related to the issue.
Hope this helps.
Best regards,
Mirsad Todorovac
