> +/* Allocate an L0 VMCS (vmcs02) for the current L1 VMCS (vmcs12), if
> one + * does not already exist. The allocation is done in L0 memory,
> so to avoid + * denial-of-service attack by guests, we limit the
> number of concurrently- + * allocated vmcss. A well-behaving L1 will
> VMCLEAR unused vmcs12s and not + * trigger this limit.
> + */
> +static const int NESTED_MAX_VMCS = 256;
> +static int nested_create_current_vmcs(struct kvm_vcpu *vcpu)
> +{
> + struct vmcs_list *new_l2_guest;
> + struct vmcs *l2_vmcs;
> +
> + if (nested_get_current_vmcs(vcpu))
> + return 0; /* nothing to do - we already have a VMCS */
> +
> + if (to_vmx(vcpu)->nested.l2_vmcs_num >= NESTED_MAX_VMCS)
> + return -ENOMEM;
> +
> + new_l2_guest = (struct vmcs_list *)
> + kmalloc(sizeof(struct vmcs_list), GFP_KERNEL);
> + if (!new_l2_guest)
> + return -ENOMEM;
> +
> + l2_vmcs = alloc_vmcs();
I didn't see where it was used. Hints on the usage?
> + if (!l2_vmcs) {
> + kfree(new_l2_guest);
> + return -ENOMEM;
> + }
> +
> + new_l2_guest->vmcs_addr = to_vmx(vcpu)->nested.current_vmptr;
> + new_l2_guest->l2_vmcs = l2_vmcs;
> + list_add(&(new_l2_guest->list),
> &(to_vmx(vcpu)->nested.l2_vmcs_list));
> + to_vmx(vcpu)->nested.l2_vmcs_num++; + return 0;
> +}
> +
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
