diff options
author | Saar Amar <saaramar@microsoft.com> | 2019-05-06 11:29:16 +0300 |
---|---|---|
committer | Paolo Bonzini <pbonzini@redhat.com> | 2019-06-20 15:23:17 +0300 |
commit | a251fb90ab8a3e6efb2b4e14923ddb4421317f65 (patch) | |
tree | 0ed3934fb7b2b1f67394bbf15cf747be25949205 | |
parent | 4d763b168e9c5c366b05812c7bba7662e5ea3669 (diff) | |
download | linux-a251fb90ab8a3e6efb2b4e14923ddb4421317f65.tar.xz |
KVM: x86: Fix apic dangling pointer in vcpu
The function kvm_create_lapic() attempts to allocate the apic structure
and sets a pointer to it in the virtual processor structure. However, if
get_zeroed_page() failed, the function frees the apic chunk, but forgets
to set the pointer in the vcpu to NULL. It's not a security issue since
there isn't a use of that pointer if kvm_create_lapic() returns error,
but it's more accurate that way.
Signed-off-by: Saar Amar <saaramar@microsoft.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-rw-r--r-- | arch/x86/kvm/lapic.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c index e82a18ccfc1a..d6ca5c4f29f1 100644 --- a/arch/x86/kvm/lapic.c +++ b/arch/x86/kvm/lapic.c @@ -2339,6 +2339,7 @@ int kvm_create_lapic(struct kvm_vcpu *vcpu, int timer_advance_ns) return 0; nomem_free_apic: kfree(apic); + vcpu->arch.apic = NULL; nomem: return -ENOMEM; } |