Fix WHPX issue leaking tpr values
Fixes an issue where if the tpr is assigned to the array but not a different value from what is already expected on the vp the code will skip incrementing the reg_count. In this case its possible that we set an invalid memory section of the next call for DeliverabilityNotifications that was not expected. The fix is to use a local variable to store the temporary tpr and only update the array if the local tpr value is different than the vp context. Signed-off-by: Justin Terry (VM) <juterry@microsoft.com> Message-Id: <1519665216-1078-7-git-send-email-juterry@microsoft.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Justin Terry (VM) via Qemu-devel <qemu-devel@nongnu.org>
This commit is contained in:
parent
f875f04c2c
commit
2bf3e74de4
|
@ -687,6 +687,7 @@ static void whpx_vcpu_pre_run(CPUState *cpu)
|
||||||
struct CPUX86State *env = (CPUArchState *)(cpu->env_ptr);
|
struct CPUX86State *env = (CPUArchState *)(cpu->env_ptr);
|
||||||
X86CPU *x86_cpu = X86_CPU(cpu);
|
X86CPU *x86_cpu = X86_CPU(cpu);
|
||||||
int irq;
|
int irq;
|
||||||
|
uint8_t tpr;
|
||||||
WHV_X64_PENDING_INTERRUPTION_REGISTER new_int = {0};
|
WHV_X64_PENDING_INTERRUPTION_REGISTER new_int = {0};
|
||||||
UINT32 reg_count = 0;
|
UINT32 reg_count = 0;
|
||||||
WHV_REGISTER_VALUE reg_values[3] = {0};
|
WHV_REGISTER_VALUE reg_values[3] = {0};
|
||||||
|
@ -746,9 +747,10 @@ static void whpx_vcpu_pre_run(CPUState *cpu)
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Sync the TPR to the CR8 if was modified during the intercept */
|
/* Sync the TPR to the CR8 if was modified during the intercept */
|
||||||
reg_values[reg_count].Reg64 = cpu_get_apic_tpr(x86_cpu->apic_state);
|
tpr = cpu_get_apic_tpr(x86_cpu->apic_state);
|
||||||
if (reg_values[reg_count].Reg64 != vcpu->tpr) {
|
if (tpr != vcpu->tpr) {
|
||||||
vcpu->tpr = reg_values[reg_count].Reg64;
|
vcpu->tpr = tpr;
|
||||||
|
reg_values[reg_count].Reg64 = tpr;
|
||||||
cpu->exit_request = 1;
|
cpu->exit_request = 1;
|
||||||
reg_names[reg_count] = WHvX64RegisterCr8;
|
reg_names[reg_count] = WHvX64RegisterCr8;
|
||||||
reg_count += 1;
|
reg_count += 1;
|
||||||
|
|
Loading…
Reference in New Issue