diff mbox

[6/8] Fix WHPX issue leaking tpr values

Message ID 1519665216-1078-7-git-send-email-juterry@microsoft.com (mailing list archive)
State New, archived
Headers show

Commit Message

Denis V. Lunev" via Feb. 26, 2018, 5:13 p.m. UTC
Fixes an issue where if the tpr is assigned to the array but not a different
value from what is already expected on the vp the code will skip incrementing
the reg_count. In this case its possible that we set an invalid memory section
of the next call for DeliverabilityNotifications that was not expected.

The fix is to use a local variable to store the temporary tpr and only update
the array if the local tpr value is different than the vp context.

Signed-off-by: Justin Terry (VM) <juterry@microsoft.com>
---
 target/i386/whpx-all.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)
diff mbox

Patch

diff --git a/target/i386/whpx-all.c b/target/i386/whpx-all.c
index 7e58d5f68c..47a6935288 100644
--- a/target/i386/whpx-all.c
+++ b/target/i386/whpx-all.c
@@ -687,6 +687,7 @@  static void whpx_vcpu_pre_run(CPUState *cpu)
     struct CPUX86State *env = (CPUArchState *)(cpu->env_ptr);
     X86CPU *x86_cpu = X86_CPU(cpu);
     int irq;
+    uint8_t tpr;
     WHV_X64_PENDING_INTERRUPTION_REGISTER new_int = {0};
     UINT32 reg_count = 0;
     WHV_REGISTER_VALUE reg_values[3] = {0};
@@ -746,9 +747,10 @@  static void whpx_vcpu_pre_run(CPUState *cpu)
     }
 
     /* Sync the TPR to the CR8 if was modified during the intercept */
-    reg_values[reg_count].Reg64 = cpu_get_apic_tpr(x86_cpu->apic_state);
-    if (reg_values[reg_count].Reg64 != vcpu->tpr) {
-        vcpu->tpr = reg_values[reg_count].Reg64;
+    tpr = cpu_get_apic_tpr(x86_cpu->apic_state);
+    if (tpr != vcpu->tpr) {
+        vcpu->tpr = tpr;
+        reg_values[reg_count].Reg64 = tpr;
         cpu->exit_request = 1;
         reg_names[reg_count] = WHvX64RegisterCr8;
         reg_count += 1;