KVM: VMX: Ensure that vmx_create_vcpu always returns proper error

In case certain allocations fail, vmx_create_vcpu may return 0 as error
instead of a negative value encoded via ERR_PTR. This causes a NULL
pointer dereferencing later on in kvm_vm_ioctl_vcpu_create.

Reported-by: Sasha Levin <levinsasha928@gmail.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>

diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index aabe3334d06454514eaf60155befdbe0891551df..af5206983154f877b091f92d8aa1bd3f57c52299 100644 (file)
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -4251,8 +4251,8 @@ static struct kvm_vcpu *vmx_create_vcpu(struct kvm *kvm, unsigned int id)
                goto free_vcpu;
 
        vmx->guest_msrs = kmalloc(PAGE_SIZE, GFP_KERNEL);
+       err = -ENOMEM;
        if (!vmx->guest_msrs) {
-               err = -ENOMEM;
                goto uninit_vcpu;
        }
 
@@ -4271,7 +4271,8 @@ static struct kvm_vcpu *vmx_create_vcpu(struct kvm *kvm, unsigned int id)
        if (err)
                goto free_vmcs;
        if (vm_need_virtualize_apic_accesses(kvm))
-               if (alloc_apic_access_page(kvm) != 0)
+               err = alloc_apic_access_page(kvm);
+               if (err)
                        goto free_vmcs;
 
        if (enable_ept) {