Fix bug on unload when no hypervisor loaded. CPUID still returns valid data when leaf is invalid!

To address this, return a magic value in RCX so we can be sure that
RAX:RBX are trustworthy and contain VP_DATA.

2 files changed, 8 insertions, 5 deletions

diff --git a/shvvmxhv.c b/shvvmxhv.c
index 310f378..c04c06b 100644
--- a/shvvmxhv.c
+++ b/shvvmxhv.c
@@ -270,14 +270,16 @@ ShvVmxEntryHandler (
     // Did we hit the magic exit sequence, or should we resume back to the VM
     // context?
     //
-    if (guestContext.ExitVm)
+    if (guestContext.ExitVm != FALSE)
     {
         //
         // Return the VP Data structure in RAX:RBX which is going to be part of
         // the CPUID response that the caller (ShvVpUninitialize) expects back.
+        // Return confirmation in RCX that we are loaded
         //
         Context->Rax = (uintptr_t)vpData >> 32;
         Context->Rbx = (uintptr_t)vpData & 0xFFFFFFFF;
+        Context->Rcx = 0x43434343;
 
         //
         // Perform any OS-specific CPU uninitialization work
diff --git a/shvvp.c b/shvvp.c
index 097b4bf..cb822b6 100644
--- a/shvvp.c
+++ b/shvvp.c
@@ -172,12 +172,13 @@ ShvVpUnloadCallback (
     __cpuidex(cpuInfo, 0x41414141, 0x42424242);
 
     //
-    // If SimpleVisor is disabled for some reason, CPUID won't return anything
-    // so don't free any memory. It will unfortunately end up leaked.
+    // If SimpleVisor is disabled for some reason, CPUID will return the values
+    // of the highest valid CPUID. We use a magic value to make sure we really
+    // are loaded and returned something valid.
     //
-    vpData = (PSHV_VP_DATA)((UINT64)cpuInfo[0] << 32 | (UINT32)cpuInfo[1]);
-    if (vpData != NULL)
+    if (cpuInfo[2] == 0x43434343)
     {
+        vpData = (PSHV_VP_DATA)((UINT64)cpuInfo[0] << 32 | (UINT32)cpuInfo[1]);
         ShvOsFreeContiguousAlignedMemory(vpData, sizeof(*vpData));
     }
 }