When unloading the hypervisor on each core, returnt he VP Data structure

This allows us to now free the data for each processor, by returning its
pointer through the CPUID interface.

2 files changed, 17 insertions, 13 deletions

diff --git a/shvvmxhv.c b/shvvmxhv.c
index 886ad0d..6a54fda 100644
--- a/shvvmxhv.c
+++ b/shvvmxhv.c
@@ -262,6 +262,13 @@ ShvVmxEntryHandler (
     if (guestContext.ExitVm)
     {
         //
+        // Return the VP Data structure in RAX:RBX which is going to be part of
+        // the CPUID response that the caller (ShvVpUninitialize) expects back.
+        //
+        Context->Rax = (ULONG_PTR)vpData >> 32;
+        Context->Rbx = (ULONG_PTR)vpData & 0xFFFFFFFF;
+
+        //
         // When running in VMX root mode, the processor will set limits of the
         // GDT and IDT to 0xFFFF (notice that there are no Host VMCS fields to
         // set these values). This causes problems with PatchGuard, which will
diff --git a/shvvp.c b/shvvp.c
index 1f1f744..8bd2f57 100644
--- a/shvvp.c
+++ b/shvvp.c
@@ -104,10 +104,7 @@ ShvVpRestoreAfterLaunch (
 
     //
     // And finally, restore the context, so that all register and stack
-    // state is finally restored. Note that by continuing to reference the
-    // per-VP data this way, the compiler will continue to generate non-
-    // optimized accesses, guaranteeing that no previous register state
-    // will be used.
+    // state is finally restored.
     //
     RtlRestoreContext(&vpData->ContextFrame, NULL);
 }
@@ -148,19 +145,24 @@ ShvVpUninitialize (
     VOID
     )
 {
-    INT dummy[4];
+    INT cpuInfo[4];
+    PSHV_VP_DATA vpData;
 
     //
-    // Send the magic shutdown instruction sequence
+    // Send the magic shutdown instruction sequence. It will return in EAX:EBX
+    // the VP data for the current CPU, which we must free.
     //
-    __cpuidex(dummy, 0x41414141, 0x42424242);
+    __cpuidex(cpuInfo, 0x41414141, 0x42424242);
+    vpData = (PSHV_VP_DATA)((ULONG64)cpuInfo[0] << 32 | cpuInfo[1]);
+    DbgPrintEx(77, 0, "DAta: 0x%p\n", vpData);
+    MmFreeContiguousMemory(vpData);
 
     //
     // The processor will return here after the hypervisor issues a VMXOFF
     // instruction and restores the CPU context to this location. Unfortunately
     // because this is done with RtlRestoreContext which returns using "iretq",
     // this causes the processor to remove the RPL bits off the segments. As
-    // the x64 kernel does not expect kernel-mode code to chang ethe value of
+    // the x64 kernel does not expect kernel-mode code to change the value of
     // any segments, this results in the DS and ES segments being stuck 0x20,
     // and the FS segment being stuck at 0x50, until the next context switch.
     //
@@ -291,11 +293,6 @@ ShvVpCallbackDpc (
         //
         ShvVpUninitialize();
         NT_ASSERT(ShvIsOurHypervisorPresent() == FALSE);
-
-        //
-        // Free the VP data
-        //
-        //MmFreeContiguousMemory(ShvGlobalData[cpuIndex]);
     }
 
 Quickie: