From 348c552266f89ac5ad2bbf0bf1f8bc449d7b207d Mon Sep 17 00:00:00 2001 From: Alex Ionescu Date: Sat, 25 Mar 2017 09:51:56 -0700 Subject: Fix bug on unload when no hypervisor loaded. CPUID still returns valid data when leaf is invalid! To address this, return a magic value in RCX so we can be sure that RAX:RBX are trustworthy and contain VP_DATA. --- shvvmxhv.c | 4 +++- shvvp.c | 9 +++++---- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/shvvmxhv.c b/shvvmxhv.c index 310f378..c04c06b 100644 --- a/shvvmxhv.c +++ b/shvvmxhv.c @@ -270,14 +270,16 @@ ShvVmxEntryHandler ( // Did we hit the magic exit sequence, or should we resume back to the VM // context? // - if (guestContext.ExitVm) + if (guestContext.ExitVm != FALSE) { // // Return the VP Data structure in RAX:RBX which is going to be part of // the CPUID response that the caller (ShvVpUninitialize) expects back. + // Return confirmation in RCX that we are loaded // Context->Rax = (uintptr_t)vpData >> 32; Context->Rbx = (uintptr_t)vpData & 0xFFFFFFFF; + Context->Rcx = 0x43434343; // // Perform any OS-specific CPU uninitialization work diff --git a/shvvp.c b/shvvp.c index 097b4bf..cb822b6 100644 --- a/shvvp.c +++ b/shvvp.c @@ -172,12 +172,13 @@ ShvVpUnloadCallback ( __cpuidex(cpuInfo, 0x41414141, 0x42424242); // - // If SimpleVisor is disabled for some reason, CPUID won't return anything - // so don't free any memory. It will unfortunately end up leaked. + // If SimpleVisor is disabled for some reason, CPUID will return the values + // of the highest valid CPUID. We use a magic value to make sure we really + // are loaded and returned something valid. // - vpData = (PSHV_VP_DATA)((UINT64)cpuInfo[0] << 32 | (UINT32)cpuInfo[1]); - if (vpData != NULL) + if (cpuInfo[2] == 0x43434343) { + vpData = (PSHV_VP_DATA)((UINT64)cpuInfo[0] << 32 | (UINT32)cpuInfo[1]); ShvOsFreeContiguousAlignedMemory(vpData, sizeof(*vpData)); } } -- cgit v1.2.3