xen/26095-SVM-nested-leak.patch

# HG changeset patch
# User Christoph Egger <Christoph.Egger@amd.com>
# Date 1350976407 -7200
# Node ID a7503ce27d462056421c6d74737cee08ab4ae31e
# Parent  c69bcb24812896dc6d5cf033babb7e79b8a50aec
nestedsvm: fix memory leak on shutdown/crash

Fix memory leak of l1 vmcb page when destroying a vcpu while l2 guest
is running.

Signed-off-by: Christoph Egger <Christoph.Egger@amd.com>
Acked-by: Tim Deegan <tim@xen.org>
Committed-by: Jan Beulich <jbeulich@suse.com>

--- a/xen/arch/x86/hvm/svm/nestedsvm.c
+++ b/xen/arch/x86/hvm/svm/nestedsvm.c
@@ -122,6 +122,15 @@ void nsvm_vcpu_destroy(struct vcpu *v)
     struct nestedvcpu *nv = &vcpu_nestedhvm(v);
     struct nestedsvm *svm = &vcpu_nestedsvm(v);
 
+    /*
+     * When destroying the vcpu, it may be running on behalf of l2 guest.
+     * Therefore we need to switch the VMCB pointer back to the l1 vmcb,
+     * in order to avoid double free of l2 vmcb and the possible memory leak
+     * of l1 vmcb page.
+     */
+    if (nv->nv_n1vmcx)
+        v->arch.hvm_svm.vmcb = nv->nv_n1vmcx;
+
     if (svm->ns_cached_msrpm) {
         free_xenheap_pages(svm->ns_cached_msrpm,
                            get_order_from_bytes(MSRPM_SIZE));