From: Andrew Cooper <andrew.cooper3@citrix.com>
Date: Mon, 25 Sep 2017 16:24:46 +0000 (+0100)
Subject: x86/levelling: Avoid NULL pointer dereference
X-Git-Tag: archive/raspbian/4.11.1-1+rpi1~1^2~66^2~1329^2~4
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=d73e68c08f1f13e2622b6fa1d2ce0a9e77263d54;p=xen.git

x86/levelling: Avoid NULL pointer dereference

Coverity points out that next is indeed NULL at times.  Only try to read the
.cpuid_faulting field when we sure that next isn't NULL.

Fixes e7a370733bd "x86: replace arch_vcpu::cpuid_faulting with msr_vcpu_policy"

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
---

diff --git a/xen/arch/x86/cpu/intel.c b/xen/arch/x86/cpu/intel.c
index 218236d094..ac932e5b38 100644
--- a/xen/arch/x86/cpu/intel.c
+++ b/xen/arch/x86/cpu/intel.c
@@ -156,7 +156,6 @@ static void intel_ctxt_switch_levelling(const struct vcpu *next)
 	struct cpuidmasks *these_masks = &this_cpu(cpuidmasks);
 	const struct domain *nextd = next ? next->domain : NULL;
 	const struct cpuidmasks *masks;
-	const struct msr_vcpu_policy *vp = next->arch.msr;
 
 	if (cpu_has_cpuid_faulting) {
 		/*
@@ -177,7 +176,7 @@ static void intel_ctxt_switch_levelling(const struct vcpu *next)
 		 */
 		set_cpuid_faulting(nextd && !is_control_domain(nextd) &&
 				   (is_pv_domain(nextd) ||
-				    vp->misc_features_enables.cpuid_faulting));
+				    next->arch.msr->misc_features_enables.cpuid_faulting));
 		return;
 	}