CVSROOT: /cvs
Module name: src
Changes by: an...@cvs.openbsd.org 2019/09/10 13:36:12
Modified files:
sys/arch/amd64/amd64: vmm.c
Log message:
Do not decrement the number of VMs counter twice in one of vm_create()
error paths. If creation of the first VM fails, the counter will wrap
around to a huge value. The same value could later be passed to malloc()
through vm_get_info() causing a panic.
While here, only decrement the same counter in vm_teardown() if the VM
has a valid ID. Otherwise it has not been accounted for.
ok mlarkin@
Reported-by: syzbot+d325bc014d9eca9f3...@syzkaller.appspotmail.com
