Revision 58c95070da3a504fbeca7939435bbb062cb96ea3 authored by Paolo Bonzini on 22 September 2015, 08:15:59 UTC, committed by Paolo Bonzini on 25 September 2015, 08:31:29 UTC
29ecd6601904 ("KVM: x86: avoid uninitialized variable warning",
2015-09-06) introduced a not-so-subtle problem, which probably
escaped review because it was not part of the patch context.
Before the patch, leaf was always equal to iterator.level. After,
it is equal to iterator.level - 1 in the call to is_shadow_zero_bits_set,
and when is_shadow_zero_bits_set does another "-1" the check on
reserved bits becomes incorrect. Using "iterator.level" in the call
fixes this call trace:
WARNING: CPU: 2 PID: 17000 at arch/x86/kvm/mmu.c:3385 handle_mmio_page_fault.part.93+0x1a/0x20 [kvm]()
Modules linked in: tun sha256_ssse3 sha256_generic drbg binfmt_misc ipv6 vfat fat fuse dm_crypt dm_mod kvm_amd kvm crc32_pclmul aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper cryptd fam15h_power amd64_edac_mod k10temp edac_core amdkfd amd_iommu_v2 radeon acpi_cpufreq
[...]
Call Trace:
dump_stack+0x4e/0x84
warn_slowpath_common+0x95/0xe0
warn_slowpath_null+0x1a/0x20
handle_mmio_page_fault.part.93+0x1a/0x20 [kvm]
tdp_page_fault+0x231/0x290 [kvm]
? emulator_pio_in_out+0x6e/0xf0 [kvm]
kvm_mmu_page_fault+0x36/0x240 [kvm]
? svm_set_cr0+0x95/0xc0 [kvm_amd]
pf_interception+0xde/0x1d0 [kvm_amd]
handle_exit+0x181/0xa70 [kvm_amd]
? kvm_arch_vcpu_ioctl_run+0x68b/0x1730 [kvm]
kvm_arch_vcpu_ioctl_run+0x6f6/0x1730 [kvm]
? kvm_arch_vcpu_ioctl_run+0x68b/0x1730 [kvm]
? preempt_count_sub+0x9b/0xf0
? mutex_lock_killable_nested+0x26f/0x490
? preempt_count_sub+0x9b/0xf0
kvm_vcpu_ioctl+0x358/0x710 [kvm]
? __fget+0x5/0x210
? __fget+0x101/0x210
do_vfs_ioctl+0x2f4/0x560
? __fget_light+0x29/0x90
SyS_ioctl+0x4c/0x90
entry_SYSCALL_64_fastpath+0x16/0x73
---[ end trace 37901c8686d84de6 ]---
Reported-by: Borislav Petkov <bp@alien8.de>
Tested-by: Borislav Petkov <bp@alien8.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
1 parent 6fec214
stv0672_vp4.bin.ihex
:1000000001BCE302E303E304E305E306E3079344EF
:1000100056D4934E5651934E51D6934E4F54934EC1
:10002000924F92A4930592F4931B929291E692368A
:100030009274924A928C928EC8D00B4202A0CA92BD
:100040000902C9100A0A0A81E3B8E3B0E3A8E3A0F1
:10005000E398E390E100CFD70A12CC9508B20A18D2
:10006000E10001EE0C084A12C818F09AC022F31CF5
:100070004A13F314C8A0F214F21CEB13D3A26316B4
:10008000489EF018A403F393C058F713519CE9203D
:10009000CFEF63F9922ED35F63FA922ED36763FB9F
:1000A000922ED36FE91A631648A7F020A406F394A2
:1000B000C027F714F513519DF6136318C420CBEF36
:1000C00063FC922ED37763FD922ED37F63FE922E34
:1000D000D38763FF922ED38F6438922ED3976439DF
:1000E000922ED39FE100F53AF43BF7BFF2BCF23D0C
:1000F000E1008087908051D5022202324BD3F71164
:100100000BDAE1000E0202400DB5E3024855E5129C
:10011000A401E81BE390F018A401E8BF8DB84BD10F
:100120004BD80BCB0BC2E100E302E30352D360597F
:10013000E6930D2252D4E6930D2AE398E390E10072
:10014000025D0263E302C81202CAC85202C2826898
:10015000E302C81402CAC89002C20AD0C9930ADADC
:10016000CCD20AE2631202DA0A980AA00AA8E39043
:10017000E100E3020AD0C9930ADACCD20AE26312A0
:1001800002DA0A980AA00AA84991E56AA404C812EA
:1001900002CAC8528289C81402CAC89002C2E39037
:1001A000E1000860E1004853E897085AE100E302E3
:1001B000E30354D36059E6930D52E398E390E100D2
:1001C000029CE3025513931755139317E390E10034
:1001D0007530E302E30355556059E6930DB2E39899
:1001E000E390E10002AEE792E918EA9AE898E81095
:1001F000E811E851D2DAD2F3E813D2FAE850D2EAA1
:10020000E8D0E8D1D30A03094823E52CA003482409
:10021000EA1C0308D2E3D303D313E10002CB059316
:100220005793F09AAC0BE30792EAE29FE506E3B03E
:10023000A002EB1E82D7EA1EE23B859BE91EC89016
:10024000859402DE05805793F0BAAC0692EAE2BFCD
:10025000E506A001EBBF8588E93EC8908581E93EAF
:10026000F0BAF339F03A6017F03AC090F0BAE10012
:10027000003FE302E30358106059E6930DA25812C1
:10028000E6930DAAE398E390E1000301E100030384
:100290009B7D8B8BE302E30358566059E6930DBABE
:1002A000E398E390E100030F9311E100E3024A11A8
:1002B0000B4291AFE390E100F291F091A3FEE100D7
:1002C0006092C05FF013F013595BE213F0115A19FA
:1002D000E213E10000000327686176616E610006A9
:1002E000032CE302E303E9385915595AF29ABC0B7F
:1002F000A40A591EF311F01AE2BB5915F011192A7C
:10030000E502A401EBBFE398E390E1000342192862
:10031000E100E9306079E100E303E3076079934E9F
:10032000E3B8E398E100E91AF01FE233F091E292BA
:08033000E032F031E1000000B1
:00000001FF
Copyright 2001, STMicrolectronics, Inc.
Contact: steve.miller@st.com
Description:
This file contains patch data for the CPiA2 (stv0672) VP4.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
Computing file changes ...
