From: Dan Carpenter <dan.carpenter@oracle.com>
To: kbuild@lists.01.org
Subject: [tip:x86/seves 3/75] arch/x86/kvm/svm/nested.c:1153 svm_set_nested_state() error: uninitialized symbol 'save'.
Date: Fri, 09 Oct 2020 14:01:40 +0300 [thread overview]
Message-ID: <20201009110140.GG1042@kadam> (raw)
[-- Attachment #1: Type: text/plain, Size: 9019 bytes --]
tree: https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git x86/seves
head: 0ddfb1cf3b6b07c97cff16ea69931d986f9622ee
commit: 6ccbd29ade0d159ee1be398dc9defaae567c253d [3/75] KVM: SVM: nested: Don't allocate VMCB structures on stack
config: x86_64-randconfig-m001-20201008 (attached as .config)
compiler: gcc-9 (Debian 9.3.0-15) 9.3.0
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
smatch warnings:
arch/x86/kvm/svm/nested.c:1153 svm_set_nested_state() error: uninitialized symbol 'save'.
arch/x86/kvm/svm/nested.c:1154 svm_set_nested_state() error: uninitialized symbol 'ctl'.
vim +/save +1153 arch/x86/kvm/svm/nested.c
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1055 static int svm_set_nested_state(struct kvm_vcpu *vcpu,
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1056 struct kvm_nested_state __user *user_kvm_nested_state,
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1057 struct kvm_nested_state *kvm_state)
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1058 {
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1059 struct vcpu_svm *svm = to_svm(vcpu);
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1060 struct vmcb *hsave = svm->nested.hsave;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1061 struct vmcb __user *user_vmcb = (struct vmcb __user *)
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1062 &user_kvm_nested_state->data.svm[0];
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1063 struct vmcb_control_area *ctl;
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1064 struct vmcb_save_area *save;
These aren't initialized.
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1065 int ret;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1066 u32 cr0;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1067
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1068 BUILD_BUG_ON(sizeof(struct vmcb_control_area) + sizeof(struct vmcb_save_area) >
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1069 KVM_STATE_NESTED_SVM_VMCB_SIZE);
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1070
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1071 if (kvm_state->format != KVM_STATE_NESTED_FORMAT_SVM)
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1072 return -EINVAL;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1073
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1074 if (kvm_state->flags & ~(KVM_STATE_NESTED_GUEST_MODE |
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1075 KVM_STATE_NESTED_RUN_PENDING |
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1076 KVM_STATE_NESTED_GIF_SET))
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1077 return -EINVAL;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1078
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1079 /*
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1080 * If in guest mode, vcpu->arch.efer actually refers to the L2 guest's
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1081 * EFER.SVME, but EFER.SVME still has to be 1 for VMRUN to succeed.
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1082 */
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1083 if (!(vcpu->arch.efer & EFER_SVME)) {
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1084 /* GIF=1 and no guest mode are required if SVME=0. */
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1085 if (kvm_state->flags != KVM_STATE_NESTED_GIF_SET)
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1086 return -EINVAL;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1087 }
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1088
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1089 /* SMM temporarily disables SVM, so we cannot be in guest mode. */
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1090 if (is_smm(vcpu) && (kvm_state->flags & KVM_STATE_NESTED_GUEST_MODE))
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1091 return -EINVAL;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1092
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1093 if (!(kvm_state->flags & KVM_STATE_NESTED_GUEST_MODE)) {
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1094 svm_leave_nested(svm);
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1095 goto out_set_gif;
^^^^^^^^^^^^^^^^
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1096 }
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1097
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1098 if (!page_address_valid(vcpu, kvm_state->hdr.svm.vmcb_pa))
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1099 return -EINVAL;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1100 if (kvm_state->size < sizeof(*kvm_state) + KVM_STATE_NESTED_SVM_VMCB_SIZE)
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1101 return -EINVAL;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1102
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1103 ret = -ENOMEM;
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1104 ctl = kzalloc(sizeof(*ctl), GFP_KERNEL);
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1105 save = kzalloc(sizeof(*save), GFP_KERNEL);
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1106 if (!ctl || !save)
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1107 goto out_free;
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1108
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1109 ret = -EFAULT;
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1110 if (copy_from_user(ctl, &user_vmcb->control, sizeof(*ctl)))
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1111 goto out_free;
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1112 if (copy_from_user(save, &user_vmcb->save, sizeof(*save)))
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1113 goto out_free;
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1114
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1115 ret = -EINVAL;
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1116 if (!nested_vmcb_check_controls(ctl))
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1117 goto out_free;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1118
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1119 /*
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1120 * Processor state contains L2 state. Check that it is
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1121 * valid for guest mode (see nested_vmcb_checks).
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1122 */
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1123 cr0 = kvm_read_cr0(vcpu);
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1124 if (((cr0 & X86_CR0_CD) == 0) && (cr0 & X86_CR0_NW))
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1125 goto out_free;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1126
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1127 /*
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1128 * Validate host state saved from before VMRUN (see
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1129 * nested_svm_check_permissions).
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1130 * TODO: validate reserved bits for all saved state.
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1131 */
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1132 if (!(save->cr0 & X86_CR0_PG))
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1133 goto out_free;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1134
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1135 /*
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1136 * All checks done, we can enter guest mode. L1 control fields
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1137 * come from the nested save state. Guest state is already
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1138 * in the registers, the save area of the nested state instead
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1139 * contains saved L1 state.
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1140 */
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1141 copy_vmcb_control_area(&hsave->control, &svm->vmcb->control);
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1142 hsave->save = *save;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1143
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1144 svm->nested.vmcb = kvm_state->hdr.svm.vmcb_pa;
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1145 load_nested_vmcb_control(svm, ctl);
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1146 nested_prepare_vmcb_control(svm);
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1147
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1148 out_set_gif:
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1149 svm_set_gif(svm, !!(kvm_state->flags & KVM_STATE_NESTED_GIF_SET));
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1150
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1151 ret = 0;
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1152 out_free:
6ccbd29ade0d159 Joerg Roedel 2020-09-07 @1153 kfree(save);
^^^^
6ccbd29ade0d159 Joerg Roedel 2020-09-07 @1154 kfree(ctl);
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1155
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1156 return ret;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1157 }
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 41442 bytes --]
WARNING: multiple messages have this Message-ID (diff)
From: Dan Carpenter <dan.carpenter@oracle.com>
To: kbuild-all@lists.01.org
Subject: [tip:x86/seves 3/75] arch/x86/kvm/svm/nested.c:1153 svm_set_nested_state() error: uninitialized symbol 'save'.
Date: Fri, 09 Oct 2020 14:01:40 +0300 [thread overview]
Message-ID: <20201009110140.GG1042@kadam> (raw)
[-- Attachment #1: Type: text/plain, Size: 9019 bytes --]
tree: https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git x86/seves
head: 0ddfb1cf3b6b07c97cff16ea69931d986f9622ee
commit: 6ccbd29ade0d159ee1be398dc9defaae567c253d [3/75] KVM: SVM: nested: Don't allocate VMCB structures on stack
config: x86_64-randconfig-m001-20201008 (attached as .config)
compiler: gcc-9 (Debian 9.3.0-15) 9.3.0
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
smatch warnings:
arch/x86/kvm/svm/nested.c:1153 svm_set_nested_state() error: uninitialized symbol 'save'.
arch/x86/kvm/svm/nested.c:1154 svm_set_nested_state() error: uninitialized symbol 'ctl'.
vim +/save +1153 arch/x86/kvm/svm/nested.c
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1055 static int svm_set_nested_state(struct kvm_vcpu *vcpu,
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1056 struct kvm_nested_state __user *user_kvm_nested_state,
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1057 struct kvm_nested_state *kvm_state)
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1058 {
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1059 struct vcpu_svm *svm = to_svm(vcpu);
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1060 struct vmcb *hsave = svm->nested.hsave;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1061 struct vmcb __user *user_vmcb = (struct vmcb __user *)
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1062 &user_kvm_nested_state->data.svm[0];
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1063 struct vmcb_control_area *ctl;
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1064 struct vmcb_save_area *save;
These aren't initialized.
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1065 int ret;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1066 u32 cr0;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1067
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1068 BUILD_BUG_ON(sizeof(struct vmcb_control_area) + sizeof(struct vmcb_save_area) >
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1069 KVM_STATE_NESTED_SVM_VMCB_SIZE);
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1070
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1071 if (kvm_state->format != KVM_STATE_NESTED_FORMAT_SVM)
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1072 return -EINVAL;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1073
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1074 if (kvm_state->flags & ~(KVM_STATE_NESTED_GUEST_MODE |
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1075 KVM_STATE_NESTED_RUN_PENDING |
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1076 KVM_STATE_NESTED_GIF_SET))
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1077 return -EINVAL;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1078
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1079 /*
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1080 * If in guest mode, vcpu->arch.efer actually refers to the L2 guest's
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1081 * EFER.SVME, but EFER.SVME still has to be 1 for VMRUN to succeed.
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1082 */
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1083 if (!(vcpu->arch.efer & EFER_SVME)) {
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1084 /* GIF=1 and no guest mode are required if SVME=0. */
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1085 if (kvm_state->flags != KVM_STATE_NESTED_GIF_SET)
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1086 return -EINVAL;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1087 }
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1088
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1089 /* SMM temporarily disables SVM, so we cannot be in guest mode. */
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1090 if (is_smm(vcpu) && (kvm_state->flags & KVM_STATE_NESTED_GUEST_MODE))
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1091 return -EINVAL;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1092
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1093 if (!(kvm_state->flags & KVM_STATE_NESTED_GUEST_MODE)) {
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1094 svm_leave_nested(svm);
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1095 goto out_set_gif;
^^^^^^^^^^^^^^^^
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1096 }
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1097
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1098 if (!page_address_valid(vcpu, kvm_state->hdr.svm.vmcb_pa))
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1099 return -EINVAL;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1100 if (kvm_state->size < sizeof(*kvm_state) + KVM_STATE_NESTED_SVM_VMCB_SIZE)
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1101 return -EINVAL;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1102
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1103 ret = -ENOMEM;
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1104 ctl = kzalloc(sizeof(*ctl), GFP_KERNEL);
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1105 save = kzalloc(sizeof(*save), GFP_KERNEL);
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1106 if (!ctl || !save)
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1107 goto out_free;
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1108
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1109 ret = -EFAULT;
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1110 if (copy_from_user(ctl, &user_vmcb->control, sizeof(*ctl)))
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1111 goto out_free;
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1112 if (copy_from_user(save, &user_vmcb->save, sizeof(*save)))
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1113 goto out_free;
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1114
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1115 ret = -EINVAL;
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1116 if (!nested_vmcb_check_controls(ctl))
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1117 goto out_free;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1118
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1119 /*
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1120 * Processor state contains L2 state. Check that it is
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1121 * valid for guest mode (see nested_vmcb_checks).
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1122 */
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1123 cr0 = kvm_read_cr0(vcpu);
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1124 if (((cr0 & X86_CR0_CD) == 0) && (cr0 & X86_CR0_NW))
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1125 goto out_free;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1126
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1127 /*
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1128 * Validate host state saved from before VMRUN (see
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1129 * nested_svm_check_permissions).
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1130 * TODO: validate reserved bits for all saved state.
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1131 */
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1132 if (!(save->cr0 & X86_CR0_PG))
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1133 goto out_free;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1134
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1135 /*
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1136 * All checks done, we can enter guest mode. L1 control fields
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1137 * come from the nested save state. Guest state is already
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1138 * in the registers, the save area of the nested state instead
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1139 * contains saved L1 state.
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1140 */
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1141 copy_vmcb_control_area(&hsave->control, &svm->vmcb->control);
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1142 hsave->save = *save;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1143
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1144 svm->nested.vmcb = kvm_state->hdr.svm.vmcb_pa;
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1145 load_nested_vmcb_control(svm, ctl);
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1146 nested_prepare_vmcb_control(svm);
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1147
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1148 out_set_gif:
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1149 svm_set_gif(svm, !!(kvm_state->flags & KVM_STATE_NESTED_GIF_SET));
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1150
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1151 ret = 0;
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1152 out_free:
6ccbd29ade0d159 Joerg Roedel 2020-09-07 @1153 kfree(save);
^^^^
6ccbd29ade0d159 Joerg Roedel 2020-09-07 @1154 kfree(ctl);
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1155
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1156 return ret;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1157 }
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 41442 bytes --]
WARNING: multiple messages have this Message-ID (diff)
From: Dan Carpenter <dan.carpenter@oracle.com>
To: kbuild@lists.01.org, Joerg Roedel <jroedel@suse.de>
Cc: lkp@intel.com, kbuild-all@lists.01.org,
linux-kernel@vger.kernel.org, x86@kernel.org,
Borislav Petkov <bp@suse.de>
Subject: [tip:x86/seves 3/75] arch/x86/kvm/svm/nested.c:1153 svm_set_nested_state() error: uninitialized symbol 'save'.
Date: Fri, 9 Oct 2020 14:01:40 +0300 [thread overview]
Message-ID: <20201009110140.GG1042@kadam> (raw)
[-- Attachment #1: Type: text/plain, Size: 8888 bytes --]
tree: https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git x86/seves
head: 0ddfb1cf3b6b07c97cff16ea69931d986f9622ee
commit: 6ccbd29ade0d159ee1be398dc9defaae567c253d [3/75] KVM: SVM: nested: Don't allocate VMCB structures on stack
config: x86_64-randconfig-m001-20201008 (attached as .config)
compiler: gcc-9 (Debian 9.3.0-15) 9.3.0
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
smatch warnings:
arch/x86/kvm/svm/nested.c:1153 svm_set_nested_state() error: uninitialized symbol 'save'.
arch/x86/kvm/svm/nested.c:1154 svm_set_nested_state() error: uninitialized symbol 'ctl'.
vim +/save +1153 arch/x86/kvm/svm/nested.c
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1055 static int svm_set_nested_state(struct kvm_vcpu *vcpu,
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1056 struct kvm_nested_state __user *user_kvm_nested_state,
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1057 struct kvm_nested_state *kvm_state)
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1058 {
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1059 struct vcpu_svm *svm = to_svm(vcpu);
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1060 struct vmcb *hsave = svm->nested.hsave;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1061 struct vmcb __user *user_vmcb = (struct vmcb __user *)
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1062 &user_kvm_nested_state->data.svm[0];
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1063 struct vmcb_control_area *ctl;
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1064 struct vmcb_save_area *save;
These aren't initialized.
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1065 int ret;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1066 u32 cr0;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1067
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1068 BUILD_BUG_ON(sizeof(struct vmcb_control_area) + sizeof(struct vmcb_save_area) >
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1069 KVM_STATE_NESTED_SVM_VMCB_SIZE);
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1070
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1071 if (kvm_state->format != KVM_STATE_NESTED_FORMAT_SVM)
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1072 return -EINVAL;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1073
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1074 if (kvm_state->flags & ~(KVM_STATE_NESTED_GUEST_MODE |
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1075 KVM_STATE_NESTED_RUN_PENDING |
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1076 KVM_STATE_NESTED_GIF_SET))
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1077 return -EINVAL;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1078
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1079 /*
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1080 * If in guest mode, vcpu->arch.efer actually refers to the L2 guest's
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1081 * EFER.SVME, but EFER.SVME still has to be 1 for VMRUN to succeed.
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1082 */
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1083 if (!(vcpu->arch.efer & EFER_SVME)) {
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1084 /* GIF=1 and no guest mode are required if SVME=0. */
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1085 if (kvm_state->flags != KVM_STATE_NESTED_GIF_SET)
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1086 return -EINVAL;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1087 }
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1088
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1089 /* SMM temporarily disables SVM, so we cannot be in guest mode. */
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1090 if (is_smm(vcpu) && (kvm_state->flags & KVM_STATE_NESTED_GUEST_MODE))
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1091 return -EINVAL;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1092
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1093 if (!(kvm_state->flags & KVM_STATE_NESTED_GUEST_MODE)) {
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1094 svm_leave_nested(svm);
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1095 goto out_set_gif;
^^^^^^^^^^^^^^^^
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1096 }
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1097
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1098 if (!page_address_valid(vcpu, kvm_state->hdr.svm.vmcb_pa))
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1099 return -EINVAL;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1100 if (kvm_state->size < sizeof(*kvm_state) + KVM_STATE_NESTED_SVM_VMCB_SIZE)
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1101 return -EINVAL;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1102
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1103 ret = -ENOMEM;
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1104 ctl = kzalloc(sizeof(*ctl), GFP_KERNEL);
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1105 save = kzalloc(sizeof(*save), GFP_KERNEL);
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1106 if (!ctl || !save)
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1107 goto out_free;
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1108
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1109 ret = -EFAULT;
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1110 if (copy_from_user(ctl, &user_vmcb->control, sizeof(*ctl)))
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1111 goto out_free;
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1112 if (copy_from_user(save, &user_vmcb->save, sizeof(*save)))
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1113 goto out_free;
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1114
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1115 ret = -EINVAL;
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1116 if (!nested_vmcb_check_controls(ctl))
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1117 goto out_free;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1118
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1119 /*
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1120 * Processor state contains L2 state. Check that it is
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1121 * valid for guest mode (see nested_vmcb_checks).
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1122 */
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1123 cr0 = kvm_read_cr0(vcpu);
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1124 if (((cr0 & X86_CR0_CD) == 0) && (cr0 & X86_CR0_NW))
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1125 goto out_free;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1126
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1127 /*
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1128 * Validate host state saved from before VMRUN (see
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1129 * nested_svm_check_permissions).
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1130 * TODO: validate reserved bits for all saved state.
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1131 */
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1132 if (!(save->cr0 & X86_CR0_PG))
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1133 goto out_free;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1134
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1135 /*
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1136 * All checks done, we can enter guest mode. L1 control fields
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1137 * come from the nested save state. Guest state is already
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1138 * in the registers, the save area of the nested state instead
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1139 * contains saved L1 state.
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1140 */
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1141 copy_vmcb_control_area(&hsave->control, &svm->vmcb->control);
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1142 hsave->save = *save;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1143
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1144 svm->nested.vmcb = kvm_state->hdr.svm.vmcb_pa;
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1145 load_nested_vmcb_control(svm, ctl);
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1146 nested_prepare_vmcb_control(svm);
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1147
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1148 out_set_gif:
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1149 svm_set_gif(svm, !!(kvm_state->flags & KVM_STATE_NESTED_GIF_SET));
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1150
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1151 ret = 0;
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1152 out_free:
6ccbd29ade0d159 Joerg Roedel 2020-09-07 @1153 kfree(save);
^^^^
6ccbd29ade0d159 Joerg Roedel 2020-09-07 @1154 kfree(ctl);
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1155
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1156 return ret;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1157 }
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 41442 bytes --]
next reply other threads:[~2020-10-09 11:01 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-09 11:01 Dan Carpenter [this message]
2020-10-09 11:01 ` [tip:x86/seves 3/75] arch/x86/kvm/svm/nested.c:1153 svm_set_nested_state() error: uninitialized symbol 'save' Dan Carpenter
2020-10-09 11:01 ` Dan Carpenter
-- strict thread matches above, loose matches on Subject: below --
2020-10-07 22:25 kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201009110140.GG1042@kadam \
--to=dan.carpenter@oracle.com \
--cc=kbuild@lists.01.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.