From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753121AbcBWOa7 (ORCPT ); Tue, 23 Feb 2016 09:30:59 -0500 Received: from mx1.redhat.com ([209.132.183.28]:34372 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751119AbcBWOa6 (ORCPT ); Tue, 23 Feb 2016 09:30:58 -0500 Subject: Re: kvm: using uninitialized var in tdp_page_fault To: Sasha Levin , Gleb Natapov References: <56992619.5030009@oracle.com> Cc: LKML , Dmitry Vyukov , syzkaller From: Paolo Bonzini Message-ID: <56CC6D1E.5070503@redhat.com> Date: Tue, 23 Feb 2016 15:30:54 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.5.0 MIME-Version: 1.0 In-Reply-To: <56992619.5030009@oracle.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 15/01/2016 18:02, Sasha Levin wrote: > Hi all, > > While fuzzing with syzkaller on the latest -next kernel running on a KVM tools > guest, I've hit the following use of an uninitialized variable: > > [ 810.783676] UBSAN: Undefined behaviour in arch/x86/kvm/mmu.c:3502:6 > > [ 810.785650] load of value 179 is not a valid value for type '_Bool' Can you check this patch: diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index be3cef12706c..fd54613a1204 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -1449,8 +1449,11 @@ pfn_t __gfn_to_pfn_memslot(struct if (addr == KVM_HVA_ERR_RO_BAD) return KVM_PFN_ERR_RO_FAULT; - if (kvm_is_error_hva(addr)) + if (kvm_is_error_hva(addr)) { + if (writable) + *writable = false; return KVM_PFN_NOSLOT; + } /* Do not map writable pfn in the readonly memslot. */ if (writable && memslot_is_readonly(slot)) { Thanks, Paolo