From: Sheng Yang <sheng.yang@intel.com>
Date: Mon, 1 Sep 2008 17:28:59 +0800
Subject: [PATCH] KVM: MMU: Fix overflow of SHADOW_PT_INDEX with EPT in 32pae

EPT is 4 level by default in 32pae (48bits), but virtual address only
got 32 bits. This result in SHADOW_PT_INDEX() overflow when try to
fetch level 4 index.

Fix it by extend virtual address to 64bits in any condition.

Signed-off-by: Sheng Yang <sheng.yang@intel.com>
---
 arch/x86/kvm/mmu.c |    8 +++++++-
 1 files changed, 7 insertions(+), 1 deletions(-)

diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
index f33c594..8ca9aad 100644
--- a/arch/x86/kvm/mmu.c
+++ b/arch/x86/kvm/mmu.c
@@ -943,6 +943,7 @@ static int walk_shadow(struct kvm_shadow_walk *walker,
 	int level;
 	int r;
 	u64 *sptep;
+	u64 ext_addr = addr;
 	unsigned index;

 	shadow_addr = vcpu->arch.mmu.root_hpa;
@@ -954,7 +955,12 @@ static int walk_shadow(struct kvm_shadow_walk *walker,
 	}

 	while (level >= PT_PAGE_TABLE_LEVEL) {
-		index = SHADOW_PT_INDEX(addr, level);
+		/*
+		 * SHADOW_PT_INDEX is overflow with EPT in 32pae mode. Because
+		 * EPT is 4 level (48bits) by default, but the addr got only 32
+		 * bits. Extend addr to 64 bit.
+		 */
+		index = SHADOW_PT_INDEX(ext_addr, level);
 		sptep = ((u64 *)__va(shadow_addr)) + index;
 		r = walker->entry(walker, vcpu, addr, sptep, level);
 		if (r)
--
1.5.4.5