From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Yang, Sheng" Subject: [PATCH] KVM: MMU: Fix overflow of SHADOW_PT_INDEX with EPT in 32pae Date: Mon, 1 Sep 2008 17:32:55 +0800 Message-ID: <200809011732.55508.sheng.yang@intel.com> Mime-Version: 1.0 Content-Type: Multipart/Mixed; boundary="Boundary-00=_Hb7uInMW7fftoqw" Cc: kvm@vger.kernel.org To: Avi Kivity Return-path: Received: from mga09.intel.com ([134.134.136.24]:25885 "EHLO mga09.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751424AbYIAJaI (ORCPT ); Mon, 1 Sep 2008 05:30:08 -0400 Content-Disposition: inline Sender: kvm-owner@vger.kernel.org List-ID: --Boundary-00=_Hb7uInMW7fftoqw Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline From: Sheng Yang Date: Mon, 1 Sep 2008 17:28:59 +0800 Subject: [PATCH] KVM: MMU: Fix overflow of SHADOW_PT_INDEX with EPT in 32pae EPT is 4 level by default in 32pae (48bits), but virtual address only got 32 bits. This result in SHADOW_PT_INDEX() overflow when try to fetch level 4 index. Fix it by extend virtual address to 64bits in any condition. Signed-off-by: Sheng Yang --- arch/x86/kvm/mmu.c | 8 +++++++- 1 files changed, 7 insertions(+), 1 deletions(-) diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c index f33c594..8ca9aad 100644 --- a/arch/x86/kvm/mmu.c +++ b/arch/x86/kvm/mmu.c @@ -943,6 +943,7 @@ static int walk_shadow(struct kvm_shadow_walk *walker, int level; int r; u64 *sptep; + u64 ext_addr = addr; unsigned index; shadow_addr = vcpu->arch.mmu.root_hpa; @@ -954,7 +955,12 @@ static int walk_shadow(struct kvm_shadow_walk *walker, } while (level >= PT_PAGE_TABLE_LEVEL) { - index = SHADOW_PT_INDEX(addr, level); + /* + * SHADOW_PT_INDEX is overflow with EPT in 32pae mode. Because + * EPT is 4 level (48bits) by default, but the addr got only 32 + * bits. Extend addr to 64 bit. + */ + index = SHADOW_PT_INDEX(ext_addr, level); sptep = ((u64 *)__va(shadow_addr)) + index; r = walker->entry(walker, vcpu, addr, sptep, level); if (r) -- 1.5.4.5 --Boundary-00=_Hb7uInMW7fftoqw Content-Type: text/x-diff; charset="us-ascii"; name="0001-KVM-MMU-Fix-overflow-of-SHADOW_PT_INDEX-with-EPT-i.patch" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="0001-KVM-MMU-Fix-overflow-of-SHADOW_PT_INDEX-with-EPT-i.patch" =46rom d04ca5ce11171da3ba0f3523767cdb4f35731476 Mon Sep 17 00:00:00 2001 =46rom: Sheng Yang Date: Mon, 1 Sep 2008 17:28:59 +0800 Subject: [PATCH] KVM: MMU: Fix overflow of SHADOW_PT_INDEX with EPT in 32pae EPT is 4 level by default in 32pae (48bits), but virtual address only got 32 bits. This result in SHADOW_PT_INDEX() overflow when try to fetch level 4 index. =46ix it by extend virtual address to 64bits in any condition. Signed-off-by: Sheng Yang =2D-- arch/x86/kvm/mmu.c | 8 +++++++- 1 files changed, 7 insertions(+), 1 deletions(-) diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c index f33c594..8ca9aad 100644 =2D-- a/arch/x86/kvm/mmu.c +++ b/arch/x86/kvm/mmu.c @@ -943,6 +943,7 @@ static int walk_shadow(struct kvm_shadow_walk *walker, int level; int r; u64 *sptep; + u64 ext_addr =3D addr; unsigned index; =20 shadow_addr =3D vcpu->arch.mmu.root_hpa; @@ -954,7 +955,12 @@ static int walk_shadow(struct kvm_shadow_walk *walker, } =20 while (level >=3D PT_PAGE_TABLE_LEVEL) { =2D index =3D SHADOW_PT_INDEX(addr, level); + /* + * SHADOW_PT_INDEX is overflow with EPT in 32pae mode. Because + * EPT is 4 level (48bits) by default, but the addr got only 32 + * bits. Extend addr to 64 bit. + */ + index =3D SHADOW_PT_INDEX(ext_addr, level); sptep =3D ((u64 *)__va(shadow_addr)) + index; r =3D walker->entry(walker, vcpu, addr, sptep, level); if (r) =2D-=20 1.5.4.5 --Boundary-00=_Hb7uInMW7fftoqw--