From mboxrd@z Thu Jan  1 00:00:00 1970
From: bugzilla-daemon@bugzilla.kernel.org
Subject: [Bug 27052] Module KVM : unable to handle kernel NULL pointer
 dereference at
Date: Thu, 10 Feb 2011 13:36:26 GMT
Message-ID: <201102101336.p1ADaQ69014004@demeter2.kernel.org>
References: <bug-27052-28872@https.bugzilla.kernel.org/>
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
To: kvm@vger.kernel.org
Return-path: <kvm-owner@vger.kernel.org>
Received: from demeter2.kernel.org ([140.211.167.42]:56560 "EHLO
	demeter2.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1754290Ab1BJNg1 (ORCPT <rfc822;kvm@vger.kernel.org>);
	Thu, 10 Feb 2011 08:36:27 -0500
Received: from demeter2.kernel.org (localhost.localdomain [127.0.0.1])
	by demeter2.kernel.org (8.14.4/8.14.3) with ESMTP id p1ADaRkG014065
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
	for <kvm@vger.kernel.org>; Thu, 10 Feb 2011 13:36:27 GMT
In-Reply-To: <bug-27052-28872@https.bugzilla.kernel.org/>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

https://bugzilla.kernel.org/show_bug.cgi?id=27052





--- Comment #22 from Marcelo Tosatti <mtosatti@redhat.com>  2011-02-10 13:36:25 ---
Problem description:

Present spte is dropped while syncing 32-bit level 1 shadow page. But
sp->gfns[index] contains uninitialized value (0 or fffffffffffff001), so
gfn->rmap conversion in rmap_remove fails.

However, debug patch from comment #18 verifies that on present spte
instantiation, via mmu_set_spte, sp->gfns[] is initialized correctly.

>>From bug instances of comments 19 and 20, index == 511.

-- 
Configure bugmail: https://bugzilla.kernel.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.