From mboxrd@z Thu Jan  1 00:00:00 1970
From: bugzilla-daemon@bugzilla.kernel.org
Subject: [Bug 42980] BUG in gfn_to_pfn_prot
Date: Wed, 28 Mar 2012 13:03:26 GMT
Message-ID: <201203281303.q2SD3QhF032459@bugzilla.kernel.org>
References: <bug-42980-28872@https.bugzilla.kernel.org/>
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
To: kvm@vger.kernel.org
Return-path: <kvm-owner@vger.kernel.org>
Received: from bugzilla.kernel.org ([198.145.19.204]:50226 "EHLO
	bugzilla.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751917Ab2C1ND0 (ORCPT <rfc822;kvm@vger.kernel.org>);
	Wed, 28 Mar 2012 09:03:26 -0400
Received: from bugzilla.kernel.org (localhost [127.0.0.1])
	by bugzilla.kernel.org (8.14.5/8.14.5) with ESMTP id q2SD3QCX032460
	for <kvm@vger.kernel.org>; Wed, 28 Mar 2012 13:03:26 GMT
In-Reply-To: <bug-42980-28872@https.bugzilla.kernel.org/>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

https://bugzilla.kernel.org/show_bug.cgi?id=42980


Avi Kivity <avi@redhat.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |avi@redhat.com




--- Comment #1 from Avi Kivity <avi@redhat.com>  2012-03-28 13:03:25 ---
   0:    89 d0                    mov    %edx,%eax
   2:    8d 4c ff 0c              lea    0xc(%rdi,%rdi,8),%ecx
   6:    4d 89 e0                 mov    %r12,%r8
   9:    48 d3 e8                 shr    %cl,%rax
   c:    4c 03 45 a8              add    -0x58(%rbp),%r8
  10:    25 ff 01 00 00           and    $0x1ff,%eax
  15:    41 39 f6                 cmp    %esi,%r14d
  18:    89 45 bc                 mov    %eax,-0x44(%rbp)
  1b:    89 c0                    mov    %eax,%eax
  1d:    49 8d 04 c0              lea    (%r8,%rax,8),%rax
  21:    48 89 45 b0              mov    %rax,-0x50(%rbp)
  25:    0f 84 e1 00 00 00        je     0x10c
  2b:    4c 8b 00                 mov    (%rax),%r8
  2e:    41 f6 c0 01              test   $0x1,%r8b
  32:    74 40                    je     0x74
  34:    4c 8b 0d 89 80 01 00     mov    0x18089(%rip),%r9        # 0x180c4
  3b:    4d 89 c2                 mov    %r8,%r10

Appears to be __direct_map()'s

        if (!is_shadow_present_pte(*iterator.sptep)) {
            u64 base_addr = iterator.addr;

%rax is 0xffff87ffffffffff. That is one less than the base of the direct map of
all physical memory.  So it looks like the code


static bool shadow_walk_okay(struct kvm_shadow_walk_iterator *iterator)
{
    if (iterator->level < PT_PAGE_TABLE_LEVEL)
        return false;

    iterator->index = SHADOW_PT_INDEX(iterator->addr, iterator->level);
    iterator->sptep    = ((u64 *)__va(iterator->shadow_addr)) +
iterator->index;
    return true;
}

saw iterator->shadow_addr == -1ULL.

That might be INVALID_PAGE assigned to pae_root (but that is masked out in
shadow_walk_init()) or a stray -1 due to a completely unrelated bug.

Anything interesting about how this was triggered?

-- 
Configure bugmail: https://bugzilla.kernel.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.