From: kernel test robot <lkp@intel.com>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: oe-kbuild-all@lists.linux.dev, kvm@vger.kernel.org,
Farrah Chen <farrah.chen@intel.com>
Subject: [kvm:kvm-mbec 23/42] arch/x86/kvm/mmu/mmu.c:5596:82: sparse: sparse: cast truncates bits from constant value (ffff5555 becomes 5555)
Date: Sun, 03 May 2026 04:25:14 +0800 [thread overview]
Message-ID: <202605030445.y0PllUlP-lkp@intel.com> (raw)
tree: https://git.kernel.org/pub/scm/virt/kvm/kvm.git kvm-mbec
head: 0cd666f1b567c059fb1b7c4de7d3c7a55e1d56e6
commit: 4e6f3b85892327c973fb5e7bf4633dce9ea63ec5 [23/42] KVM: x86/mmu: introduce ACC_READ_MASK
config: x86_64-randconfig-121 (https://download.01.org/0day-ci/archive/20260503/202605030445.y0PllUlP-lkp@intel.com/config)
compiler: gcc-14 (Debian 14.2.0-19) 14.2.0
sparse: v0.6.5-rc1
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20260503/202605030445.y0PllUlP-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202605030445.y0PllUlP-lkp@intel.com/
sparse warnings: (new ones prefixed by >>)
arch/x86/kvm/mmu/mmu.c: note: in included file:
arch/x86/kvm/mmu/paging_tmpl.h:106:24: sparse: sparse: cast truncates bits from constant value (ffffffffff000 becomes fffff000)
arch/x86/kvm/mmu/paging_tmpl.h:440:24: sparse: sparse: cast truncates bits from constant value (ffffffffff000 becomes fffff000)
>> arch/x86/kvm/mmu/mmu.c:5596:82: sparse: sparse: cast truncates bits from constant value (ffff5555 becomes 5555)
>> arch/x86/kvm/mmu/mmu.c:5598:59: sparse: sparse: cast truncates bits from constant value (ffff3333 becomes 3333)
>> arch/x86/kvm/mmu/mmu.c:5607:63: sparse: sparse: cast truncates bits from constant value (ffff00ff becomes ff)
>> arch/x86/kvm/mmu/mmu.c:5614:62: sparse: sparse: cast truncates bits from constant value (ffff0f0f becomes f0f)
arch/x86/kvm/mmu/mmu.c:5617:71: sparse: sparse: cast truncates bits from constant value (ffff00ff becomes ff)
vim +5596 arch/x86/kvm/mmu/mmu.c
5531
5532 /*
5533 * Build a mask with all combinations of PTE access rights that
5534 * include the given access bit. The mask can be queried with
5535 * "mask & (1 << access)", where access is a combination of
5536 * ACC_* bits.
5537 *
5538 * By mixing and matching multiple masks returned by ACC_BITS_MASK,
5539 * update_permission_bitmask() builds what is effectively a
5540 * two-dimensional array of bools. The second dimension is
5541 * provided by individual bits of permissions[pfec >> 1], and
5542 * logical &, | and ~ operations operate on all the 16 possible
5543 * combinations of ACC_* bits.
5544 */
5545 #define ACC_BITS_MASK(access) \
5546 ((1 & (access) ? 1 << 1 : 0) | \
5547 (2 & (access) ? 1 << 2 : 0) | \
5548 (3 & (access) ? 1 << 3 : 0) | \
5549 (4 & (access) ? 1 << 4 : 0) | \
5550 (5 & (access) ? 1 << 5 : 0) | \
5551 (6 & (access) ? 1 << 6 : 0) | \
5552 (7 & (access) ? 1 << 7 : 0) | \
5553 (8 & (access) ? 1 << 8 : 0) | \
5554 (9 & (access) ? 1 << 9 : 0) | \
5555 (10 & (access) ? 1 << 10 : 0) | \
5556 (11 & (access) ? 1 << 11 : 0) | \
5557 (12 & (access) ? 1 << 12 : 0) | \
5558 (13 & (access) ? 1 << 13 : 0) | \
5559 (14 & (access) ? 1 << 14 : 0) | \
5560 (15 & (access) ? 1 << 15 : 0))
5561
5562 static void update_permission_bitmask(struct kvm_mmu *mmu, bool ept)
5563 {
5564 unsigned byte;
5565
5566 const u16 x = ACC_BITS_MASK(ACC_EXEC_MASK);
5567 const u16 w = ACC_BITS_MASK(ACC_WRITE_MASK);
5568 const u16 r = ACC_BITS_MASK(ACC_READ_MASK);
5569
5570 bool cr4_smep = is_cr4_smep(mmu);
5571 bool cr4_smap = is_cr4_smap(mmu);
5572 bool cr0_wp = is_cr0_wp(mmu);
5573 bool efer_nx = is_efer_nx(mmu);
5574
5575 /*
5576 * In hardware, page fault error codes are generated (as the name
5577 * suggests) on any kind of page fault. permission_fault() and
5578 * paging_tmpl.h already use the same bits after a successful page
5579 * table walk, to indicate the kind of access being performed.
5580 *
5581 * However, PFERR_PRESENT_MASK and PFERR_RSVD_MASK are never set here,
5582 * exactly because the page walk is successful. PFERR_PRESENT_MASK is
5583 * removed by the shift, while PFERR_RSVD_MASK is repurposed in
5584 * permission_fault() to indicate accesses that are *not* subject to
5585 * SMAP restrictions.
5586 */
5587 for (byte = 0; byte < ARRAY_SIZE(mmu->permissions); ++byte) {
5588 unsigned pfec = byte << 1;
5589
5590 /*
5591 * Each "*f" variable has a 1 bit for each ACC_* combo
5592 * that causes a fault with the given PFEC.
5593 */
5594
5595 /* Faults from reads to non-readable pages */
> 5596 u16 rf = (pfec & (PFERR_WRITE_MASK|PFERR_FETCH_MASK)) ? 0 : (u16)~r;
5597 /* Faults from writes to non-writable pages */
> 5598 u16 wf = (pfec & PFERR_WRITE_MASK) ? (u16)~w : 0;
5599 /* Faults from user mode accesses to supervisor pages */
5600 u16 uf = 0;
5601 /* Faults from fetches of non-executable pages */
5602 u16 ff = 0;
5603 /* Faults from kernel mode accesses of user pages */
5604 u16 smapf = 0;
5605
5606 if (ept) {
> 5607 ff = (pfec & PFERR_FETCH_MASK) ? (u16)~x : 0;
5608 } else {
5609 const u16 u = ACC_BITS_MASK(ACC_USER_MASK);
5610
5611 /* Faults from kernel mode accesses to user pages */
5612 u16 kf = (pfec & PFERR_USER_MASK) ? 0 : u;
5613
> 5614 uf = (pfec & PFERR_USER_MASK) ? (u16)~u : 0;
5615
5616 if (efer_nx)
5617 ff = (pfec & PFERR_FETCH_MASK) ? (u16)~x : 0;
5618
5619 /* Allow supervisor writes if !cr0.wp */
5620 if (!cr0_wp)
5621 wf = (pfec & PFERR_USER_MASK) ? wf : 0;
5622
5623 /* Disallow supervisor fetches of user code if cr4.smep */
5624 if (cr4_smep)
5625 ff |= (pfec & PFERR_FETCH_MASK) ? kf : 0;
5626
5627 /*
5628 * SMAP:kernel-mode data accesses from user-mode
5629 * mappings should fault. A fault is considered
5630 * as a SMAP violation if all of the following
5631 * conditions are true:
5632 * - X86_CR4_SMAP is set in CR4
5633 * - A user page is accessed
5634 * - The access is not a fetch
5635 * - The access is supervisor mode
5636 * - If implicit supervisor access or X86_EFLAGS_AC is clear
5637 *
5638 * Here, we cover the first four conditions. The fifth
5639 * is computed dynamically in permission_fault() and
5640 * communicated by setting PFERR_RSVD_MASK.
5641 */
5642 if (cr4_smap)
5643 smapf = (pfec & (PFERR_RSVD_MASK|PFERR_FETCH_MASK)) ? 0 : kf;
5644 }
5645
5646 mmu->permissions[byte] = ff | uf | wf | rf | smapf;
5647 }
5648 }
5649
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
reply other threads:[~2026-05-02 20:25 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202605030445.y0PllUlP-lkp@intel.com \
--to=lkp@intel.com \
--cc=farrah.chen@intel.com \
--cc=kvm@vger.kernel.org \
--cc=oe-kbuild-all@lists.linux.dev \
--cc=pbonzini@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox