From mboxrd@z Thu Jan 1 00:00:00 1970 From: Paolo Bonzini Subject: Re: index-out-of-range ubsan warnings Date: Wed, 24 Feb 2016 08:59:51 +0100 Message-ID: <56CD62F7.2090204@redhat.com> References: <20160223092643.GB4396@kmu-ThinkPad-X230> <56CC2F7B.1060607@siemens.com> <56CC37F3.3060308@linux.intel.com> <56CC5CC3.5060208@redhat.com> <56CD4C57.5030402@linux.intel.com> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Cc: Marcelo Tosatti , Sasha Levin To: Xiao Guangrong , Jan Kiszka , Mike Krinkin , kvm@vger.kernel.org Return-path: Received: from mail-wm0-f51.google.com ([74.125.82.51]:34838 "EHLO mail-wm0-f51.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1757926AbcBXH7z (ORCPT ); Wed, 24 Feb 2016 02:59:55 -0500 Received: by mail-wm0-f51.google.com with SMTP id c200so256338213wme.0 for ; Tue, 23 Feb 2016 23:59:55 -0800 (PST) In-Reply-To: <56CD4C57.5030402@linux.intel.com> Sender: kvm-owner@vger.kernel.org List-ID: >> >> This is meant to stop mmu_pages_clear_parents _after_ it has >> processed sp, so the "-1" is correct. The right fix would be: >> >> if (parent->role.level < PT64_ROOT_LEVEL-1) >> parents->parent[parent->role.level - 1] = NULL; >> > > it is okay as mmu_pages_next() will refill the highest level. That would only happen for 64-bit pages, not for 32-bit (both PAE AND non-PAE, including the case of non-paged mode with !unrestricted_guest). On 24/02/2016 07:23, Xiao Guangrong wrote: >> + parents->parent[level-1] = NULL; > > Why? The idea was to move the NULL down at every step (first at parent[1], then at parent[2], then at parent[3], then at parent[4]) but as you note it is wrong because pages are added starting from the parent rather than the children. I think I can put together my patch and yours to build something that works; I'll post it later today. Thanks for your help! Paolo