Re: kvm: using uninitialized var in tdp_page_fault
From: Dmitry Vyukov
Date: Sun Feb 28 2016 - 08:08:41 EST
On Tue, Feb 23, 2016 at 3:30 PM, Paolo Bonzini <pbonzini@xxxxxxxxxx> wrote:
>
>
> On 15/01/2016 18:02, Sasha Levin wrote:
>> Hi all,
>>
>> While fuzzing with syzkaller on the latest -next kernel running on a KVM tools
>> guest, I've hit the following use of an uninitialized variable:
>>
>> [ 810.783676] UBSAN: Undefined behaviour in arch/x86/kvm/mmu.c:3502:6
>>
>> [ 810.785650] load of value 179 is not a valid value for type '_Bool'
>
> Can you check this patch:
>
> diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
> index be3cef12706c..fd54613a1204 100644
> --- a/virt/kvm/kvm_main.c
> +++ b/virt/kvm/kvm_main.c
> @@ -1449,8 +1449,11 @@ pfn_t __gfn_to_pfn_memslot(struct
> if (addr == KVM_HVA_ERR_RO_BAD)
> return KVM_PFN_ERR_RO_FAULT;
>
> - if (kvm_is_error_hva(addr))
> + if (kvm_is_error_hva(addr)) {
> + if (writable)
> + *writable = false;
> return KVM_PFN_NOSLOT;
> + }
>
> /* Do not map writable pfn in the readonly memslot. */
> if (writable && memslot_is_readonly(slot)) {
Sasha, does it fix the issue? This patch is still not merged.