[tip:x86/seves 3/75] arch/x86/kvm/svm/nested.c:1153 svm_set_nested_state() error: uninitialized symbol 'save'.

From: Dan Carpenter
Date: Fri Oct 09 2020 - 07:02:09 EST

Next message: Christian Eggers: "[PATCH v6 0/3] i2c: imx: Fix handling of arbitration loss"
Previous message: Naresh Kamboju: "Re: [PATCH v3] spi: fsl-dspi: fix NULL pointer dereference"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

tree: https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git x86/seves
head: 0ddfb1cf3b6b07c97cff16ea69931d986f9622ee
commit: 6ccbd29ade0d159ee1be398dc9defaae567c253d [3/75] KVM: SVM: nested: Don't allocate VMCB structures on stack
config: x86_64-randconfig-m001-20201008 (attached as .config)
compiler: gcc-9 (Debian 9.3.0-15) 9.3.0

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@xxxxxxxxx>
Reported-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>

smatch warnings:
arch/x86/kvm/svm/nested.c:1153 svm_set_nested_state() error: uninitialized symbol 'save'.
arch/x86/kvm/svm/nested.c:1154 svm_set_nested_state() error: uninitialized symbol 'ctl'.

vim +/save +1153 arch/x86/kvm/svm/nested.c

cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1055 static int svm_set_nested_state(struct kvm_vcpu *vcpu,
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1056 struct kvm_nested_state __user *user_kvm_nested_state,
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1057 struct kvm_nested_state *kvm_state)
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1058 {
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1059 struct vcpu_svm *svm = to_svm(vcpu);
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1060 struct vmcb *hsave = svm->nested.hsave;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1061 struct vmcb __user *user_vmcb = (struct vmcb __user *)
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1062 &user_kvm_nested_state->data.svm[0];
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1063 struct vmcb_control_area *ctl;
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1064 struct vmcb_save_area *save;

These aren't initialized.

6ccbd29ade0d159 Joerg Roedel 2020-09-07 1065 int ret;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1066 u32 cr0;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1067
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1068 BUILD_BUG_ON(sizeof(struct vmcb_control_area) + sizeof(struct vmcb_save_area) >
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1069 KVM_STATE_NESTED_SVM_VMCB_SIZE);
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1070
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1071 if (kvm_state->format != KVM_STATE_NESTED_FORMAT_SVM)
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1072 return -EINVAL;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1073
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1074 if (kvm_state->flags & ~(KVM_STATE_NESTED_GUEST_MODE |
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1075 KVM_STATE_NESTED_RUN_PENDING |
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1076 KVM_STATE_NESTED_GIF_SET))
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1077 return -EINVAL;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1078
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1079 /*
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1080 * If in guest mode, vcpu->arch.efer actually refers to the L2 guest's
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1081 * EFER.SVME, but EFER.SVME still has to be 1 for VMRUN to succeed.
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1082 */
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1083 if (!(vcpu->arch.efer & EFER_SVME)) {
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1084 /* GIF=1 and no guest mode are required if SVME=0. */
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1085 if (kvm_state->flags != KVM_STATE_NESTED_GIF_SET)
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1086 return -EINVAL;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1087 }
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1088
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1089 /* SMM temporarily disables SVM, so we cannot be in guest mode. */
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1090 if (is_smm(vcpu) && (kvm_state->flags & KVM_STATE_NESTED_GUEST_MODE))
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1091 return -EINVAL;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1092
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1093 if (!(kvm_state->flags & KVM_STATE_NESTED_GUEST_MODE)) {
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1094 svm_leave_nested(svm);
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1095 goto out_set_gif;
^^^^^^^^^^^^^^^^

cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1096 }
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1097
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1098 if (!page_address_valid(vcpu, kvm_state->hdr.svm.vmcb_pa))
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1099 return -EINVAL;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1100 if (kvm_state->size < sizeof(*kvm_state) + KVM_STATE_NESTED_SVM_VMCB_SIZE)
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1101 return -EINVAL;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1102
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1103 ret = -ENOMEM;
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1104 ctl = kzalloc(sizeof(*ctl), GFP_KERNEL);
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1105 save = kzalloc(sizeof(*save), GFP_KERNEL);
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1106 if (!ctl || !save)
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1107 goto out_free;
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1108
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1109 ret = -EFAULT;
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1110 if (copy_from_user(ctl, &user_vmcb->control, sizeof(*ctl)))
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1111 goto out_free;
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1112 if (copy_from_user(save, &user_vmcb->save, sizeof(*save)))
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1113 goto out_free;
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1114
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1115 ret = -EINVAL;
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1116 if (!nested_vmcb_check_controls(ctl))
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1117 goto out_free;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1118
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1119 /*
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1120 * Processor state contains L2 state. Check that it is
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1121 * valid for guest mode (see nested_vmcb_checks).
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1122 */
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1123 cr0 = kvm_read_cr0(vcpu);
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1124 if (((cr0 & X86_CR0_CD) == 0) && (cr0 & X86_CR0_NW))
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1125 goto out_free;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1126
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1127 /*
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1128 * Validate host state saved from before VMRUN (see
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1129 * nested_svm_check_permissions).
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1130 * TODO: validate reserved bits for all saved state.
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1131 */
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1132 if (!(save->cr0 & X86_CR0_PG))
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1133 goto out_free;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1134
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1135 /*
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1136 * All checks done, we can enter guest mode. L1 control fields
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1137 * come from the nested save state. Guest state is already
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1138 * in the registers, the save area of the nested state instead
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1139 * contains saved L1 state.
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1140 */
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1141 copy_vmcb_control_area(&hsave->control, &svm->vmcb->control);
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1142 hsave->save = *save;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1143
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1144 svm->nested.vmcb = kvm_state->hdr.svm.vmcb_pa;
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1145 load_nested_vmcb_control(svm, ctl);
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1146 nested_prepare_vmcb_control(svm);
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1147
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1148 out_set_gif:
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1149 svm_set_gif(svm, !!(kvm_state->flags & KVM_STATE_NESTED_GIF_SET));
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1150
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1151 ret = 0;
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1152 out_free:
6ccbd29ade0d159 Joerg Roedel 2020-09-07 @1153 kfree(save);
^^^^
6ccbd29ade0d159 Joerg Roedel 2020-09-07 @1154 kfree(ctl);
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1155
6ccbd29ade0d159 Joerg Roedel 2020-09-07 1156 return ret;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13 1157 }

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@xxxxxxxxxxxx

Attachment: .config.gz
Description: application/gzip

Next message: Christian Eggers: "[PATCH v6 0/3] i2c: imx: Fix handling of arbitration loss"
Previous message: Naresh Kamboju: "Re: [PATCH v3] spi: fsl-dspi: fix NULL pointer dereference"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]