On 17/09/2015 05:17, Wu, Feng wrote:
>>> > > + if (irq->dest_mode == APIC_DEST_PHYSICAL) {
>>> > > + if (irq->dest_id == 0xFF)
>>> > > + goto out;
>>> > > +
>>> > > + if (irq->dest_id >= ARRAY_SIZE(map->phys_map)) {
>> >
>> > Warning here is wrong, the guest can trigger it.
> Could you please share more information about how the guest
> triggers these conditions (including the following two), Thanks
> a lot!
irq->dest_id is a 16-bit value, so it can be > 255.
> + if (!kvm_apic_logical_map_valid(map)) {
> + WARN_ON_ONCE(1);
Here, the guest can trigger it by setting a few APICs in flat mode and
others in cluster mode, for example.
> + if (cid >= ARRAY_SIZE(map->logical_map)) {
> + WARN_ON_ONCE(1);
In x2apic mode irq->dest_id could have bits 12..15 set.
Paolo
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
