tree: https://git.kernel.org/pub/scm/virt/kvm/kvm.git queue head: 3d9455d0943947d96caca05da7f5a3da68f3d42b commit: 45eee3200ba5973f579fff50afbde38884fd3ea5 [63/66] KVM: X86: Fix stack-out-of-bounds read in write_mmio config: arm-axm55xx_defconfig (attached as .config) compiler: arm-linux-gnueabi-gcc (Debian 7.2.0-11) 7.2.0 reproduce: wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross git checkout 45eee3200ba5973f579fff50afbde38884fd3ea5 # save the attached .config to linux build tree make.cross ARCH=arm All warnings (new ones prefixed by >>): arch/arm/kvm/../../../virt/kvm/arm/mmio.c: In function 'kvm_handle_mmio_return': >> arch/arm/kvm/../../../virt/kvm/arm/mmio.c:115:11: warning: passing argument 4 of 'trace_kvm_mmio' makes pointer from integer without a cast [-Wint-conversion] data); ^~~~ In file included from include/trace/events/kvm.h:5:0, from arch/arm/kvm/../../../virt/kvm/arm/mmio.c:22: include/linux/tracepoint.h:256:21: note: expected 'void *' but argument is of type 'long unsigned int' static inline void trace_##name(proto) \ ^ include/linux/tracepoint.h:352:2: note: in expansion of macro '__DECLARE_TRACE' __DECLARE_TRACE(name, PARAMS(proto), PARAMS(args), \ ^~~~~~~~~~~~~~~ include/linux/tracepoint.h:488:2: note: in expansion of macro 'DECLARE_TRACE' DECLARE_TRACE(name, PARAMS(proto), PARAMS(args)) ^~~~~~~~~~~~~ include/trace/events/kvm.h:213:1: note: in expansion of macro 'TRACE_EVENT' TRACE_EVENT(kvm_mmio, ^~~~~~~~~~~ arch/arm/kvm/../../../virt/kvm/arm/mmio.c: In function 'io_mem_abort': arch/arm/kvm/../../../virt/kvm/arm/mmio.c:185:56: warning: passing argument 4 of 'trace_kvm_mmio' makes pointer from integer without a cast [-Wint-conversion] trace_kvm_mmio(KVM_TRACE_MMIO_WRITE, len, fault_ipa, data); ^~~~ In file included from include/trace/events/kvm.h:5:0, from arch/arm/kvm/../../../virt/kvm/arm/mmio.c:22: include/linux/tracepoint.h:256:21: note: expected 'void *' but argument is of type 'long unsigned int' static inline void trace_##name(proto) \ ^ include/linux/tracepoint.h:352:2: note: in expansion of macro '__DECLARE_TRACE' __DECLARE_TRACE(name, PARAMS(proto), PARAMS(args), \ ^~~~~~~~~~~~~~~ include/linux/tracepoint.h:488:2: note: in expansion of macro 'DECLARE_TRACE' DECLARE_TRACE(name, PARAMS(proto), PARAMS(args)) ^~~~~~~~~~~~~ include/trace/events/kvm.h:213:1: note: in expansion of macro 'TRACE_EVENT' TRACE_EVENT(kvm_mmio, ^~~~~~~~~~~ vim +/trace_kvm_mmio +115 arch/arm/kvm/../../../virt/kvm/arm/mmio.c 6d89d2d9b arch/arm/kvm/mmio.c Marc Zyngier 2013-02-12 87 45e96ea6b arch/arm/kvm/mmio.c Christoffer Dall 2013-01-20 88 /** 45e96ea6b arch/arm/kvm/mmio.c Christoffer Dall 2013-01-20 89 * kvm_handle_mmio_return -- Handle MMIO loads after user space emulation 83091db98 arch/arm/kvm/mmio.c Christoffer Dall 2016-03-29 90 * or in-kernel IO emulation 83091db98 arch/arm/kvm/mmio.c Christoffer Dall 2016-03-29 91 * 45e96ea6b arch/arm/kvm/mmio.c Christoffer Dall 2013-01-20 92 * @vcpu: The VCPU pointer 45e96ea6b arch/arm/kvm/mmio.c Christoffer Dall 2013-01-20 93 * @run: The VCPU run struct containing the mmio data 45e96ea6b arch/arm/kvm/mmio.c Christoffer Dall 2013-01-20 94 */ 45e96ea6b arch/arm/kvm/mmio.c Christoffer Dall 2013-01-20 95 int kvm_handle_mmio_return(struct kvm_vcpu *vcpu, struct kvm_run *run) 45e96ea6b arch/arm/kvm/mmio.c Christoffer Dall 2013-01-20 96 { 6d89d2d9b arch/arm/kvm/mmio.c Marc Zyngier 2013-02-12 97 unsigned long data; 45e96ea6b arch/arm/kvm/mmio.c Christoffer Dall 2013-01-20 98 unsigned int len; 45e96ea6b arch/arm/kvm/mmio.c Christoffer Dall 2013-01-20 99 int mask; 45e96ea6b arch/arm/kvm/mmio.c Christoffer Dall 2013-01-20 100 45e96ea6b arch/arm/kvm/mmio.c Christoffer Dall 2013-01-20 101 if (!run->mmio.is_write) { 45e96ea6b arch/arm/kvm/mmio.c Christoffer Dall 2013-01-20 102 len = run->mmio.len; f42798c68 arch/arm/kvm/mmio.c Marc Zyngier 2013-03-05 103 if (len > sizeof(unsigned long)) 45e96ea6b arch/arm/kvm/mmio.c Christoffer Dall 2013-01-20 104 return -EINVAL; 45e96ea6b arch/arm/kvm/mmio.c Christoffer Dall 2013-01-20 105 d5a5a0eff arch/arm/kvm/mmio.c Christoffer Dall 2016-04-24 106 data = kvm_mmio_read_buf(run->mmio.data, len); 45e96ea6b arch/arm/kvm/mmio.c Christoffer Dall 2013-01-20 107 f42798c68 arch/arm/kvm/mmio.c Marc Zyngier 2013-03-05 108 if (vcpu->arch.mmio_decode.sign_extend && f42798c68 arch/arm/kvm/mmio.c Marc Zyngier 2013-03-05 109 len < sizeof(unsigned long)) { 45e96ea6b arch/arm/kvm/mmio.c Christoffer Dall 2013-01-20 110 mask = 1U << ((len * 8) - 1); 6d89d2d9b arch/arm/kvm/mmio.c Marc Zyngier 2013-02-12 111 data = (data ^ mask) - mask; 45e96ea6b arch/arm/kvm/mmio.c Christoffer Dall 2013-01-20 112 } 6d89d2d9b arch/arm/kvm/mmio.c Marc Zyngier 2013-02-12 113 6d89d2d9b arch/arm/kvm/mmio.c Marc Zyngier 2013-02-12 114 trace_kvm_mmio(KVM_TRACE_MMIO_READ, len, run->mmio.phys_addr, 6d89d2d9b arch/arm/kvm/mmio.c Marc Zyngier 2013-02-12 @115 data); 6d89d2d9b arch/arm/kvm/mmio.c Marc Zyngier 2013-02-12 116 data = vcpu_data_host_to_guest(vcpu, data, len); bc45a516f arch/arm/kvm/mmio.c Pavel Fedin 2015-12-04 117 vcpu_set_reg(vcpu, vcpu->arch.mmio_decode.rt, data); 45e96ea6b arch/arm/kvm/mmio.c Christoffer Dall 2013-01-20 118 } 45e96ea6b arch/arm/kvm/mmio.c Christoffer Dall 2013-01-20 119 45e96ea6b arch/arm/kvm/mmio.c Christoffer Dall 2013-01-20 120 return 0; 45e96ea6b arch/arm/kvm/mmio.c Christoffer Dall 2013-01-20 121 } 45e96ea6b arch/arm/kvm/mmio.c Christoffer Dall 2013-01-20 122 :::::: The code at line 115 was first introduced by commit :::::: 6d89d2d9b5bac9dbe40ee106ceda9307b6265234 arm/arm64: KVM: MMIO support for BE guest :::::: TO: Marc Zyngier <marc.zyngier@xxxxxxx> :::::: CC: Marc Zyngier <marc.zyngier@xxxxxxx> --- 0-DAY kernel test infrastructure Open Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation
Attachment:
.config.gz
Description: application/gzip
