https://bugzilla.kernel.org/show_bug.cgi?id=210695 Richard Herbert (rherbert@xxxxxxxxxxxx) changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |CODE_FIX --- Comment #8 from Richard Herbert (rherbert@xxxxxxxxxxxx) --- Get the so called "root" level from the low level shadow page table walkers instead of manually attempting to calculate it higher up the stack, e.g. in get_mmio_spte(). When KVM is using PAE shadow paging, the starting level of the walk, from the callers perspective, is not the CR3 root but rather the PDPTR "root". Checking for reserved bits from the CR3 root causes get_mmio_spte() to consume uninitialized stack data due to indexing into sptes[] for a level that was not filled by get_walk(). This can result in false positives and/or negatives depending on what garbage happens to be on the stack. Opportunistically nuke a few extra newlines. Fixes: 95fb5b0258b7 ("kvm: x86/mmu: Support MMIO in the TDP MMU") Signed-off-by: Sean Christopherson <seanjc@xxxxxxxxxx> Marking as RESOLVED, with Thanks. -- You may reply to this email to add a comment. You are receiving this mail because: You are watching the assignee of the bug.