2016-08-11 11:52+0100, James Hogan: > These patches fix several issues in the management of MIPS KVM TLB > faults: > > 1) kvm_mips_handle_mapped_seg_tlb_fault() misbehaves for virtual address > zero, which can be hit if the guest creates such a mapping and > accesses it in a way unexpected for the commpage (e.g. a CACHE > instruction). > > 2) kvm_mips_handle_mapped_seg_tlb_fault() doesn't range check the gfn, > allowing a high mapping by the guest to overflow the guest_pmap[]. > > 3) kvm_mips_handle_kseg0_tlb_fault() has an off by one in its gfn range > check, which could allow an odd sized guest_pmap[] to be overflowed. > > 4) some callers of kvm_mips_handle_kseg0_tlb_fault() and > kvm_mips_handle_mapped_seg_tlb_fault() don't correctly propagate > errors upwards. > > They're all marked for stable but won't apply cleanly before v4.8-rc1 > due to recent changes. I have backports ready though. Applied, thanks.
