On 08/18/2016 07:45 AM, Sasha Levin wrote:
> On 08/18/2016 05:05 AM, James Hogan wrote:
>> > commit 8985d50382359e5bf118fdbefc859d0dbf6cebc7 upstream.
>> >
>> > kvm_mips_handle_mapped_seg_tlb_fault() calculates the guest frame number
>> > based on the guest TLB EntryLo values, however it is not range checked
>> > to ensure it lies within the guest_pmap. If the physical memory the
>> > guest refers to is out of range then dump the guest TLB and emit an
>> > internal error.
>> >
>> > Fixes: 858dd5d45733 ("KVM/MIPS32: MMU/TLB operations for the Guest.")
>> > Signed-off-by: James Hogan <james.hogan@xxxxxxxxxx>
>> > Cc: Paolo Bonzini <pbonzini@xxxxxxxxxx>
>> > Cc: "Radim Krčmář" <rkrcmar@xxxxxxxxxx>
>> > Cc: Ralf Baechle <ralf@xxxxxxxxxxxxxx>
>> > Cc: linux-mips@xxxxxxxxxxxxxx
>> > Cc: kvm@xxxxxxxxxxxxxxx
>> > Signed-off-by: Radim Krčmář <rkrcmar@xxxxxxxxxx>
>> > [james.hogan@xxxxxxxxxx: Backport to v3.17.y - v4.4.y]
>> > Signed-off-by: James Hogan <james.hogan@xxxxxxxxxx>
> Hey James,
>
> Thanks for the backport!
>
> Applying this one seems to fail with:
*Applying to this one to 4.1, sorry.
Thanks,
Sasha��.n��������+%�������w��{.n������������ܨ}���Ơz�j:+v�����w����ޙ��&�)ߡ�a����z�ޗ���ݢj��w�f