| From b5b2268b3b1216ec281e64467f60bb4c1dbb9abb Mon Sep 17 00:00:00 2001 |
| From: Sean Christopherson <sean.j.christopherson@intel.com> |
| Date: Fri, 7 Feb 2020 09:37:42 -0800 |
| Subject: [PATCH] KVM: x86/mmu: Fix struct guest_walker arrays for 5-level |
| paging |
| |
| commit f6ab0107a4942dbf9a5cf0cca3f37e184870a360 upstream. |
| |
| Define PT_MAX_FULL_LEVELS as PT64_ROOT_MAX_LEVEL, i.e. 5, to fix shadow |
| paging for 5-level guest page tables. PT_MAX_FULL_LEVELS is used to |
| size the arrays that track guest pages table information, i.e. using a |
| "max levels" of 4 causes KVM to access garbage beyond the end of an |
| array when querying state for level 5 entries. E.g. FNAME(gpte_changed) |
| will read garbage and most likely return %true for a level 5 entry, |
| soft-hanging the guest because FNAME(fetch) will restart the guest |
| instead of creating SPTEs because it thinks the guest PTE has changed. |
| |
| Note, KVM doesn't yet support 5-level nested EPT, so PT_MAX_FULL_LEVELS |
| gets to stay "4" for the PTTYPE_EPT case. |
| |
| Fixes: 855feb673640 ("KVM: MMU: Add 5 level EPT & Shadow page table support.") |
| Cc: stable@vger.kernel.org |
| Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com> |
| Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> |
| Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> |
| |
| diff --git a/arch/x86/kvm/paging_tmpl.h b/arch/x86/kvm/paging_tmpl.h |
| index 3e491d2cbda0..bc7cb116a628 100644 |
| --- a/arch/x86/kvm/paging_tmpl.h |
| +++ b/arch/x86/kvm/paging_tmpl.h |
| @@ -33,7 +33,7 @@ |
| #define PT_GUEST_ACCESSED_SHIFT PT_ACCESSED_SHIFT |
| #define PT_HAVE_ACCESSED_DIRTY(mmu) true |
| #ifdef CONFIG_X86_64 |
| - #define PT_MAX_FULL_LEVELS 4 |
| + #define PT_MAX_FULL_LEVELS PT64_ROOT_MAX_LEVEL |
| #define CMPXCHG cmpxchg |
| #else |
| #define CMPXCHG cmpxchg64 |
| -- |
| 2.7.4 |
| |
