Received: by 10.223.185.116 with SMTP id b49csp6327840wrg; Wed, 28 Feb 2018 07:38:37 -0800 (PST) X-Google-Smtp-Source: AH8x2254AlpW0TpuowPGVZ+Z1/Xu7j8llY05GGZXGg6KybAMS2ZZJO5iVfeagPrLkUtaGE0V1hs1 X-Received: by 2002:a17:902:594c:: with SMTP id e12-v6mr18715588plj.323.1519832317182; Wed, 28 Feb 2018 07:38:37 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1519832317; cv=none; d=google.com; s=arc-20160816; b=T0VfKTcky489Nd/Q+ND3tTGAFZIKNHc+i56PLqFjxlVJZO684vi11Ff+zjevmGy968 MsIUleM0WJgtQqUbsHmJZeVQ7Plt5/DukfJEh3VfX3qggCziAdOfN4/eZk/oI4oEyzC3 nmyMBIQ9/ofeM+HKKU5u/SyCoYoYo29U9trdsJQzaH54qH79pfiLiEKCUX++ERV9EiSS Ov9ZN8YHjhC+pp4uzJ8PxIteKG/XEydYdMRucDCHcAGd4hzUcdx6IfPNkAgGNggYeyH7 BawMc3CtlsV+6tQ1JZmqyGe9poEjL30WjcV9d8saacdzmj/SsjcEThufnA6jrkG2Iqmi mJbQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:subject:message-id:date:cc:to :from:mime-version:content-transfer-encoding:content-disposition :arc-authentication-results; bh=q+i7BY2wyPmLMUamTzmtD9M8bphAr/G02me1JyHWoM8=; b=WBUN+5ZDbpd+I4cWhkNk5mBUkru0AlR12wfJva47LMZ9Z9kCxf0VdVoFAc3SvHoW30 p7fZK9ll8F788ryMEsUgvYvzeEoXWpZfvbMeOZGwZES1R11WxTiux/JADZOokAP81E50 YD/tqNWqIfXhlztZv1GC7cf6ilf6HSHP+BLQtVNU7tlhmxPmHaZbEubU622Ktxj0i78M tI1jBsSVasCLuxiFE+ACE1BKjW2JQMYp0hOUdVD36d1KINgb5x2Pw5kWsnSJN8HNUzCW G2kUs2gn3lXJoztHScWDvDjSwwDWjc+k1ZkmVB2oY35FtivgwujnDJw7H0AVPbnqbZLz iZjw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f33-v6si1460854plb.482.2018.02.28.07.38.22; Wed, 28 Feb 2018 07:38:37 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932685AbeB1Per (ORCPT + 99 others); Wed, 28 Feb 2018 10:34:47 -0500 Received: from shadbolt.e.decadent.org.uk ([88.96.1.126]:33323 "EHLO shadbolt.e.decadent.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752833AbeB1PWh (ORCPT ); Wed, 28 Feb 2018 10:22:37 -0500 Received: from [2a02:8011:400e:2:6f00:88c8:c921:d332] (helo=deadeye) by shadbolt.decadent.org.uk with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1er3Ye-0006XP-O2; Wed, 28 Feb 2018 15:22:17 +0000 Received: from ben by deadeye with local (Exim 4.90_1) (envelope-from ) id 1er3Yd-0008Ox-Rm; Wed, 28 Feb 2018 15:22:15 +0000 Content-Type: text/plain; charset="UTF-8" Content-Disposition: inline Content-Transfer-Encoding: 8bit MIME-Version: 1.0 From: Ben Hutchings To: linux-kernel@vger.kernel.org, stable@vger.kernel.org CC: akpm@linux-foundation.org, "Christoffer Dall" , "Kristina Martsenko" , "Marc Zyngier" Date: Wed, 28 Feb 2018 15:20:18 +0000 Message-ID: X-Mailer: LinuxStableQueue (scripts by bwh) Subject: [PATCH 3.16 034/254] arm: KVM: Fix VTTBR_BADDR_MASK BUG_ON off-by-one In-Reply-To: X-SA-Exim-Connect-IP: 2a02:8011:400e:2:6f00:88c8:c921:d332 X-SA-Exim-Mail-From: ben@decadent.org.uk X-SA-Exim-Scanned: No (on shadbolt.decadent.org.uk); SAEximRunCond expanded to false Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 3.16.55-rc1 review patch. If anyone has any objections, please let me know. ------------------ From: Marc Zyngier commit 5553b142be11e794ebc0805950b2e8313f93d718 upstream. VTTBR_BADDR_MASK is used to sanity check the size and alignment of the VTTBR address. It seems to currently be off by one, thereby only allowing up to 39-bit addresses (instead of 40-bit) and also insufficiently checking the alignment. This patch fixes it. This patch is the 32bit pendent of Kristina's arm64 fix, and she deserves the actual kudos for pinpointing that one. Fixes: f7ed45be3ba52 ("KVM: ARM: World-switch implementation") Reported-by: Kristina Martsenko Reviewed-by: Christoffer Dall Signed-off-by: Marc Zyngier Signed-off-by: Christoffer Dall [bwh: Backported to 3.16: adjust context] Signed-off-by: Ben Hutchings --- arch/arm/include/asm/kvm_arm.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) --- a/arch/arm/include/asm/kvm_arm.h +++ b/arch/arm/include/asm/kvm_arm.h @@ -161,8 +161,7 @@ #else #define VTTBR_X (5 - KVM_T0SZ) #endif -#define VTTBR_BADDR_SHIFT (VTTBR_X - 1) -#define VTTBR_BADDR_MASK (((1LLU << (40 - VTTBR_X)) - 1) << VTTBR_BADDR_SHIFT) +#define VTTBR_BADDR_MASK (((1LLU << (40 - VTTBR_X)) - 1) << VTTBR_X) #define VTTBR_VMID_SHIFT (48LLU) #define VTTBR_VMID_MASK (0xffLLU << VTTBR_VMID_SHIFT)