Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp312593ybb; Tue, 7 Apr 2020 23:44:21 -0700 (PDT) X-Google-Smtp-Source: APiQypInk6cQJBXpvuGxwFf3JubFQSXWfs+dct/Ni/9abSD7zbmY8eLvaJhpN1uhzT9Kn9ns5dsG X-Received: by 2002:a05:6830:4008:: with SMTP id h8mr4726409ots.295.1586328261206; Tue, 07 Apr 2020 23:44:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1586328261; cv=none; d=google.com; s=arc-20160816; b=m58lGFUSo7o71nJrrOToXX+UAlltw5YUjuZKGGtGseOMbtjY69DIV9XZ8lKdy+qkzn W9HuTxwMRQ8/FTl7pRYNl7NntTKpj4lJo19q/2GKkSGn7LH/WMeJLvdwW2FYMss9twd/ FXMcP3IXFA/b+zJq2h1CEOP9XhAfbK4Mmp0ABlAq6QdCrozYtJ2w+UK8xf3X5UTtH/eg E2o7dg0wq5zYgqP/9Mu2eYDVnVSoGcQcxg2L7bpfsx6QaA4lAmnDqMJ7YZi6AH2tUoHo 9laLnJ9Ts59XkPQXr5xNJIb/tWyzU8+cOmu4c9ImRYm2Vil4bC+xo4TfZB8jFc2Xxv5V 5HHQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :ironport-sdr:ironport-sdr; bh=OyhZNdvBwxuxrr+loYtLNzcc3Gkc0wZUhL0fWAxv+Hc=; b=Sv04qGzc3R/jk1G4L62VauuluGETtJEpwYYhM8XNHnybY7J4X5ji3BoS2mgjnKlUye BYvJG8eS3J0t9pomA+PS0rnS1v8THDhrYNtqz6BrazYSUEiAapaufjRGRoyf9Nqn4+1S F1u9hjabsTKY1ruXkyV6Wx4LBMXqBJ9f+4rm4Zc27hTNTsOOYF4rq6V7CnAcrhmGfxWx VnCTHUGrbDNKKp0h/o7vA/rjDFXkaxwQpQmy32FHBfYSw1vDrp2yAnlgSRxnCYC3S2qG uCvWzTRuLAcI7tj3cSbnD2NBTV+vg1thx5dDHoVgVpDCnY+PRVhRkSXeoFD7T2O6vQ0Q tnDQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t19si2256219otq.0.2020.04.07.23.44.05; Tue, 07 Apr 2020 23:44:21 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726663AbgDHGlJ (ORCPT + 99 others); Wed, 8 Apr 2020 02:41:09 -0400 Received: from mga11.intel.com ([192.55.52.93]:58629 "EHLO mga11.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726591AbgDHGlB (ORCPT ); Wed, 8 Apr 2020 02:41:01 -0400 IronPort-SDR: b0kAEnnDh1eZ8dI2ucSKQT5OkoPuUXoB4rzSuz6/7M46054ogwz6zCMSY7HtOqeda+QacNfZv2 4V1rLohnSRmg== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga007.jf.intel.com ([10.7.209.58]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Apr 2020 23:41:00 -0700 IronPort-SDR: halR6uMpyjoM49Qdt0aAPJ7n+zzxMn4iZIouZHew+0mina4slQBcG5vQzt2/IzvFA3YdG3ct/1 oc+fArWvMMcg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.72,357,1580803200"; d="scan'208";a="240207988" Received: from sjchrist-coffee.jf.intel.com ([10.54.74.202]) by orsmga007.jf.intel.com with ESMTP; 07 Apr 2020 23:40:59 -0700 From: Sean Christopherson To: Christian Borntraeger , Janosch Frank , Paolo Bonzini Cc: David Hildenbrand , Cornelia Huck , kvm@vger.kernel.org, linux-kernel@vger.kernel.org, syzbot+d889b59b2bb87d4047a2@syzkaller.appspotmail.com Subject: [PATCH 2/2] KVM: s390: Return last valid slot if approx index is out-of-bounds Date: Tue, 7 Apr 2020 23:40:59 -0700 Message-Id: <20200408064059.8957-3-sean.j.christopherson@intel.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20200408064059.8957-1-sean.j.christopherson@intel.com> References: <20200408064059.8957-1-sean.j.christopherson@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Return the index of the last valid slot from gfn_to_memslot_approx() if its binary search loop yielded an out-of-bounds index. The index can be out-of-bounds if the specified gfn is less than the base of the lowest memslot (which is also the last valid memslot). Note, the sole caller, kvm_s390_get_cmma(), ensures used_slots is non-zero. Fixes: afdad61615cc3 ("KVM: s390: Fix storage attributes migration with memory slots") Signed-off-by: Sean Christopherson --- arch/s390/kvm/kvm-s390.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c index 19a81024fe16..5dcf9ff12828 100644 --- a/arch/s390/kvm/kvm-s390.c +++ b/arch/s390/kvm/kvm-s390.c @@ -1939,6 +1939,9 @@ static int gfn_to_memslot_approx(struct kvm_memslots *slots, gfn_t gfn) start = slot + 1; } + if (start >= slots->used_slots) + return slots->used_slots - 1; + if (gfn >= memslots[start].base_gfn && gfn < memslots[start].base_gfn + memslots[start].npages) { atomic_set(&slots->lru_slot, start); -- 2.24.1