Commit 1de9992f authored Sep 06, 2023 by Li zeming Committed by Sean Christopherson Oct 18, 2023

KVM: x86/mmu: Remove unnecessary ‘NULL’ values from sptep



Don't initialize "spte" and "sptep" in fast_page_fault() as they are both
guaranteed (for all intents and purposes) to be written at the start of
every loop iteration.  Add a sanity check that "sptep" is non-NULL after
walking the shadow page tables, as encountering a NULL root would result
in "spte" not being written, i.e. would lead to uninitialized data or the
previous value being consumed.

Signed-off-by: Li zeming <zeming@nfschina.com>
Link: https://lore.kernel.org/r/20230905182006.2964-1-zeming@nfschina.com


[sean: rewrite changelog with --verbose]
Signed-off-by: Sean Christopherson <seanjc@google.com>

parent c9f65a3f

arch/x86/kvm/mmu/mmu.c

+10 −2

Original line number	Diff line number	Diff line
		@@ -3425,8 +3425,8 @@ static int fast_page_fault(struct kvm_vcpu vcpu, struct kvm_page_fault fault)
		{
		struct kvm_mmu_page *sp;
		int ret = RET_PF_INVALID;
		u64 spte = 0ull;
		u64 *sptep = NULL;
		u64 spte;
		u64 *sptep;
		uint retry_count = 0;

		if (!page_fault_can_be_fast(fault))
		@@ -3442,6 +3442,14 @@ static int fast_page_fault(struct kvm_vcpu vcpu, struct kvm_page_fault fault)
		else
		sptep = fast_pf_get_last_sptep(vcpu, fault->addr, &spte);

		/*
		* It's entirely possible for the mapping to have been zapped
		* by a different task, but the root page should always be
		* available as the vCPU holds a reference to its root(s).
		*/
		if (WARN_ON_ONCE(!sptep))
		spte = REMOVED_SPTE;

		if (!is_shadow_present_pte(spte))
		break;