From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752743AbbIQJmU (ORCPT ); Thu, 17 Sep 2015 05:42:20 -0400 Received: from mx1.redhat.com ([209.132.183.28]:35487 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751800AbbIQJmS (ORCPT ); Thu, 17 Sep 2015 05:42:18 -0400 Subject: Re: [PATCH v8 03/13] KVM: Define a new interface kvm_intr_is_single_vcpu() To: "Wu, Feng" , "alex.williamson@redhat.com" , "joro@8bytes.org" , "mtosatti@redhat.com" References: <1442393409-2623-1-git-send-email-feng.wu@intel.com> <1442393409-2623-4-git-send-email-feng.wu@intel.com> <55F934F5.7040605@redhat.com> Cc: "eric.auger@linaro.org" , "kvm@vger.kernel.org" , "iommu@lists.linux-foundation.org" , "linux-kernel@vger.kernel.org" From: Paolo Bonzini Message-ID: <55FA8AED.6090700@redhat.com> Date: Thu, 17 Sep 2015 11:42:05 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 17/09/2015 05:17, Wu, Feng wrote: >>> > > + if (irq->dest_mode == APIC_DEST_PHYSICAL) { >>> > > + if (irq->dest_id == 0xFF) >>> > > + goto out; >>> > > + >>> > > + if (irq->dest_id >= ARRAY_SIZE(map->phys_map)) { >> > >> > Warning here is wrong, the guest can trigger it. > Could you please share more information about how the guest > triggers these conditions (including the following two), Thanks > a lot! irq->dest_id is a 16-bit value, so it can be > 255. > + if (!kvm_apic_logical_map_valid(map)) { > + WARN_ON_ONCE(1); Here, the guest can trigger it by setting a few APICs in flat mode and others in cluster mode, for example. > + if (cid >= ARRAY_SIZE(map->logical_map)) { > + WARN_ON_ONCE(1); In x2apic mode irq->dest_id could have bits 12..15 set. Paolo