tree:   https://kernel.googlesource.com/pub/scm/linux/kernel/git/mst/vhost.git linux-next
head:   f2c4b499aecc0c5a1ec67f3a2a7310cb7168a8ab
commit: 4c145987a955269da79312a79ec26638712644bb [8/9] vhost: block speculation of translated descriptors
config: mips-malta_kvm_defconfig (attached as .config)
compiler: mipsel-linux-gcc (GCC) 7.4.0
reproduce:
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        git checkout 4c145987a955269da79312a79ec26638712644bb
        # save the attached .config to linux build tree
        GCC_VERSION=7.4.0 make.cross ARCH=mips 

If you fix the issue, kindly add following tag
Reported-by: kbuild test robot <lkp@intel.com>

All error/warnings (new ones prefixed by >>):

   In file included from include/linux/kernel.h:11:0,
                    from include/linux/list.h:9,
                    from include/linux/wait.h:7,
                    from include/linux/eventfd.h:13,
                    from drivers/vhost/vhost.c:13:
   drivers/vhost/vhost.c: In function 'translate_desc':
>> include/linux/compiler.h:350:38: error: call to '__compiletime_assert_2077' declared with attribute error: BUILD_BUG_ON failed: sizeof(_s) > sizeof(long)
     _compiletime_assert(condition, msg, __compiletime_assert_, __LINE__)
                                         ^
   include/linux/compiler.h:331:4: note: in definition of macro '__compiletime_assert'
       prefix ## suffix();    \
       ^~~~~~
   include/linux/compiler.h:350:2: note: in expansion of macro '_compiletime_assert'
     _compiletime_assert(condition, msg, __compiletime_assert_, __LINE__)
     ^~~~~~~~~~~~~~~~~~~
   include/linux/build_bug.h:39:37: note: in expansion of macro 'compiletime_assert'
    #define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg)
                                        ^~~~~~~~~~~~~~~~~~
   include/linux/build_bug.h:50:2: note: in expansion of macro 'BUILD_BUG_ON_MSG'
     BUILD_BUG_ON_MSG(condition, "BUILD_BUG_ON failed: " #condition)
     ^~~~~~~~~~~~~~~~
>> include/linux/nospec.h:55:2: note: in expansion of macro 'BUILD_BUG_ON'
     BUILD_BUG_ON(sizeof(_i) > sizeof(long));   \
     ^~~~~~~~~~~~
>> drivers/vhost/vhost.c:2076:5: note: in expansion of macro 'array_index_nospec'
        array_index_nospec(addr - node->start,
        ^~~~~~~~~~~~~~~~~~
>> include/linux/compiler.h:350:38: error: call to '__compiletime_assert_2077' declared with attribute error: BUILD_BUG_ON failed: sizeof(_s) > sizeof(long)
     _compiletime_assert(condition, msg, __compiletime_assert_, __LINE__)
                                         ^
   include/linux/compiler.h:331:4: note: in definition of macro '__compiletime_assert'
       prefix ## suffix();    \
       ^~~~~~
   include/linux/compiler.h:350:2: note: in expansion of macro '_compiletime_assert'
     _compiletime_assert(condition, msg, __compiletime_assert_, __LINE__)
     ^~~~~~~~~~~~~~~~~~~
   include/linux/build_bug.h:39:37: note: in expansion of macro 'compiletime_assert'
    #define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg)
                                        ^~~~~~~~~~~~~~~~~~
   include/linux/build_bug.h:50:2: note: in expansion of macro 'BUILD_BUG_ON_MSG'
     BUILD_BUG_ON_MSG(condition, "BUILD_BUG_ON failed: " #condition)
     ^~~~~~~~~~~~~~~~
   include/linux/nospec.h:56:2: note: in expansion of macro 'BUILD_BUG_ON'
     BUILD_BUG_ON(sizeof(_s) > sizeof(long));   \
     ^~~~~~~~~~~~
>> drivers/vhost/vhost.c:2076:5: note: in expansion of macro 'array_index_nospec'
        array_index_nospec(addr - node->start,
        ^~~~~~~~~~~~~~~~~~
--
   In file included from include/linux/kernel.h:11:0,
                    from include/linux/list.h:9,
                    from include/linux/wait.h:7,
                    from include/linux/eventfd.h:13,
                    from drivers//vhost/vhost.c:13:
   drivers//vhost/vhost.c: In function 'translate_desc':
>> include/linux/compiler.h:350:38: error: call to '__compiletime_assert_2077' declared with attribute error: BUILD_BUG_ON failed: sizeof(_s) > sizeof(long)
     _compiletime_assert(condition, msg, __compiletime_assert_, __LINE__)
                                         ^
   include/linux/compiler.h:331:4: note: in definition of macro '__compiletime_assert'
       prefix ## suffix();    \
       ^~~~~~
   include/linux/compiler.h:350:2: note: in expansion of macro '_compiletime_assert'
     _compiletime_assert(condition, msg, __compiletime_assert_, __LINE__)
     ^~~~~~~~~~~~~~~~~~~
   include/linux/build_bug.h:39:37: note: in expansion of macro 'compiletime_assert'
    #define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg)
                                        ^~~~~~~~~~~~~~~~~~
   include/linux/build_bug.h:50:2: note: in expansion of macro 'BUILD_BUG_ON_MSG'
     BUILD_BUG_ON_MSG(condition, "BUILD_BUG_ON failed: " #condition)
     ^~~~~~~~~~~~~~~~
>> include/linux/nospec.h:55:2: note: in expansion of macro 'BUILD_BUG_ON'
     BUILD_BUG_ON(sizeof(_i) > sizeof(long));   \
     ^~~~~~~~~~~~
   drivers//vhost/vhost.c:2076:5: note: in expansion of macro 'array_index_nospec'
        array_index_nospec(addr - node->start,
        ^~~~~~~~~~~~~~~~~~
>> include/linux/compiler.h:350:38: error: call to '__compiletime_assert_2077' declared with attribute error: BUILD_BUG_ON failed: sizeof(_s) > sizeof(long)
     _compiletime_assert(condition, msg, __compiletime_assert_, __LINE__)
                                         ^
   include/linux/compiler.h:331:4: note: in definition of macro '__compiletime_assert'
       prefix ## suffix();    \
       ^~~~~~
   include/linux/compiler.h:350:2: note: in expansion of macro '_compiletime_assert'
     _compiletime_assert(condition, msg, __compiletime_assert_, __LINE__)
     ^~~~~~~~~~~~~~~~~~~
   include/linux/build_bug.h:39:37: note: in expansion of macro 'compiletime_assert'
    #define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg)
                                        ^~~~~~~~~~~~~~~~~~
   include/linux/build_bug.h:50:2: note: in expansion of macro 'BUILD_BUG_ON_MSG'
     BUILD_BUG_ON_MSG(condition, "BUILD_BUG_ON failed: " #condition)
     ^~~~~~~~~~~~~~~~
   include/linux/nospec.h:56:2: note: in expansion of macro 'BUILD_BUG_ON'
     BUILD_BUG_ON(sizeof(_s) > sizeof(long));   \
     ^~~~~~~~~~~~
   drivers//vhost/vhost.c:2076:5: note: in expansion of macro 'array_index_nospec'
        array_index_nospec(addr - node->start,
        ^~~~~~~~~~~~~~~~~~

vim +/array_index_nospec +2076 drivers/vhost/vhost.c

  2039	
  2040	static int translate_desc(struct vhost_virtqueue *vq, u64 addr, u32 len,
  2041				  struct iovec iov[], int iov_size, int access)
  2042	{
  2043		const struct vhost_umem_node *node;
  2044		struct vhost_dev *dev = vq->dev;
  2045		struct vhost_umem *umem = dev->iotlb ? dev->iotlb : dev->umem;
  2046		struct iovec *_iov;
  2047		u64 s = 0;
  2048		int ret = 0;
  2049	
  2050		while ((u64)len > s) {
  2051			u64 size;
  2052			if (unlikely(ret >= iov_size)) {
  2053				ret = -ENOBUFS;
  2054				break;
  2055			}
  2056	
  2057			node = vhost_umem_interval_tree_iter_first(&umem->umem_tree,
  2058								addr, addr + len - 1);
  2059			if (node == NULL || node->start > addr) {
  2060				if (umem != dev->iotlb) {
  2061					ret = -EFAULT;
  2062					break;
  2063				}
  2064				ret = -EAGAIN;
  2065				break;
  2066			} else if (!(node->perm & access)) {
  2067				ret = -EPERM;
  2068				break;
  2069			}
  2070	
  2071			_iov = iov + ret;
  2072			size = node->size - addr + node->start;
  2073			_iov->iov_len = min((u64)len - s, size);
  2074			_iov->iov_base = (void __user *)(unsigned long)
  2075				(node->userspace_addr +
> 2076				 array_index_nospec(addr - node->start,
  2077						    node->size));
  2078			s += size;
  2079			addr += size;
  2080			++ret;
  2081		}
  2082	
  2083		if (ret == -EAGAIN)
  2084			vhost_iotlb_miss(vq, addr, access);
  2085		return ret;
  2086	}
  2087	

---
0-DAY kernel test infrastructure                Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all                   Intel Corporation