[Bug 208168] Bad KASSERT in vmm.c vm_gpa_hold()

[bugzilla...@freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=208168

Bug ID: 208168
Summary: Bad KASSERT in vmm.c vm_gpa_hold()
Product: Base System
Version: 11.0-CURRENT
Hardware: amd64
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: kern
Assignee: freebs...@FreeBSD.org
Reporter: daver...@ihug.co.nz
CC: freebs...@FreeBSD.org
CC: freebs...@FreeBSD.org

The KASSERT in this function is always true for positive values of vcpuid, it
looks like it is intended to check vcpuid is in the range -1 to VM_MAXCPU.

Here is a patch to make it right:

diff --git a/sys/amd64/vmm/vmm.c b/sys/amd64/vmm/vmm.c
index cb04f3c..ebd6360 100644
--- a/sys/amd64/vmm/vmm.c
+++ b/sys/amd64/vmm/vmm.c
@@ -914,7 +914,7 @@ vm_gpa_hold(struct vm *vm, int vcpuid, vm_paddr_t gpa,
size_t len, int reqprot,
* guaranteed if at least one vcpu is in the VCPU_FROZEN state.
*/
int state;
- KASSERT(vcpuid >= -1 || vcpuid < VM_MAXCPU, ("%s: invalid vcpuid %d",
+ KASSERT(vcpuid >= -1 && vcpuid < VM_MAXCPU, ("%s: invalid vcpuid %d",
__func__, vcpuid));
for (i = 0; i < VM_MAXCPU; i++) {
if (vcpuid != -1 && vcpuid != i)

--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
freebs...@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs...@freebsd.org"

[bugzilla...@freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=208168

--- Comment #1 from Dave Cameron (puddingpimp) <daver...@ihug.co.nz> ---
Created attachment 168441
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=168441&action=edit
Patch as attachment

[bugzilla...@freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=208168

Mark Linimon <lin...@FreeBSD.org> changed:

What |Removed |Added
----------------------------------------------------------------------------
Keywords| |patch

[bugzilla...@freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=208168

John Baldwin <j...@FreeBSD.org> changed:

What |Removed |Added
----------------------------------------------------------------------------
CC| |gre...@FreeBSD.org,
| |j...@FreeBSD.org

--- Comment #2 from John Baldwin <j...@FreeBSD.org> ---
Adding Peter so he can review the patch.

[bugzilla...@freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=208168

--- Comment #3 from Peter Grehan <gre...@FreeBSD.org> ---
Looks fine.

[bugzilla...@freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=208168

--- Comment #4 from commi...@freebsd.org ---
A commit references this bug:

Author: jhb
Date: Wed Aug 3 15:20:10 UTC 2016
New revision: 303713
URL: https://svnweb.freebsd.org/changeset/base/303713

Log:
Correct assertion on vcpuid argument to vm_gpa_hold().

PR: 208168
Submitted by: Dave Cameron <daver...@ihug.co.nz>
Reviewed by: grehan
MFC after: 1 month

Changes:
head/sys/amd64/vmm/vmm.c

[bugzilla...@freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=208168

John Baldwin <j...@FreeBSD.org> changed:

What |Removed |Added
----------------------------------------------------------------------------

Assignee|freebs...@FreeBSD.org |j...@FreeBSD.org
Status|New |In Progress
Flags| |mfc-stable10?,
| |mfc-stable11?

--- Comment #5 from John Baldwin <j...@FreeBSD.org> ---
Committed to HEAD, thanks!