lguest: fix BUG_ON() in invalid guest page table.

If we discover the entry is invalid, we kill the guest, but we must avoid calling gpte_addr() on the invalid pmd, otherwise: kernel BUG at drivers/lguest/page_tables.c:157! Signed-off-by: N Rusty Russell <rusty@rustcorp.com.au>

lguest: fix BUG_ON() in invalid guest page table.
If we discover the entry is invalid, we kill the guest, but we must avoid calling gpte_addr() on the invalid pmd, otherwise: kernel BUG at drivers/lguest/page_tables.c:157! Signed-off-by: N Rusty Russell <rusty@rustcorp.com.au>
4623c28e · Rusty Russell · 3b868a40 · 4623c28e
隐藏空白更改
内联并排

Showing with 3 addition and 1 deletion

drivers/lguest/page_tables.c drivers/lguest/page_tables.c +3 -1

未找到文件。
--- a/drivers/lguest/page_tables.c
+++ b/drivers/lguest/page_tables.c
@@ -669,8 +669,10 @@ unsigned long guest_pa(struct lg_cpu *cpu, unsigned long vaddr)

 #ifdef CONFIG_X86_PAE
 	gpmd = lgread(cpu, gpmd_addr(gpgd, vaddr), pmd_t);
-	if (!(pmd_flags(gpmd) & _PAGE_PRESENT))
+	if (!(pmd_flags(gpmd) & _PAGE_PRESENT)) {
 		kill_guest(cpu, "Bad address %#lx", vaddr);
+		return -1UL;
+	}
 	gpte = lgread(cpu, gpte_addr(cpu, gpmd, vaddr), pte_t);
 #else
 	gpte = lgread(cpu, gpte_addr(cpu, gpgd, vaddr), pte_t);