--- /dev/null
+From 5553b142be11e794ebc0805950b2e8313f93d718 Mon Sep 17 00:00:00 2001
+From: Marc Zyngier <marc.zyngier@arm.com>
+Date: Thu, 16 Nov 2017 17:58:21 +0000
+Subject: arm: KVM: Fix VTTBR_BADDR_MASK BUG_ON off-by-one
+
+From: Marc Zyngier <marc.zyngier@arm.com>
+
+commit 5553b142be11e794ebc0805950b2e8313f93d718 upstream.
+
+VTTBR_BADDR_MASK is used to sanity check the size and alignment of the
+VTTBR address. It seems to currently be off by one, thereby only
+allowing up to 39-bit addresses (instead of 40-bit) and also
+insufficiently checking the alignment. This patch fixes it.
+
+This patch is the 32bit pendent of Kristina's arm64 fix, and
+she deserves the actual kudos for pinpointing that one.
+
+Fixes: f7ed45be3ba52 ("KVM: ARM: World-switch implementation")
+Cc: <stable@vger.kernel.org> # 3.9
+Reported-by: Kristina Martsenko <kristina.martsenko@arm.com>
+Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
+Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
+Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm/include/asm/kvm_arm.h | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+--- a/arch/arm/include/asm/kvm_arm.h
++++ b/arch/arm/include/asm/kvm_arm.h
+@@ -161,8 +161,7 @@
+ #else
+ #define VTTBR_X (5 - KVM_T0SZ)
+ #endif
+-#define VTTBR_BADDR_SHIFT (VTTBR_X - 1)
+-#define VTTBR_BADDR_MASK (((1LLU << (40 - VTTBR_X)) - 1) << VTTBR_BADDR_SHIFT)
++#define VTTBR_BADDR_MASK (((1LLU << (40 - VTTBR_X)) - 1) << VTTBR_X)
+ #define VTTBR_VMID_SHIFT (48LLU)
+ #define VTTBR_VMID_MASK (0xffLLU << VTTBR_VMID_SHIFT)
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
