Bug 208168

Summary: Bad KASSERT in vmm.c vm_gpa_hold()
Product: Base System Reporter: Dave Cameron (puddingpimp) <daverabbitz>
Component: kernAssignee: John Baldwin <jhb>
Status: Closed FIXED    
Severity: Affects Only Me CC: grehan, jhb
Priority: --- Keywords: patch
Version: CURRENTFlags: jhb: mfc-stable11?
jhb: mfc-stable10?
Hardware: amd64   
OS: Any   
Attachments:
Description Flags
Patch as attachment none

Description Dave Cameron (puddingpimp) 2016-03-21 00:05:42 UTC 
The KASSERT in this function is always true for positive values of vcpuid, it looks like it is intended to check vcpuid is in the range -1 to VM_MAXCPU.

Here is a patch to make it right:

diff --git a/sys/amd64/vmm/vmm.c b/sys/amd64/vmm/vmm.c
index cb04f3c..ebd6360 100644
--- a/sys/amd64/vmm/vmm.c
+++ b/sys/amd64/vmm/vmm.c
@@ -914,7 +914,7 @@ vm_gpa_hold(struct vm *vm, int vcpuid, vm_paddr_t gpa, size_t len, int reqprot,
         * guaranteed if at least one vcpu is in the VCPU_FROZEN state.
         */
        int state;
-       KASSERT(vcpuid >= -1 || vcpuid < VM_MAXCPU, ("%s: invalid vcpuid %d",
+       KASSERT(vcpuid >= -1 && vcpuid < VM_MAXCPU, ("%s: invalid vcpuid %d",
            __func__, vcpuid));
        for (i = 0; i < VM_MAXCPU; i++) {
                if (vcpuid != -1 && vcpuid != i)
Comment 1 Dave Cameron (puddingpimp) 2016-03-21 00:06:30 UTC 
Created attachment 168441 [details]
Patch as attachment
Comment 2 John Baldwin freebsd_committer freebsd_triage 2016-08-02 20:10:09 UTC 
Adding Peter so he can review the patch.
Comment 3 Peter Grehan freebsd_committer freebsd_triage 2016-08-03 05:21:36 UTC 
Looks fine.
Comment 4 commit-hook freebsd_committer freebsd_triage 2016-08-03 15:21:03 UTC 
A commit references this bug:

Author: jhb
Date: Wed Aug  3 15:20:10 UTC 2016
New revision: 303713
URL: https://svnweb.freebsd.org/changeset/base/303713

Log:
  Correct assertion on vcpuid argument to vm_gpa_hold().

  PR:		208168
  Submitted by:	Dave Cameron <daverabbitz@ihug.co.nz>
  Reviewed by:	grehan
  MFC after:	1 month

Changes:
  head/sys/amd64/vmm/vmm.c
Comment 5 John Baldwin freebsd_committer freebsd_triage 2016-08-03 15:21:43 UTC 
Committed to HEAD, thanks!
Comment 6 commit-hook freebsd_committer freebsd_triage 2016-09-09 20:30:44 UTC 
A commit references this bug:

Author: jhb
Date: Fri Sep  9 20:30:36 UTC 2016
New revision: 305673
URL: https://svnweb.freebsd.org/changeset/base/305673

Log:
  MFC 303713: Correct assertion on vcpuid argument to vm_gpa_hold().

  PR:		208168

Changes:
_U  stable/10/
  stable/10/sys/amd64/vmm/vmm.c
_U  stable/11/
  stable/11/sys/amd64/vmm/vmm.c