Bug 208168 - Bad KASSERT in vmm.c vm_gpa_hold()
Summary: Bad KASSERT in vmm.c vm_gpa_hold()
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: CURRENT
Hardware: amd64 Any
: --- Affects Only Me
Assignee: John Baldwin
URL:
Keywords: patch
Depends on:
Blocks:
 
Reported: 2016-03-21 00:05 UTC by Dave Cameron (puddingpimp)
Modified: 2016-09-09 20:31 UTC (History)
2 users (show)

See Also:
jhb: mfc-stable11?
jhb: mfc-stable10?

Attachments
Patch as attachment (634 bytes, patch)
2016-03-21 00:06 UTC, Dave Cameron (puddingpimp) 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Dave Cameron (puddingpimp) 2016-03-21 00:05:42 UTC 
The KASSERT in this function is always true for positive values of vcpuid, it looks like it is intended to check vcpuid is in the range -1 to VM_MAXCPU.

Here is a patch to make it right:

diff --git a/sys/amd64/vmm/vmm.c b/sys/amd64/vmm/vmm.c
index cb04f3c..ebd6360 100644
--- a/sys/amd64/vmm/vmm.c
+++ b/sys/amd64/vmm/vmm.c
@@ -914,7 +914,7 @@ vm_gpa_hold(struct vm *vm, int vcpuid, vm_paddr_t gpa, size_t len, int reqprot,
         * guaranteed if at least one vcpu is in the VCPU_FROZEN state.
         */
        int state;
-       KASSERT(vcpuid >= -1 || vcpuid < VM_MAXCPU, ("%s: invalid vcpuid %d",
+       KASSERT(vcpuid >= -1 && vcpuid < VM_MAXCPU, ("%s: invalid vcpuid %d",
            __func__, vcpuid));
        for (i = 0; i < VM_MAXCPU; i++) {
                if (vcpuid != -1 && vcpuid != i)
Comment 1 Dave Cameron (puddingpimp) 2016-03-21 00:06:30 UTC 
Created attachment 168441 [details]
Patch as attachment
Comment 2 John Baldwin freebsd_committer freebsd_triage 2016-08-02 20:10:09 UTC 
Adding Peter so he can review the patch.
Comment 3 Peter Grehan freebsd_committer freebsd_triage 2016-08-03 05:21:36 UTC 
Looks fine.
Comment 4 commit-hook freebsd_committer freebsd_triage 2016-08-03 15:21:03 UTC 
A commit references this bug:

Author: jhb
Date: Wed Aug  3 15:20:10 UTC 2016
New revision: 303713
URL: https://svnweb.freebsd.org/changeset/base/303713

Log:
  Correct assertion on vcpuid argument to vm_gpa_hold().

  PR:		208168
  Submitted by:	Dave Cameron <daverabbitz@ihug.co.nz>
  Reviewed by:	grehan
  MFC after:	1 month

Changes:
  head/sys/amd64/vmm/vmm.c
Comment 5 John Baldwin freebsd_committer freebsd_triage 2016-08-03 15:21:43 UTC 
Committed to HEAD, thanks!
Comment 6 commit-hook freebsd_committer freebsd_triage 2016-09-09 20:30:44 UTC 
A commit references this bug:

Author: jhb
Date: Fri Sep  9 20:30:36 UTC 2016
New revision: 305673
URL: https://svnweb.freebsd.org/changeset/base/305673

Log:
  MFC 303713: Correct assertion on vcpuid argument to vm_gpa_hold().

  PR:		208168

Changes:
_U  stable/10/
  stable/10/sys/amd64/vmm/vmm.c
_U  stable/11/
  stable/11/sys/amd64/vmm/vmm.c