Re: [PATCH v6 7/8] KVM: Enable and expose KVM_MEM_PRIVATE
From: Chao Peng
Date: Fri Jun 24 2022 - 04:47:19 EST
On Thu, Jun 23, 2022 at 05:07:51PM -0500, Michael Roth wrote:
...
> > diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
> > index db9d39a2d3a6..f93ac7cdfb53 100644
> > --- a/virt/kvm/kvm_main.c
> > +++ b/virt/kvm/kvm_main.c
> > @@ -843,6 +843,73 @@ static int kvm_init_mmu_notifier(struct kvm *kvm)
> >
> > #endif /* CONFIG_MMU_NOTIFIER && KVM_ARCH_WANT_MMU_NOTIFIER */
> >
> > +#ifdef CONFIG_HAVE_KVM_PRIVATE_MEM
> > +static void kvm_private_mem_notifier_handler(struct memfile_notifier *notifier,
> > + pgoff_t start, pgoff_t end)
> > +{
> > + int idx;
> > + struct kvm_memory_slot *slot = container_of(notifier,
> > + struct kvm_memory_slot,
> > + notifier);
> > + struct kvm_gfn_range gfn_range = {
> > + .slot = slot,
> > + .start = start - (slot->private_offset >> PAGE_SHIFT),
> > + .end = end - (slot->private_offset >> PAGE_SHIFT),
>
> This code assumes that 'end' is greater than slot->private_offset, but
> even if slot->private_offset is non-zero, nothing stops userspace from
> allocating pages in the range of 0 through slot->private_offset, which
> will still end up triggering this notifier. In that case gfn_range.end
> will end up going negative, and the below code will limit that to
> slot->npages and do a populate/invalidate for the entire range.
>
> Not sure if this covers all the cases, but this fixes the issue for me:
Right, already noticed this issue, will fix in next version. Thanks.
>
> diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
> index 903ffdb5f01c..4c744d8f7527 100644
> --- a/virt/kvm/kvm_main.c
> +++ b/virt/kvm/kvm_main.c
> @@ -872,6 +872,19 @@ static void kvm_private_mem_notifier_handler(struct memfile_notifier *notifier,
> .may_block = true,
> };
>
> struct kvm *kvm = slot->kvm;
> +
> + if (slot->private_offset > end)
> + return;
> +
>