Excerpts from Fabiano Rosas's message of August 6, 2021 7:26 am: > Both paths into __kvmhv_copy_tofrom_guest_radix ensure that we arrive > with an effective address that is smaller than our total addressable > space and addresses quadrant 0. > > - The H_COPY_TOFROM_GUEST hypercall path rejects the call with > H_PARAMETER if the effective address has any of the twelve most > significant bits set. > > - The kvmhv_copy_tofrom_guest_radix path clears the top twelve bits > before calling the internal function. > > Although the callers make sure that the effective address is sane, any > future use of the function is exposed to a programming error, so add a > sanity check. We possibly should put these into #defines in radix pgtable headers somewhere but KVM already open codes them so this is good for now. Reviewed-by: Nicholas Piggin <npiggin@xxxxxxxxx> > > Suggested-by: Nicholas Piggin <npiggin@xxxxxxxxx> > Signed-off-by: Fabiano Rosas <farosas@xxxxxxxxxxxxx> > --- > arch/powerpc/kvm/book3s_64_mmu_radix.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/arch/powerpc/kvm/book3s_64_mmu_radix.c b/arch/powerpc/kvm/book3s_64_mmu_radix.c > index 44eb7b1ef289..1b1c9e9e539b 100644 > --- a/arch/powerpc/kvm/book3s_64_mmu_radix.c > +++ b/arch/powerpc/kvm/book3s_64_mmu_radix.c > @@ -44,6 +44,9 @@ unsigned long __kvmhv_copy_tofrom_guest_radix(int lpid, int pid, > (to != NULL) ? __pa(to): 0, > (from != NULL) ? __pa(from): 0, n); > > + if (eaddr & (0xFFFUL << 52)) > + return ret; > + > quadrant = 1; > if (!pid) > quadrant = 2; > -- > 2.29.2 > >
