On 21/01/20 16:56, Sean Christopherson wrote: > This code also needs to be tested by doing unrestricted_guest=0 when > loading kvm_intel, because it's obviously broken. ... as I had just found out after starting tests on kvm/queue. Unqueued this patch. Paolo > __x86_set_memory_region() > takes an "unsigned long *", interpreted as a "pointer to a usersepace > address", i.e. a "void __user **". But the callers are treating the param > as a "unsigned long in userpace", e.g. init_rmode_identity_map() declares > uaddr as an "unsigned long *", when really it should be declaring a > straight "unsigned long" and passing "&uaddr". The only thing that saves > KVM from dereferencing a bad pointer in __x86_set_memory_region() is that > uaddr is initialized to NULL
