On Wed, Oct 21, 2020 at 06:50:28PM +0000, Edgecombe, Rick P wrote:
> On Tue, 2020-10-20 at 09:18 +0300, Kirill A. Shutemov wrote:
> > @@ -467,7 +477,7 @@ void iounmap(volatile void __iomem *addr)
> > p = find_vm_area((void __force *)addr);
> >
> > if (!p) {
> > - printk(KERN_ERR "iounmap: bad address %p\n", addr);
> > + printk(KERN_ERR "iounmap: bad address %px\n", addr);
>
> Unintentional?
Yep. Will fix.
> > @@ -2162,15 +2178,20 @@ static int __kvm_map_gfn(struct kvm_memslots
> > *slots, gfn_t gfn,
> > kvm_cache_gfn_to_pfn(slot, gfn, cache, gen);
> > }
> > pfn = cache->pfn;
> > + protected = cache->protected;
> > } else {
> > if (atomic)
> > return -EAGAIN;
> > - pfn = gfn_to_pfn_memslot(slot, gfn);
> > + pfn = gfn_to_pfn_memslot_protected(slot, gfn,
> > &protected);
> > }
> > if (is_error_noslot_pfn(pfn))
> > return -EINVAL;
> >
> > - if (pfn_valid(pfn)) {
> > + if (protected) {
> > + if (atomic)
> > + return -EAGAIN;
> > + hva = ioremap_cache_force(pfn_to_hpa(pfn), PAGE_SIZE);
> > + } else if (pfn_valid(pfn)) {
> > page = pfn_to_page(pfn);
> > if (atomic)
> > hva = kmap_atomic(page);
>
> I think the page could have got unmapped since the gup via the
> hypercall on another CPU. It could be an avenue for the guest to crash
> the host.
Hm.. I'm not sure I follow. Could you elaborate on what scenario you have
in mind?
--
Kirill A. Shutemov
