On 11/25/21 2:05 AM, Joerg Roedel wrote: > On Wed, Nov 24, 2021 at 09:48:14AM -0800, Dave Hansen wrote: >> That covers things like copy_from_user(). It does not account for >> things where kernel mappings are used, like where a >> get_user_pages()/kmap() is in play. > The kmap case is guarded by KVM code, which locks the page first so that > the guest can't change the page state, then checks the page state, and > if it is shared does the kmap and the access. > > This should turn an RMP fault in the kernel which is not covered in the > uaccess exception table into a fatal error. Let's say something does process_vm_readv() where the pid is a qemu process and it is writing to a guest private memory area. The syscall will eventually end up in process_vm_rw_single_vec() which does: > pinned_pages = pin_user_pages_remote(mm, pa, pinned_pages, > flags, process_pages, > NULL, &locked); ... > rc = process_vm_rw_pages(process_pages, > start_offset, bytes, iter, > vm_write); and eventually in copy_page_from_iter(): > void *kaddr = kmap_local_page(page); > size_t wanted = _copy_from_iter(kaddr + offset, bytes, i); > kunmap_local(kaddr); The kernel access to 'kaddr+offset' shouldn't fault. How does the KVM code thwart that kmap_local_page()?
