From nobody Sun Feb 8 20:28:56 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 694F4EB64DD for ; Sat, 29 Jul 2023 00:54:33 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237321AbjG2Ayb (ORCPT ); Fri, 28 Jul 2023 20:54:31 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46094 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237145AbjG2Axe (ORCPT ); Fri, 28 Jul 2023 20:53:34 -0400 Received: from mail-pl1-x649.google.com (mail-pl1-x649.google.com [IPv6:2607:f8b0:4864:20::649]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8770D49F5 for ; Fri, 28 Jul 2023 17:53:08 -0700 (PDT) Received: by mail-pl1-x649.google.com with SMTP id d9443c01a7336-1bb982d2572so17350305ad.0 for ; Fri, 28 Jul 2023 17:53:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1690591929; x=1691196729; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=um0JUlmUESKdJimio+8DNUJWds66RsQougy5ghLTK+M=; b=r48oWTbmRTUWH3Z3twYcBmYDoGqgbAjjPqBmvui4nkkBegzbN6TfRQJYzbz5xJX0KK X9ZgKU6wFEwfylQNRownUXs6PJOB5Zz9LybqmE4Jq/UoiIhkKrzX5Dsf7A70vL1+afVG C4ifTpOrE/gja7r+0dRTQldVXd2mxVS+I4xcVPQgeGTjtGx0oky4JpuQpiVUt7s3EBid bPu5gqi8jKk1wp5vFmVU7LMTdXVrtPJ9Zbugk1qr8arQBbFqIvrye52e7QP0UQRIr+Rr NypmxslReFidTdyPqTe6dxxdhbgiOBtb20No55FnjNInlGL/tdCxerGILm33QsLb/W7A OUnw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690591929; x=1691196729; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=um0JUlmUESKdJimio+8DNUJWds66RsQougy5ghLTK+M=; b=Y7yKZ6C8EHTlRucTEmCwykvgRKPrWe+ZVKmulNQQu2fANVW1r33dy+7IEE59sk2aor FEjEMx3udQQlP+VHNrHlCtCLCQHHZkeoU492w31EBID+62bJM1UMnoTOp2d9gZsUUULV iRZzONmKJUuC7hR5bRv9pJ2JOwn0lV8cqJvaM+IvuNtTI3jAbKFdP8dJB0PCNAWwnhf+ DvJtiRfPgAat6TMPAylrKc9NCmJaLcuPY07+nHyAiNoxhgGNL0G8pzBBrZ/aP0zhkXWv i+kmnxwZzWdHZr83OJ828YvktAl2eyheBCVYgY4I/1HhY2Gfh5vMIJ84r/QiuIBE5EAT i45g== X-Gm-Message-State: ABy/qLbQ6mhpSEgusxtle6ZZ4PNebiKB+U6NSot4OhxnaeLq1v6mKQCm sj/grqO7/daFO/6ogIUmILnxxvq4o/g= X-Google-Smtp-Source: APBJJlHaCnyOvaOuQmYbyQ9la+ROl01FCWEIQ8XPUaxuc9zsIiTRf8wHa71yILd6Ha7nYIjT40QJatljl9w= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a17:902:c951:b0:1ae:6895:cb96 with SMTP id i17-20020a170902c95100b001ae6895cb96mr13176pla.5.1690591929667; Fri, 28 Jul 2023 17:52:09 -0700 (PDT) Reply-To: Sean Christopherson Date: Fri, 28 Jul 2023 17:51:59 -0700 In-Reply-To: <20230729005200.1057358-1-seanjc@google.com> Mime-Version: 1.0 References: <20230729005200.1057358-1-seanjc@google.com> X-Mailer: git-send-email 2.41.0.487.g6d72f3e995-goog Message-ID: <20230729005200.1057358-5-seanjc@google.com> Subject: [PATCH v2 4/5] KVM: x86/mmu: Disallow guest from using !visible slots for page tables From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Yu Zhang , Reima Ishii Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Explicitly inject a page fault if guest attempts to use a !visible gfn as a page table. kvm_vcpu_gfn_to_hva_prot() will naturally handle the case where there is no memslot, but doesn't catch the scenario where the gfn points at a KVM-internal memslot. Letting the guest backdoor its way into accessing KVM-internal memslots isn't dangerous on its own, e.g. at worst the guest can crash itself, but disallowing the behavior will simplify fixing how KVM handles !visible guest root gfns (immediately synthesizing a triple fault when loading the root is architecturally wrong). Signed-off-by: Sean Christopherson --- arch/x86/kvm/mmu/paging_tmpl.h | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/mmu/paging_tmpl.h b/arch/x86/kvm/mmu/paging_tmpl.h index 0662e0278e70..122bfc0124d3 100644 --- a/arch/x86/kvm/mmu/paging_tmpl.h +++ b/arch/x86/kvm/mmu/paging_tmpl.h @@ -351,6 +351,7 @@ static int FNAME(walk_addr_generic)(struct guest_walker= *walker, ++walker->level; =20 do { + struct kvm_memory_slot *slot; unsigned long host_addr; =20 pt_access =3D pte_access; @@ -381,7 +382,11 @@ static int FNAME(walk_addr_generic)(struct guest_walke= r *walker, if (unlikely(real_gpa =3D=3D INVALID_GPA)) return 0; =20 - host_addr =3D kvm_vcpu_gfn_to_hva_prot(vcpu, gpa_to_gfn(real_gpa), + slot =3D kvm_vcpu_gfn_to_memslot(vcpu, gpa_to_gfn(real_gpa)); + if (!kvm_is_visible_memslot(slot)) + goto error; + + host_addr =3D gfn_to_hva_memslot_prot(slot, gpa_to_gfn(real_gpa), &walker->pte_writable[walker->level - 1]); if (unlikely(kvm_is_error_hva(host_addr))) goto error; --=20 2.41.0.487.g6d72f3e995-goog