KVM: x86: take as_id into account when checking PGD

vittyvk · Somasundaram Krishnasamy · commit fce1243e1f47 · 2020-09-02T13:28:45.000-07:00
OVMF booted guest running on shadow pages crashes on TRIPLE FAULT after enabling paging from SMM. The crash is triggered from mmu_check_root() and is caused by kvm_is_visible_gfn() searching through memslots with as_id = 0 while vCPU may be in a different context (address space). Introduce kvm_vcpu_is_visible_gfn() and use it from mmu_check_root(). Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com> Message-Id: <20200708140023.1476020-1-vkuznets@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> (cherry picked from commit 995decb) Orabug: 31722725 Conflicts: arch/x86/kvm/mmu/mmu.c (file split out later from arch/x86/kvm/mmu.c) Signed-off-by: Maciej S. Szmigiero <maciej.szmigiero@oracle.com> Reviewed-by: Mihai Carabas <mihai.carabas@oracle.com> Signed-off-by: Somasundaram Krishnasamy <somasundaram.krishnasamy@oracle.com>
diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
@@ -3710,7 +3710,7 @@ static int mmu_check_root(struct kvm_vcpu *vcpu, gfn_t root_gfn)
 {
 	int ret = 0;
 
-	if (!kvm_is_visible_gfn(vcpu->kvm, root_gfn)) {
+	if (!kvm_vcpu_is_visible_gfn(vcpu, root_gfn)) {
 		kvm_make_request(KVM_REQ_TRIPLE_FAULT, vcpu);
 		ret = 1;
 	}
diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
@@ -734,6 +734,7 @@ int kvm_clear_guest_page(struct kvm *kvm, gfn_t gfn, int offset, int len);
 int kvm_clear_guest(struct kvm *kvm, gpa_t gpa, unsigned long len);
 struct kvm_memory_slot *gfn_to_memslot(struct kvm *kvm, gfn_t gfn);
 bool kvm_is_visible_gfn(struct kvm *kvm, gfn_t gfn);
+bool kvm_vcpu_is_visible_gfn(struct kvm_vcpu *vcpu, gfn_t gfn);
 unsigned long kvm_host_page_size(struct kvm_vcpu *vcpu, gfn_t gfn);
 void mark_page_dirty(struct kvm *kvm, gfn_t gfn);
 
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
@@ -1382,6 +1382,14 @@ bool kvm_is_visible_gfn(struct kvm *kvm, gfn_t gfn)
 }
 EXPORT_SYMBOL_GPL(kvm_is_visible_gfn);
 
+bool kvm_vcpu_is_visible_gfn(struct kvm_vcpu *vcpu, gfn_t gfn)
+{
+	struct kvm_memory_slot *memslot = kvm_vcpu_gfn_to_memslot(vcpu, gfn);
+
+	return kvm_is_visible_memslot(memslot);
+}
+EXPORT_SYMBOL_GPL(kvm_vcpu_is_visible_gfn);
+
 unsigned long kvm_host_page_size(struct kvm_vcpu *vcpu, gfn_t gfn)
 {
 	struct vm_area_struct *vma;

Original file line number	Diff line number	Diff line change
`@@ -3710,7 +3710,7 @@ static int mmu_check_root(struct kvm_vcpu *vcpu, gfn_t root_gfn)`
`3710`	`3710`	`{`
`3711`	`3711`	`int ret = 0;`
`3712`	`3712`
`3713`		`- if (!kvm_is_visible_gfn(vcpu->kvm, root_gfn)) {`
	`3713`	`+ if (!kvm_vcpu_is_visible_gfn(vcpu, root_gfn)) {`
`3714`	`3714`	`kvm_make_request(KVM_REQ_TRIPLE_FAULT, vcpu);`
`3715`	`3715`	`ret = 1;`
`3716`	`3716`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1382,6 +1382,14 @@ bool kvm_is_visible_gfn(struct kvm *kvm, gfn_t gfn)`
`1382`	`1382`	`}`
`1383`	`1383`	`EXPORT_SYMBOL_GPL(kvm_is_visible_gfn);`
`1384`	`1384`
	`1385`	`+bool kvm_vcpu_is_visible_gfn(struct kvm_vcpu *vcpu, gfn_t gfn)`
	`1386`	`+{`
	`1387`	`+ struct kvm_memory_slot *memslot = kvm_vcpu_gfn_to_memslot(vcpu, gfn);`
	`1388`	`+`
	`1389`	`+ return kvm_is_visible_memslot(memslot);`
	`1390`	`+}`
	`1391`	`+EXPORT_SYMBOL_GPL(kvm_vcpu_is_visible_gfn);`
	`1392`	`+`
`1385`	`1393`	`unsigned long kvm_host_page_size(struct kvm_vcpu *vcpu, gfn_t gfn)`
`1386`	`1394`	`{`
`1387`	`1395`	`struct vm_area_struct *vma;`