All of lore.kernel.org
 help / color / mirror / Atom feed
From: Peter Fang <peter.fang@intel.com>
To: Yosry Ahmed <yosry@kernel.org>
Cc: Sean Christopherson <seanjc@google.com>,
	Paolo Bonzini <pbonzini@redhat.com>,
	Madhavan Srinivasan <maddy@linux.ibm.com>,
	"Nicholas Piggin" <npiggin@gmail.com>,
	Ritesh Harjani <ritesh.list@gmail.com>,
	"Michael Ellerman" <mpe@ellerman.id.au>,
	"Christophe Leroy (CS GROUP)" <chleroy@kernel.org>,
	Thomas Gleixner <tglx@kernel.org>, Ingo Molnar <mingo@redhat.com>,
	Borislav Petkov <bp@alien8.de>,
	Dave Hansen <dave.hansen@linux.intel.com>, <x86@kernel.org>,
	"H. Peter Anvin" <hpa@zytor.com>, <kvm@vger.kernel.org>,
	<linuxppc-dev@lists.ozlabs.org>, <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v2 3/3] KVM: Take gpa_t in kvm_vcpu_map[_readonly]()
Date: Thu, 23 Apr 2026 00:49:47 -0700	[thread overview]
Message-ID: <20260423074947.GA1733452@pedri> (raw)
In-Reply-To: <aekrJrSRoclZoBo9@google.com>

On Wed, Apr 22, 2026 at 08:19:45PM +0000, Yosry Ahmed wrote:
> > 
> > Anyways, back to the hardening.  We can do it with minimal additional churn.  After
> > patch 3 (passing a @gpa to __kvm_vcpu_map(), not a @gfn), do the below over a few
> > patches (completely untested).  This way the common case of mapping and accessing
> > an entire page Just Works, and flows like the PI descriptor handling don't have to
> > many provide the length (which also can be error prone).
> 
> Yeah probably this (maybe not in the same order):
> - Convert map->pfn to map->hpa.
> - Pass size to __kvm_vcpu_map() and do bounds checking.
> - Rename kvm_vcpu_map() and __kvm_vpcu_map() to kvm_vcpu_map_page() and
>   __kvm_vcpu_map_page().
> - Introduce kvm_vcpu_map_ptr() wrapper and simplify the nested PID call
>   site.
> 
> Generally looks good with a small nit/question below. Peter, would you
> be interested in extending the series to do this? If not, I can send a
> follow up on top of your series when it's hashed out.

Yep, I can extend the series into v3. Adding kvm_vcpu_map_ptr() and
renaming the original APIs make sense to me, and I want to check all the
call sites again to see if anything else can be improved. Thanks for the
discussion. The out-of-bounds issue was not something I had considered.

> 
> [..]

  parent reply	other threads:[~2026-04-23  7:49 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-04-08  0:11 [PATCH v2 0/3] KVM: Fix and clean up kvm_vcpu_map[_readonly]() usages Peter Fang
2026-04-08  0:11 ` [PATCH v2 1/3] KVM: Fix kvm_vcpu_map[_readonly]() function prototypes Peter Fang
2026-04-21 23:05   ` Yosry Ahmed
2026-04-08  0:11 ` [PATCH v2 2/3] KVM: Move page mapping/unmapping APIs in kvm_host.h Peter Fang
2026-04-21 23:06   ` Yosry Ahmed
2026-04-08  0:11 ` [PATCH v2 3/3] KVM: Take gpa_t in kvm_vcpu_map[_readonly]() Peter Fang
2026-04-21 23:08   ` Yosry Ahmed
2026-04-21 23:19     ` Sean Christopherson
2026-04-21 23:25       ` Yosry Ahmed
2026-04-21 23:29       ` Sean Christopherson
2026-04-21 23:41         ` Yosry Ahmed
2026-04-22  0:27           ` Sean Christopherson
2026-04-22 20:19             ` Yosry Ahmed
2026-04-22 20:34               ` Sean Christopherson
2026-04-22 21:44                 ` Yosry Ahmed
2026-04-22 22:17                   ` Sean Christopherson
2026-04-22 22:19                     ` Yosry Ahmed
2026-04-23  7:49               ` Peter Fang [this message]
2026-04-24  8:25   ` Gautam Menghani
2026-04-25  4:25     ` Peter Fang
2026-04-24 10:27 ` [PATCH v2 0/3] KVM: Fix and clean up kvm_vcpu_map[_readonly]() usages David Woodhouse
2026-04-27  8:05   ` Peter Fang
2026-05-04 17:59     ` Sean Christopherson
2026-05-07  8:18       ` Peter Fang
2026-05-13 17:33         ` Sean Christopherson

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260423074947.GA1733452@pedri \
    --to=peter.fang@intel.com \
    --cc=bp@alien8.de \
    --cc=chleroy@kernel.org \
    --cc=dave.hansen@linux.intel.com \
    --cc=hpa@zytor.com \
    --cc=kvm@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linuxppc-dev@lists.ozlabs.org \
    --cc=maddy@linux.ibm.com \
    --cc=mingo@redhat.com \
    --cc=mpe@ellerman.id.au \
    --cc=npiggin@gmail.com \
    --cc=pbonzini@redhat.com \
    --cc=ritesh.list@gmail.com \
    --cc=seanjc@google.com \
    --cc=tglx@kernel.org \
    --cc=x86@kernel.org \
    --cc=yosry@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.