Kernel KVM virtualization development
 help / color / mirror / Atom feed
From: sashiko-bot@kernel.org
To: "Amit Machhiwal" <amachhiw@linux.ibm.com>
Cc: kvm@vger.kernel.org
Subject: Re: [PATCH v5 2/4] KVM: PPC: Book3S HV: Implement compat CPU capability retrieval for KVM on PowerVM
Date: Wed, 01 Jul 2026 05:26:25 +0000	[thread overview]
Message-ID: <20260701052625.E40ED1F00A3A@smtp.kernel.org> (raw)
In-Reply-To: <20260701051409.51820-3-amachhiw@linux.ibm.com>

Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:
- [High] An unprivileged host-userspace process can trigger a kernel WARN_ON_ONCE by invoking the KVM_PPC_GET_COMPAT_CAPS ioctl when the L0 hypervisor reports zero nested capabilities.
--

commit 6f57063ca19824c71191d87b7d5e423ad8ddc900
Author: Amit Machhiwal <amachhiw@linux.ibm.com>

KVM: PPC: Book3S HV: Implement compat CPU capability retrieval for KVM on PowerVM

This commit adds support for retrieving host CPU compatibility capabilities
for nested guests on PowerVM. It exposes these capabilities to userspace
via the KVM_PPC_GET_COMPAT_CAPS ioctl, leveraging a cached value populated
during module initialization to avoid repeated hcalls.

> diff --git a/arch/powerpc/kvm/book3s_hv.c b/arch/powerpc/kvm/book3s_hv.c
> index 61dbeea317f3b..8799124b80960 100644
> --- a/arch/powerpc/kvm/book3s_hv.c
> +++ b/arch/powerpc/kvm/book3s_hv.c
[ ... ]
> @@ -6510,6 +6510,25 @@ static bool kvmppc_hash_v3_possible(void)
>  	return true;
>  }
>  
> +
> +static int kvmppc_get_compat_caps(struct kvm_ppc_compat_caps *host_caps)
> +{
> +	unsigned long capabilities = 0;
> +	long rc = -EINVAL;
> +
> +	if (kvmhv_on_pseries()) {
> +		if (kvmhv_is_nestedv2()) {
> +			WARN_ON_ONCE(!nested_capabilities);

[Severity: High]
Could this WARN_ON_ONCE be triggered by an unprivileged host-userspace
process?

If the L0 hypervisor reports no recognized capabilities during module
initialization, nested_capabilities is set to 0. A user process with access
to /dev/kvm could then create a VM and invoke the KVM_PPC_GET_COMPAT_CAPS
ioctl, directly evaluating this condition.

Since a userspace-reachable WARN_ON_ONCE can act as a local denial of
service by flooding dmesg or crashing the host if panic_on_warn is enabled,
would it be safer to return an error to userspace or log via pr_warn_once()
instead of asserting?

> +			capabilities = nested_capabilities;
> +			rc = 0;
> +		}
> +	}
> +
> +	host_caps->compat_capabilities = capabilities & KVM_PPC_COMPAT_BITMASK;
> +
> +	return rc;
> +}

-- 
Sashiko AI review · https://sashiko.dev/#/patchset/20260701051409.51820-1-amachhiw@linux.ibm.com?part=2

  reply	other threads:[~2026-07-01  5:26 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-07-01  5:14 [PATCH v5 0/4] KVM: PPC: Expose CPU compatibility modes for nested guests Amit Machhiwal
2026-07-01  5:14 ` [PATCH v5 1/4] KVM: PPC: Introduce KVM_CAP_PPC_COMPAT_CAPS and wire up ioctl Amit Machhiwal
2026-07-01  5:23   ` sashiko-bot
2026-07-01  5:14 ` [PATCH v5 2/4] KVM: PPC: Book3S HV: Implement compat CPU capability retrieval for KVM on PowerVM Amit Machhiwal
2026-07-01  5:26   ` sashiko-bot [this message]
2026-07-01  5:14 ` [PATCH v5 3/4] KVM: PPC: Book3S HV: Add support for compat CPU capabilities for KVM on PowerNV Amit Machhiwal
2026-07-01  5:27   ` sashiko-bot
2026-07-01  5:14 ` [PATCH v5 4/4] KVM: PPC: Document KVM_PPC_GET_COMPAT_CAPS ioctl Amit Machhiwal
2026-07-01  5:28   ` sashiko-bot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260701052625.E40ED1F00A3A@smtp.kernel.org \
    --to=sashiko-bot@kernel.org \
    --cc=amachhiw@linux.ibm.com \
    --cc=kvm@vger.kernel.org \
    --cc=sashiko-reviews@lists.linux.dev \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox