From: Sean Christopherson <seanjc@google.com>
To: pcjer <pcj3195161583@163.com>
Cc: kvm@vger.kernel.org, pbonzini@redhat.com, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] KVM: x86/tdp_mmu: Fix base gfn check when zapping private huge SPTE
Date: Mon, 9 Mar 2026 07:23:25 -0700 [thread overview]
Message-ID: <aa7X3YNbQ9Zuq6cJ@google.com> (raw)
In-Reply-To: <20260309083844.217215-1-pcj3195161583@163.com>
On Mon, Mar 09, 2026, pcjer wrote:
> Signed-off-by: pcjer <pcj3195161583@163.com>
> ---
> arch/x86/kvm/mmu/tdp_mmu.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/arch/x86/kvm/mmu/tdp_mmu.c b/arch/x86/kvm/mmu/tdp_mmu.c
> index 1266d5452..8482a85d6 100644
> --- a/arch/x86/kvm/mmu/tdp_mmu.c
> +++ b/arch/x86/kvm/mmu/tdp_mmu.c
> @@ -1025,8 +1025,8 @@ static bool tdp_mmu_zap_leafs(struct kvm *kvm, struct kvm_mmu_page *root,
>
> slot = gfn_to_memslot(kvm, gfn);
> if (kvm_hugepage_test_mixed(slot, gfn, iter.level) ||
> - (gfn & mask) < start ||
> - end < (gfn & mask) + KVM_PAGES_PER_HPAGE(iter.level)) {
> + (gfn & ~mask) < start ||
> + end < (gfn & ~mask) + KVM_PAGES_PER_HPAGE(iter.level)) {
Somewhat to my surprise, this does indeed look like a legitimate fix, ignoring
that the code in question was never merged and was lasted posted 2+ years ago[*]
(and has long since been replaced).
The bug likely went unnoticed during development because "(gfn & mask) < start"
would almost always be true (mask == 511 for a 2MiB page). Though mask should
really just be inverted from the get go in this code
+ if (is_private && kvm_gfn_shared_mask(kvm) &&
+ is_large_pte(iter.old_spte)) {
+ gfn_t gfn = iter.gfn & ~kvm_gfn_shared_mask(kvm);
+ gfn_t mask = KVM_PAGES_PER_HPAGE(iter.level) - 1;
+
+ struct kvm_memory_slot *slot;
+ struct kvm_mmu_page *sp;
+
[*] https://lore.kernel.org/all/c656573ccc68e212416d323d35f884bff25e6e2d.1708933624.git.isaku.yamahata@intel.com
next prev parent reply other threads:[~2026-03-09 14:23 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-09 8:38 [PATCH] KVM: x86/tdp_mmu: Fix base gfn check when zapping private huge SPTE pcjer
2026-03-09 14:23 ` Sean Christopherson [this message]
2026-03-10 1:29 ` Xiaoyao Li
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aa7X3YNbQ9Zuq6cJ@google.com \
--to=seanjc@google.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=pcj3195161583@163.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox