[PATCH v2 0/2] mshv: Allow mappings that overlap in uaddr

[PATCH v2 0/2] mshv: Allow mappings that overlap in uaddr

[Nuno Das Neves]

Currently the MSHV driver rejects mappings that would overlap in
userspace. Remove this limitation as it is overly restrictive and
allowing overlap is useful for VMMs.

Before make this change, fix the region overlap checking logic
which is broken.

---
Changes in v2:
- Add a patch to fix the overlap checking [Michael Kelley]
- Move deletion of mshv_partition_region_by_uaddr() to the fix patch

---
Magnus Kulke (1):
  mshv: Allow mappings that overlap in uaddr

Nuno Das Neves (1):
  mshv: Fix create memory region overlap check

 drivers/hv/mshv_root_main.c | 27 +++++++--------------------
 include/uapi/linux/mshv.h   |  2 +-
 2 files changed, 8 insertions(+), 21 deletions(-)

-- 
2.34.1

[PATCH v2 1/2] mshv: Fix create memory region overlap check

[Nuno Das Neves]

The current check is incorrect; it only checks if the beginning or end
of a region is within an existing region. This doesn't account for
userspace specifying a region that begins before and ends after an
existing region.

Change the logic to a range intersection check against gfns and uaddrs
for each region.

Remove mshv_partition_region_by_uaddr() as it is no longer used.

Fixes: 621191d709b1 ("Drivers: hv: Introduce mshv_root module to expose /dev/mshv to VMMs")
Reported-by: Michael Kelley <mhklinux@outlook.com>
Closes: https://lore.kernel.org/linux-hyperv/SN6PR02MB41575BE0406D3AB22E1D7DB5D4C2A@SN6PR02MB4157.namprd02.prod.outlook.com/
Signed-off-by: Nuno Das Neves <nunodasneves@linux.microsoft.com>
---
 drivers/hv/mshv_root_main.c | 31 +++++++++++--------------------
 1 file changed, 11 insertions(+), 20 deletions(-)

diff --git a/drivers/hv/mshv_root_main.c b/drivers/hv/mshv_root_main.c
index 814465a0912d..25a68912a78d 100644
--- a/drivers/hv/mshv_root_main.c
+++ b/drivers/hv/mshv_root_main.c
@@ -1206,21 +1206,6 @@ mshv_partition_region_by_gfn(struct mshv_partition *partition, u64 gfn)
 	return NULL;
 }
 
-static struct mshv_mem_region *
-mshv_partition_region_by_uaddr(struct mshv_partition *partition, u64 uaddr)
-{
-	struct mshv_mem_region *region;
-
-	hlist_for_each_entry(region, &partition->pt_mem_regions, hnode) {
-		if (uaddr >= region->start_uaddr &&
-		    uaddr < region->start_uaddr +
-			    (region->nr_pages << HV_HYP_PAGE_SHIFT))
-			return region;
-	}
-
-	return NULL;
-}
-
 /*
  * NB: caller checks and makes sure mem->size is page aligned
  * Returns: 0 with regionpp updated on success, or -errno
@@ -1230,15 +1215,21 @@ static int mshv_partition_create_region(struct mshv_partition *partition,
 					struct mshv_mem_region **regionpp,
 					bool is_mmio)
 {
-	struct mshv_mem_region *region;
+	struct mshv_mem_region *region, *rg;
 	u64 nr_pages = HVPFN_DOWN(mem->size);
 
 	/* Reject overlapping regions */
-	if (mshv_partition_region_by_gfn(partition, mem->guest_pfn) ||
-	    mshv_partition_region_by_gfn(partition, mem->guest_pfn + nr_pages - 1) ||
-	    mshv_partition_region_by_uaddr(partition, mem->userspace_addr) ||
-	    mshv_partition_region_by_uaddr(partition, mem->userspace_addr + mem->size - 1))
+	hlist_for_each_entry(rg, &partition->pt_mem_regions, hnode) {
+		u64 rg_size = rg->nr_pages << HV_HYP_PAGE_SHIFT;
+
+		if ((mem->guest_pfn + nr_pages <= rg->start_gfn ||
+		     rg->start_gfn + rg->nr_pages <= mem->guest_pfn) &&
+		    (mem->userspace_addr + mem->size <= rg->start_uaddr ||
+		     rg->start_uaddr + rg_size <= mem->userspace_addr))
+			continue;
+
 		return -EEXIST;
+	}
 
 	region = vzalloc(sizeof(*region) + sizeof(struct page *) * nr_pages);
 	if (!region)
-- 
2.34.1

[PATCH v2 2/2] mshv: Allow mappings that overlap in uaddr

[Nuno Das Neves]

From: Magnus Kulke <magnuskulke@linux.microsoft.com>

Currently the MSHV driver rejects mappings that would overlap in
userspace.

Some VMMs require the same memory to be mapped to different parts of
the guest's address space, and so working around this restriction is
difficult.

The hypervisor itself doesn't prohibit mappings that overlap in uaddr,
(really in SPA; system physical addresses), so supporting this in the
driver doesn't require any extra work: only the checks need to be
removed.

Since no userspace code until now has been able to overlap regions in
userspace, relaxing this constraint can't break any existing code.

Signed-off-by: Magnus Kulke <magnuskulke@linux.microsoft.com>
Signed-off-by: Nuno Das Neves <nunodasneves@linux.microsoft.com>
---
 drivers/hv/mshv_root_main.c | 8 ++------
 include/uapi/linux/mshv.h   | 2 +-
 2 files changed, 3 insertions(+), 7 deletions(-)

diff --git a/drivers/hv/mshv_root_main.c b/drivers/hv/mshv_root_main.c
index 25a68912a78d..b1821b18fa09 100644
--- a/drivers/hv/mshv_root_main.c
+++ b/drivers/hv/mshv_root_main.c
@@ -1220,12 +1220,8 @@ static int mshv_partition_create_region(struct mshv_partition *partition,
 
 	/* Reject overlapping regions */
 	hlist_for_each_entry(rg, &partition->pt_mem_regions, hnode) {
-		u64 rg_size = rg->nr_pages << HV_HYP_PAGE_SHIFT;
-
-		if ((mem->guest_pfn + nr_pages <= rg->start_gfn ||
-		     rg->start_gfn + rg->nr_pages <= mem->guest_pfn) &&
-		    (mem->userspace_addr + mem->size <= rg->start_uaddr ||
-		     rg->start_uaddr + rg_size <= mem->userspace_addr))
+		if (mem->guest_pfn + nr_pages <= rg->start_gfn ||
+		    rg->start_gfn + rg->nr_pages <= mem->guest_pfn)
 			continue;
 
 		return -EEXIST;
diff --git a/include/uapi/linux/mshv.h b/include/uapi/linux/mshv.h
index 9091946cba23..b10c8d1cb2ad 100644
--- a/include/uapi/linux/mshv.h
+++ b/include/uapi/linux/mshv.h
@@ -123,7 +123,7 @@ enum {
  * @rsvd: MBZ
  *
  * Map or unmap a region of userspace memory to Guest Physical Addresses (GPA).
- * Mappings can't overlap in GPA space or userspace.
+ * Mappings can't overlap in GPA space.
  * To unmap, these fields must match an existing mapping.
  */
 struct mshv_user_mem_region {
-- 
2.34.1

RE: [PATCH v2 1/2] mshv: Fix create memory region overlap check

[Michael Kelley]

From: Nuno Das Neves <nunodasneves@linux.microsoft.com> Sent: Thursday, November 6, 2025 2:14 PM
> 
> The current check is incorrect; it only checks if the beginning or end
> of a region is within an existing region. This doesn't account for
> userspace specifying a region that begins before and ends after an
> existing region.
> 
> Change the logic to a range intersection check against gfns and uaddrs
> for each region.
> 
> Remove mshv_partition_region_by_uaddr() as it is no longer used.
> 
> Fixes: 621191d709b1 ("Drivers: hv: Introduce mshv_root module to expose /dev/mshv to VMMs")
> Reported-by: Michael Kelley <mhklinux@outlook.com>
> Closes: https://lore.kernel.org/linux-hyperv/SN6PR02MB41575BE0406D3AB22E1D7DB5D4C2A@SN6PR02MB4157.namprd02.prod.outlook.com/
> Signed-off-by: Nuno Das Neves <nunodasneves@linux.microsoft.com>
> ---
>  drivers/hv/mshv_root_main.c | 31 +++++++++++--------------------
>  1 file changed, 11 insertions(+), 20 deletions(-)
> 
> diff --git a/drivers/hv/mshv_root_main.c b/drivers/hv/mshv_root_main.c
> index 814465a0912d..25a68912a78d 100644
> --- a/drivers/hv/mshv_root_main.c
> +++ b/drivers/hv/mshv_root_main.c
> @@ -1206,21 +1206,6 @@ mshv_partition_region_by_gfn(struct mshv_partition *partition, u64 gfn)
>  	return NULL;
>  }
> 
> -static struct mshv_mem_region *
> -mshv_partition_region_by_uaddr(struct mshv_partition *partition, u64 uaddr)
> -{
> -	struct mshv_mem_region *region;
> -
> -	hlist_for_each_entry(region, &partition->pt_mem_regions, hnode) {
> -		if (uaddr >= region->start_uaddr &&
> -		    uaddr < region->start_uaddr +
> -			    (region->nr_pages << HV_HYP_PAGE_SHIFT))
> -			return region;
> -	}
> -
> -	return NULL;
> -}
> -
>  /*
>   * NB: caller checks and makes sure mem->size is page aligned
>   * Returns: 0 with regionpp updated on success, or -errno
> @@ -1230,15 +1215,21 @@ static int mshv_partition_create_region(struct mshv_partition *partition,
>  					struct mshv_mem_region **regionpp,
>  					bool is_mmio)
>  {
> -	struct mshv_mem_region *region;
> +	struct mshv_mem_region *region, *rg;
>  	u64 nr_pages = HVPFN_DOWN(mem->size);
> 
>  	/* Reject overlapping regions */
> -	if (mshv_partition_region_by_gfn(partition, mem->guest_pfn) ||
> -	    mshv_partition_region_by_gfn(partition, mem->guest_pfn + nr_pages - 1) ||
> -	    mshv_partition_region_by_uaddr(partition, mem->userspace_addr) ||
> -	    mshv_partition_region_by_uaddr(partition, mem->userspace_addr + mem->size - 1))
> +	hlist_for_each_entry(rg, &partition->pt_mem_regions, hnode) {
> +		u64 rg_size = rg->nr_pages << HV_HYP_PAGE_SHIFT;
> +
> +		if ((mem->guest_pfn + nr_pages <= rg->start_gfn ||
> +		     rg->start_gfn + rg->nr_pages <= mem->guest_pfn) &&
> +		    (mem->userspace_addr + mem->size <= rg->start_uaddr ||
> +		     rg->start_uaddr + rg_size <= mem->userspace_addr))
> +			continue;
> +
>  		return -EEXIST;
> +	}
> 
>  	region = vzalloc(sizeof(*region) + sizeof(struct page *) * nr_pages);
>  	if (!region)
> --
> 2.34.1

Reviewed-by: Michael Kelley <mhklinux@outlook.com>

RE: [PATCH v2 2/2] mshv: Allow mappings that overlap in uaddr

[Michael Kelley]

From: Nuno Das Neves <nunodasneves@linux.microsoft.com> Sent: Thursday, November 6, 2025 2:14 PM
> 
> From: Magnus Kulke <magnuskulke@linux.microsoft.com>
> 
> Currently the MSHV driver rejects mappings that would overlap in
> userspace.
> 
> Some VMMs require the same memory to be mapped to different parts of
> the guest's address space, and so working around this restriction is
> difficult.
> 
> The hypervisor itself doesn't prohibit mappings that overlap in uaddr,
> (really in SPA; system physical addresses), so supporting this in the
> driver doesn't require any extra work: only the checks need to be
> removed.
> 
> Since no userspace code until now has been able to overlap regions in
> userspace, relaxing this constraint can't break any existing code.
> 
> Signed-off-by: Magnus Kulke <magnuskulke@linux.microsoft.com>
> Signed-off-by: Nuno Das Neves <nunodasneves@linux.microsoft.com>
> ---
>  drivers/hv/mshv_root_main.c | 8 ++------
>  include/uapi/linux/mshv.h   | 2 +-
>  2 files changed, 3 insertions(+), 7 deletions(-)
> 
> diff --git a/drivers/hv/mshv_root_main.c b/drivers/hv/mshv_root_main.c
> index 25a68912a78d..b1821b18fa09 100644
> --- a/drivers/hv/mshv_root_main.c
> +++ b/drivers/hv/mshv_root_main.c
> @@ -1220,12 +1220,8 @@ static int mshv_partition_create_region(struct mshv_partition *partition,
> 
>  	/* Reject overlapping regions */
>  	hlist_for_each_entry(rg, &partition->pt_mem_regions, hnode) {
> -		u64 rg_size = rg->nr_pages << HV_HYP_PAGE_SHIFT;
> -
> -		if ((mem->guest_pfn + nr_pages <= rg->start_gfn ||
> -		     rg->start_gfn + rg->nr_pages <= mem->guest_pfn) &&
> -		    (mem->userspace_addr + mem->size <= rg->start_uaddr ||
> -		     rg->start_uaddr + rg_size <= mem->userspace_addr))
> +		if (mem->guest_pfn + nr_pages <= rg->start_gfn ||
> +		    rg->start_gfn + rg->nr_pages <= mem->guest_pfn)
>  			continue;
> 
>  		return -EEXIST;
> diff --git a/include/uapi/linux/mshv.h b/include/uapi/linux/mshv.h
> index 9091946cba23..b10c8d1cb2ad 100644
> --- a/include/uapi/linux/mshv.h
> +++ b/include/uapi/linux/mshv.h
> @@ -123,7 +123,7 @@ enum {
>   * @rsvd: MBZ
>   *
>   * Map or unmap a region of userspace memory to Guest Physical Addresses (GPA).
> - * Mappings can't overlap in GPA space or userspace.
> + * Mappings can't overlap in GPA space.
>   * To unmap, these fields must match an existing mapping.
>   */
>  struct mshv_user_mem_region {
> --
> 2.34.1

Reviewed-by: Michael Kelley <mhklinux@outlook.com>

Re: [PATCH v2 0/2] mshv: Allow mappings that overlap in uaddr

[Wei Liu]

On Thu, Nov 06, 2025 at 02:13:29PM -0800, Nuno Das Neves wrote:
> Currently the MSHV driver rejects mappings that would overlap in
> userspace. Remove this limitation as it is overly restrictive and
> allowing overlap is useful for VMMs.
> 
> Before make this change, fix the region overlap checking logic
> which is broken.
> 
> ---
> Changes in v2:
> - Add a patch to fix the overlap checking [Michael Kelley]
> - Move deletion of mshv_partition_region_by_uaddr() to the fix patch
> 
> ---
> Magnus Kulke (1):
>   mshv: Allow mappings that overlap in uaddr
> 
> Nuno Das Neves (1):
>   mshv: Fix create memory region overlap check

Applied to hyperv-next. Thanks.

> 
>  drivers/hv/mshv_root_main.c | 27 +++++++--------------------
>  include/uapi/linux/mshv.h   |  2 +-
>  2 files changed, 8 insertions(+), 21 deletions(-)
> 
> -- 
> 2.34.1
>