* [PATCH v2 1/2] mshv: Fix create memory region overlap check
2025-11-06 22:13 [PATCH v2 0/2] mshv: Allow mappings that overlap in uaddr Nuno Das Neves
@ 2025-11-06 22:13 ` Nuno Das Neves
2025-11-07 15:24 ` Michael Kelley
2025-11-06 22:13 ` [PATCH v2 2/2] mshv: Allow mappings that overlap in uaddr Nuno Das Neves
2025-11-07 18:13 ` [PATCH v2 0/2] " Wei Liu
2 siblings, 1 reply; 6+ messages in thread
From: Nuno Das Neves @ 2025-11-06 22:13 UTC (permalink / raw)
To: linux-hyperv, linux-kernel, mhklinux, magnuskulke
Cc: kys, haiyangz, wei.liu, decui, longli, skinsburskii, prapal,
mrathor, muislam, Nuno Das Neves
The current check is incorrect; it only checks if the beginning or end
of a region is within an existing region. This doesn't account for
userspace specifying a region that begins before and ends after an
existing region.
Change the logic to a range intersection check against gfns and uaddrs
for each region.
Remove mshv_partition_region_by_uaddr() as it is no longer used.
Fixes: 621191d709b1 ("Drivers: hv: Introduce mshv_root module to expose /dev/mshv to VMMs")
Reported-by: Michael Kelley <mhklinux@outlook.com>
Closes: https://lore.kernel.org/linux-hyperv/SN6PR02MB41575BE0406D3AB22E1D7DB5D4C2A@SN6PR02MB4157.namprd02.prod.outlook.com/
Signed-off-by: Nuno Das Neves <nunodasneves@linux.microsoft.com>
---
drivers/hv/mshv_root_main.c | 31 +++++++++++--------------------
1 file changed, 11 insertions(+), 20 deletions(-)
diff --git a/drivers/hv/mshv_root_main.c b/drivers/hv/mshv_root_main.c
index 814465a0912d..25a68912a78d 100644
--- a/drivers/hv/mshv_root_main.c
+++ b/drivers/hv/mshv_root_main.c
@@ -1206,21 +1206,6 @@ mshv_partition_region_by_gfn(struct mshv_partition *partition, u64 gfn)
return NULL;
}
-static struct mshv_mem_region *
-mshv_partition_region_by_uaddr(struct mshv_partition *partition, u64 uaddr)
-{
- struct mshv_mem_region *region;
-
- hlist_for_each_entry(region, &partition->pt_mem_regions, hnode) {
- if (uaddr >= region->start_uaddr &&
- uaddr < region->start_uaddr +
- (region->nr_pages << HV_HYP_PAGE_SHIFT))
- return region;
- }
-
- return NULL;
-}
-
/*
* NB: caller checks and makes sure mem->size is page aligned
* Returns: 0 with regionpp updated on success, or -errno
@@ -1230,15 +1215,21 @@ static int mshv_partition_create_region(struct mshv_partition *partition,
struct mshv_mem_region **regionpp,
bool is_mmio)
{
- struct mshv_mem_region *region;
+ struct mshv_mem_region *region, *rg;
u64 nr_pages = HVPFN_DOWN(mem->size);
/* Reject overlapping regions */
- if (mshv_partition_region_by_gfn(partition, mem->guest_pfn) ||
- mshv_partition_region_by_gfn(partition, mem->guest_pfn + nr_pages - 1) ||
- mshv_partition_region_by_uaddr(partition, mem->userspace_addr) ||
- mshv_partition_region_by_uaddr(partition, mem->userspace_addr + mem->size - 1))
+ hlist_for_each_entry(rg, &partition->pt_mem_regions, hnode) {
+ u64 rg_size = rg->nr_pages << HV_HYP_PAGE_SHIFT;
+
+ if ((mem->guest_pfn + nr_pages <= rg->start_gfn ||
+ rg->start_gfn + rg->nr_pages <= mem->guest_pfn) &&
+ (mem->userspace_addr + mem->size <= rg->start_uaddr ||
+ rg->start_uaddr + rg_size <= mem->userspace_addr))
+ continue;
+
return -EEXIST;
+ }
region = vzalloc(sizeof(*region) + sizeof(struct page *) * nr_pages);
if (!region)
--
2.34.1
^ permalink raw reply related [flat|nested] 6+ messages in thread* RE: [PATCH v2 1/2] mshv: Fix create memory region overlap check
2025-11-06 22:13 ` [PATCH v2 1/2] mshv: Fix create memory region overlap check Nuno Das Neves
@ 2025-11-07 15:24 ` Michael Kelley
0 siblings, 0 replies; 6+ messages in thread
From: Michael Kelley @ 2025-11-07 15:24 UTC (permalink / raw)
To: Nuno Das Neves, linux-hyperv@vger.kernel.org,
linux-kernel@vger.kernel.org, magnuskulke@linux.microsoft.com
Cc: kys@microsoft.com, haiyangz@microsoft.com, wei.liu@kernel.org,
decui@microsoft.com, longli@microsoft.com,
skinsburskii@linux.microsoft.com, prapal@linux.microsoft.com,
mrathor@linux.microsoft.com, muislam@microsoft.com
From: Nuno Das Neves <nunodasneves@linux.microsoft.com> Sent: Thursday, November 6, 2025 2:14 PM
>
> The current check is incorrect; it only checks if the beginning or end
> of a region is within an existing region. This doesn't account for
> userspace specifying a region that begins before and ends after an
> existing region.
>
> Change the logic to a range intersection check against gfns and uaddrs
> for each region.
>
> Remove mshv_partition_region_by_uaddr() as it is no longer used.
>
> Fixes: 621191d709b1 ("Drivers: hv: Introduce mshv_root module to expose /dev/mshv to VMMs")
> Reported-by: Michael Kelley <mhklinux@outlook.com>
> Closes: https://lore.kernel.org/linux-hyperv/SN6PR02MB41575BE0406D3AB22E1D7DB5D4C2A@SN6PR02MB4157.namprd02.prod.outlook.com/
> Signed-off-by: Nuno Das Neves <nunodasneves@linux.microsoft.com>
> ---
> drivers/hv/mshv_root_main.c | 31 +++++++++++--------------------
> 1 file changed, 11 insertions(+), 20 deletions(-)
>
> diff --git a/drivers/hv/mshv_root_main.c b/drivers/hv/mshv_root_main.c
> index 814465a0912d..25a68912a78d 100644
> --- a/drivers/hv/mshv_root_main.c
> +++ b/drivers/hv/mshv_root_main.c
> @@ -1206,21 +1206,6 @@ mshv_partition_region_by_gfn(struct mshv_partition *partition, u64 gfn)
> return NULL;
> }
>
> -static struct mshv_mem_region *
> -mshv_partition_region_by_uaddr(struct mshv_partition *partition, u64 uaddr)
> -{
> - struct mshv_mem_region *region;
> -
> - hlist_for_each_entry(region, &partition->pt_mem_regions, hnode) {
> - if (uaddr >= region->start_uaddr &&
> - uaddr < region->start_uaddr +
> - (region->nr_pages << HV_HYP_PAGE_SHIFT))
> - return region;
> - }
> -
> - return NULL;
> -}
> -
> /*
> * NB: caller checks and makes sure mem->size is page aligned
> * Returns: 0 with regionpp updated on success, or -errno
> @@ -1230,15 +1215,21 @@ static int mshv_partition_create_region(struct mshv_partition *partition,
> struct mshv_mem_region **regionpp,
> bool is_mmio)
> {
> - struct mshv_mem_region *region;
> + struct mshv_mem_region *region, *rg;
> u64 nr_pages = HVPFN_DOWN(mem->size);
>
> /* Reject overlapping regions */
> - if (mshv_partition_region_by_gfn(partition, mem->guest_pfn) ||
> - mshv_partition_region_by_gfn(partition, mem->guest_pfn + nr_pages - 1) ||
> - mshv_partition_region_by_uaddr(partition, mem->userspace_addr) ||
> - mshv_partition_region_by_uaddr(partition, mem->userspace_addr + mem->size - 1))
> + hlist_for_each_entry(rg, &partition->pt_mem_regions, hnode) {
> + u64 rg_size = rg->nr_pages << HV_HYP_PAGE_SHIFT;
> +
> + if ((mem->guest_pfn + nr_pages <= rg->start_gfn ||
> + rg->start_gfn + rg->nr_pages <= mem->guest_pfn) &&
> + (mem->userspace_addr + mem->size <= rg->start_uaddr ||
> + rg->start_uaddr + rg_size <= mem->userspace_addr))
> + continue;
> +
> return -EEXIST;
> + }
>
> region = vzalloc(sizeof(*region) + sizeof(struct page *) * nr_pages);
> if (!region)
> --
> 2.34.1
Reviewed-by: Michael Kelley <mhklinux@outlook.com>
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH v2 2/2] mshv: Allow mappings that overlap in uaddr
2025-11-06 22:13 [PATCH v2 0/2] mshv: Allow mappings that overlap in uaddr Nuno Das Neves
2025-11-06 22:13 ` [PATCH v2 1/2] mshv: Fix create memory region overlap check Nuno Das Neves
@ 2025-11-06 22:13 ` Nuno Das Neves
2025-11-07 15:25 ` Michael Kelley
2025-11-07 18:13 ` [PATCH v2 0/2] " Wei Liu
2 siblings, 1 reply; 6+ messages in thread
From: Nuno Das Neves @ 2025-11-06 22:13 UTC (permalink / raw)
To: linux-hyperv, linux-kernel, mhklinux, magnuskulke
Cc: kys, haiyangz, wei.liu, decui, longli, skinsburskii, prapal,
mrathor, muislam, Nuno Das Neves
From: Magnus Kulke <magnuskulke@linux.microsoft.com>
Currently the MSHV driver rejects mappings that would overlap in
userspace.
Some VMMs require the same memory to be mapped to different parts of
the guest's address space, and so working around this restriction is
difficult.
The hypervisor itself doesn't prohibit mappings that overlap in uaddr,
(really in SPA; system physical addresses), so supporting this in the
driver doesn't require any extra work: only the checks need to be
removed.
Since no userspace code until now has been able to overlap regions in
userspace, relaxing this constraint can't break any existing code.
Signed-off-by: Magnus Kulke <magnuskulke@linux.microsoft.com>
Signed-off-by: Nuno Das Neves <nunodasneves@linux.microsoft.com>
---
drivers/hv/mshv_root_main.c | 8 ++------
include/uapi/linux/mshv.h | 2 +-
2 files changed, 3 insertions(+), 7 deletions(-)
diff --git a/drivers/hv/mshv_root_main.c b/drivers/hv/mshv_root_main.c
index 25a68912a78d..b1821b18fa09 100644
--- a/drivers/hv/mshv_root_main.c
+++ b/drivers/hv/mshv_root_main.c
@@ -1220,12 +1220,8 @@ static int mshv_partition_create_region(struct mshv_partition *partition,
/* Reject overlapping regions */
hlist_for_each_entry(rg, &partition->pt_mem_regions, hnode) {
- u64 rg_size = rg->nr_pages << HV_HYP_PAGE_SHIFT;
-
- if ((mem->guest_pfn + nr_pages <= rg->start_gfn ||
- rg->start_gfn + rg->nr_pages <= mem->guest_pfn) &&
- (mem->userspace_addr + mem->size <= rg->start_uaddr ||
- rg->start_uaddr + rg_size <= mem->userspace_addr))
+ if (mem->guest_pfn + nr_pages <= rg->start_gfn ||
+ rg->start_gfn + rg->nr_pages <= mem->guest_pfn)
continue;
return -EEXIST;
diff --git a/include/uapi/linux/mshv.h b/include/uapi/linux/mshv.h
index 9091946cba23..b10c8d1cb2ad 100644
--- a/include/uapi/linux/mshv.h
+++ b/include/uapi/linux/mshv.h
@@ -123,7 +123,7 @@ enum {
* @rsvd: MBZ
*
* Map or unmap a region of userspace memory to Guest Physical Addresses (GPA).
- * Mappings can't overlap in GPA space or userspace.
+ * Mappings can't overlap in GPA space.
* To unmap, these fields must match an existing mapping.
*/
struct mshv_user_mem_region {
--
2.34.1
^ permalink raw reply related [flat|nested] 6+ messages in thread* RE: [PATCH v2 2/2] mshv: Allow mappings that overlap in uaddr
2025-11-06 22:13 ` [PATCH v2 2/2] mshv: Allow mappings that overlap in uaddr Nuno Das Neves
@ 2025-11-07 15:25 ` Michael Kelley
0 siblings, 0 replies; 6+ messages in thread
From: Michael Kelley @ 2025-11-07 15:25 UTC (permalink / raw)
To: Nuno Das Neves, linux-hyperv@vger.kernel.org,
linux-kernel@vger.kernel.org, magnuskulke@linux.microsoft.com
Cc: kys@microsoft.com, haiyangz@microsoft.com, wei.liu@kernel.org,
decui@microsoft.com, longli@microsoft.com,
skinsburskii@linux.microsoft.com, prapal@linux.microsoft.com,
mrathor@linux.microsoft.com, muislam@microsoft.com
From: Nuno Das Neves <nunodasneves@linux.microsoft.com> Sent: Thursday, November 6, 2025 2:14 PM
>
> From: Magnus Kulke <magnuskulke@linux.microsoft.com>
>
> Currently the MSHV driver rejects mappings that would overlap in
> userspace.
>
> Some VMMs require the same memory to be mapped to different parts of
> the guest's address space, and so working around this restriction is
> difficult.
>
> The hypervisor itself doesn't prohibit mappings that overlap in uaddr,
> (really in SPA; system physical addresses), so supporting this in the
> driver doesn't require any extra work: only the checks need to be
> removed.
>
> Since no userspace code until now has been able to overlap regions in
> userspace, relaxing this constraint can't break any existing code.
>
> Signed-off-by: Magnus Kulke <magnuskulke@linux.microsoft.com>
> Signed-off-by: Nuno Das Neves <nunodasneves@linux.microsoft.com>
> ---
> drivers/hv/mshv_root_main.c | 8 ++------
> include/uapi/linux/mshv.h | 2 +-
> 2 files changed, 3 insertions(+), 7 deletions(-)
>
> diff --git a/drivers/hv/mshv_root_main.c b/drivers/hv/mshv_root_main.c
> index 25a68912a78d..b1821b18fa09 100644
> --- a/drivers/hv/mshv_root_main.c
> +++ b/drivers/hv/mshv_root_main.c
> @@ -1220,12 +1220,8 @@ static int mshv_partition_create_region(struct mshv_partition *partition,
>
> /* Reject overlapping regions */
> hlist_for_each_entry(rg, &partition->pt_mem_regions, hnode) {
> - u64 rg_size = rg->nr_pages << HV_HYP_PAGE_SHIFT;
> -
> - if ((mem->guest_pfn + nr_pages <= rg->start_gfn ||
> - rg->start_gfn + rg->nr_pages <= mem->guest_pfn) &&
> - (mem->userspace_addr + mem->size <= rg->start_uaddr ||
> - rg->start_uaddr + rg_size <= mem->userspace_addr))
> + if (mem->guest_pfn + nr_pages <= rg->start_gfn ||
> + rg->start_gfn + rg->nr_pages <= mem->guest_pfn)
> continue;
>
> return -EEXIST;
> diff --git a/include/uapi/linux/mshv.h b/include/uapi/linux/mshv.h
> index 9091946cba23..b10c8d1cb2ad 100644
> --- a/include/uapi/linux/mshv.h
> +++ b/include/uapi/linux/mshv.h
> @@ -123,7 +123,7 @@ enum {
> * @rsvd: MBZ
> *
> * Map or unmap a region of userspace memory to Guest Physical Addresses (GPA).
> - * Mappings can't overlap in GPA space or userspace.
> + * Mappings can't overlap in GPA space.
> * To unmap, these fields must match an existing mapping.
> */
> struct mshv_user_mem_region {
> --
> 2.34.1
Reviewed-by: Michael Kelley <mhklinux@outlook.com>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH v2 0/2] mshv: Allow mappings that overlap in uaddr
2025-11-06 22:13 [PATCH v2 0/2] mshv: Allow mappings that overlap in uaddr Nuno Das Neves
2025-11-06 22:13 ` [PATCH v2 1/2] mshv: Fix create memory region overlap check Nuno Das Neves
2025-11-06 22:13 ` [PATCH v2 2/2] mshv: Allow mappings that overlap in uaddr Nuno Das Neves
@ 2025-11-07 18:13 ` Wei Liu
2 siblings, 0 replies; 6+ messages in thread
From: Wei Liu @ 2025-11-07 18:13 UTC (permalink / raw)
To: Nuno Das Neves
Cc: linux-hyperv, linux-kernel, mhklinux, magnuskulke, kys, haiyangz,
wei.liu, decui, longli, skinsburskii, prapal, mrathor, muislam
On Thu, Nov 06, 2025 at 02:13:29PM -0800, Nuno Das Neves wrote:
> Currently the MSHV driver rejects mappings that would overlap in
> userspace. Remove this limitation as it is overly restrictive and
> allowing overlap is useful for VMMs.
>
> Before make this change, fix the region overlap checking logic
> which is broken.
>
> ---
> Changes in v2:
> - Add a patch to fix the overlap checking [Michael Kelley]
> - Move deletion of mshv_partition_region_by_uaddr() to the fix patch
>
> ---
> Magnus Kulke (1):
> mshv: Allow mappings that overlap in uaddr
>
> Nuno Das Neves (1):
> mshv: Fix create memory region overlap check
Applied to hyperv-next. Thanks.
>
> drivers/hv/mshv_root_main.c | 27 +++++++--------------------
> include/uapi/linux/mshv.h | 2 +-
> 2 files changed, 8 insertions(+), 21 deletions(-)
>
> --
> 2.34.1
>
^ permalink raw reply [flat|nested] 6+ messages in thread