Re: [RFC PATCH 17/20] hyperv: Reserve crash MSR P2 for page preservation root PA

[sashiko-bot@kernel.org]

Thank you for your contribution! Sashiko AI review found 2 potential issue(s) to consider:
- [High] Removing the overwrites of crash MSR P2 in panic paths can leak a stale KHO root PA to the crash kernel if KHO is currently disabled.
- [Medium] The commit message incorrectly describes the register shifts on x86, hiding the undocumented removal of `regs->ax` from the crash report.
--

commit a2f7e475a7dfd02f8ed395438172d715377b9152
Author: Jork Loeser <jloeser@linux.microsoft.com>

hyperv: Reserve crash MSR P2 for page preservation root PA

This commit reserves the crash MSR P2 to pass the KHO radix tree root
physical address to the crash kernel for MSHV page exclusion. It updates
the panic reporting paths to stop overwriting P2 and shifts the remaining
register values accordingly.

>     Move IP/PC to P3 and SP to P4 in hyperv_report_panic() on both x86
>     and ARM64. Remove the P2 write from hv_kmsg_dump().

[Severity: Medium]
Does this description accurately reflect the changes on x86?

On x86, SP was already assigned to P4, so it is not moved. Additionally,
moving IP to P3 overwrites the previous contents of P3 (regs->ax), entirely
dropping it from the crash report.

Could the commit message be updated to explicitly mention this loss of
diagnostic data?

> diff --git a/arch/arm64/hyperv/hv_core.c b/arch/arm64/hyperv/hv_core.c
> --- a/arch/arm64/hyperv/hv_core.c
> +++ b/arch/arm64/hyperv/hv_core.c
> @@ -185,9 +185,9 @@ void hyperv_report_panic(struct pt_regs *regs, long err, bool in_die)
>  	 */
>  	hv_set_vpreg(HV_REGISTER_GUEST_CRASH_P0, err);
>  	hv_set_vpreg(HV_REGISTER_GUEST_CRASH_P1, guest_id);
> -	hv_set_vpreg(HV_REGISTER_GUEST_CRASH_P2, regs->pc);
> -	hv_set_vpreg(HV_REGISTER_GUEST_CRASH_P3, regs->sp);
> -	hv_set_vpreg(HV_REGISTER_GUEST_CRASH_P4, 0);
> +	/* P2 is reserved for the KHO preserved-pages tree root PA */

[Severity: High]
Could skipping the overwrite of P2 leak a stale KHO root physical address
to the crash kernel if KHO is currently disabled?

If a KHO-enabled kernel writes a valid radix tree root PA to P2 and then
kexecs into a KHO-disabled kernel, the KHO-disabled kernel might not clear
the MSR during its initialization.

If this KHO-disabled kernel later panics, leaving P2 untouched here means
the crash kernel will read the stale PA from P2. Since the memory at the
stale PA was likely reused, could walking it as a valid KHO radix tree
cause a page fault and break crash dump collection?

> +	hv_set_vpreg(HV_REGISTER_GUEST_CRASH_P3, regs->pc);
> +	hv_set_vpreg(HV_REGISTER_GUEST_CRASH_P4, regs->sp);

-- 
Sashiko AI review · https://sashiko.dev/#/patchset/20260528004204.1484584-1-jloeser@linux.microsoft.com?part=17