From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 40C62CD13D8 for ; Sun, 17 Sep 2023 19:50:20 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240068AbjIQTty (ORCPT ); Sun, 17 Sep 2023 15:49:54 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33420 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240088AbjIQTtf (ORCPT ); Sun, 17 Sep 2023 15:49:35 -0400 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C53409F for ; Sun, 17 Sep 2023 12:49:29 -0700 (PDT) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 03169C433C8; Sun, 17 Sep 2023 19:49:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1694980169; bh=4q9LH/frBFqdQv89IGnnvtR2xXPIchQXpCcih4sC4uk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=vK63K1xwk/6VSRsqOdmDqcXOj+WSDEmEjpTQyMY4tM/2V3XVarIHIlw8ggjEtDkXz x+bJ1atFPoNVZTAqoTFa7V05aOiJlKyZEeBEJKbv3L9z0Z+owRRdewGt20fdf3mDfV NpMH/sNbqVGmhqoRS41gXlHxjUBs3howzDtgaACQ= From: Greg Kroah-Hartman To: stable@vger.kernel.org Cc: Greg Kroah-Hartman , patches@lists.linux.dev, Yan Zhao , Yongwei Ma , Zhi Wang , Sean Christopherson , Paolo Bonzini , Sasha Levin Subject: [PATCH 6.5 114/285] drm/i915/gvt: Verify pfn is "valid" before dereferencing "struct page" Date: Sun, 17 Sep 2023 21:11:54 +0200 Message-ID: <20230917191055.612029210@linuxfoundation.org> X-Mailer: git-send-email 2.42.0 In-Reply-To: <20230917191051.639202302@linuxfoundation.org> References: <20230917191051.639202302@linuxfoundation.org> User-Agent: quilt/0.67 X-stable: review X-Patchwork-Hint: ignore MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org 6.5-stable review patch. If anyone has any objections, please let me know. ------------------ From: Sean Christopherson [ Upstream commit f046923af79158361295ed4f0a588c80b9fdcc1d ] Check that the pfn found by gfn_to_pfn() is actually backed by "struct page" memory prior to retrieving and dereferencing the page. KVM supports backing guest memory with VM_PFNMAP, VM_IO, etc., and so there is no guarantee the pfn returned by gfn_to_pfn() has an associated "struct page". Fixes: b901b252b6cf ("drm/i915/gvt: Add 2M huge gtt support") Reviewed-by: Yan Zhao Tested-by: Yongwei Ma Reviewed-by: Zhi Wang Link: https://lore.kernel.org/r/20230729013535.1070024-2-seanjc@google.com Signed-off-by: Sean Christopherson Signed-off-by: Paolo Bonzini Signed-off-by: Sasha Levin --- drivers/gpu/drm/i915/gvt/gtt.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/gpu/drm/i915/gvt/gtt.c b/drivers/gpu/drm/i915/gvt/gtt.c index 4ec85308379a4..58b9b316ae462 100644 --- a/drivers/gpu/drm/i915/gvt/gtt.c +++ b/drivers/gpu/drm/i915/gvt/gtt.c @@ -1183,6 +1183,10 @@ static int is_2MB_gtt_possible(struct intel_vgpu *vgpu, pfn = gfn_to_pfn(vgpu->vfio_device.kvm, ops->get_pfn(entry)); if (is_error_noslot_pfn(pfn)) return -EINVAL; + + if (!pfn_valid(pfn)) + return -EINVAL; + return PageTransHuge(pfn_to_page(pfn)); } -- 2.40.1