Re: [PATCH] mshv: Fix infinite fault loop on permission-denied GPA intercepts

Next message: Uladzislau Rezki: "Re: [PATCH] mm/vmalloc: fix KMSAN uninit-value warning in decay_va_pool_node()"
Previous message: Rustam Adilov: "[PATCH v3 5/6] phy: realtek: usb2: add support for RTL9607C USB2 PHY"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Anirudh Rayabharam

Date: Thu Apr 02 2026 - 11:51:45 EST

On Tue, Mar 24, 2026 at 11:57:40PM +0000, Stanislav Kinsburskii wrote:
> Prevent infinite fault loops when guests access memory regions without
> proper permissions. Currently, mshv_handle_gpa_intercept() attempts to
> remap pages for all faults on movable memory regions, regardless of
> whether the access type is permitted. When a guest writes to a read-only
> region, the remap succeeds but the region remains read-only, causing
> immediate re-fault and spinning the vCPU indefinitely.
>
> Validate intercept access type against region permissions before
> attempting remaps. Reject writes to non-writable regions and executes to
> non-executable regions early, returning false to let the VMM handle the
> intercept appropriately.
>
> This also closes a potential DoS vector where malicious guests could
> intentionally trigger these fault loops to consume host resources.
>
> Fixes: b9a66cd5ccbb ("mshv: Add support for movable memory regions")
> Signed-off-by: Stanislav Kinsburskii <skinsburskii@xxxxxxxxxxxxxxxxxxx>
> ---
> drivers/hv/mshv_root_main.c | 15 ++++++++++++---
> include/hyperv/hvgdk_mini.h | 6 ++++++
> include/hyperv/hvhdk.h | 4 ++--
> 3 files changed, 20 insertions(+), 5 deletions(-)

Reviewed-by: Anirudh Rayabharam (Microsoft) <anirudh@xxxxxxxxxxxxx>