Re: [PATCH] KVM: x86: Add GPA limit check to kvm_arch_vcpu_pre_fault_memory()

From: Isaku Yamahata
Date: Thu Jul 18 2024 - 19:38:25 EST


On Tue, Jul 16, 2024 at 04:49:00PM -0700,
Isaku Yamahata <isaku.yamahata@xxxxxxxxx> wrote:

> > > - For non-TDX case (DEFAULT_VM, SW_PROTECTED_VM, or SEV):
> > > When the host supports 5-level TDP, KVM decides to use 4-level TDP if
> > > cpuid_maxphyaddr() <= 48. cpuid_maxhyaddr() check prevents
> > > KVM_PRE_FAULT_MEMORY from passing GFN beyond mappable GFN.
> >
> > Hardening against cpuid_maxphyaddr() should be out of scope. We don't enforce
> > it for guest faults, e.g. KVM doesn't kill the guest if allow_smaller_maxphyaddr
> > is false and the GPA is supposed to be illegal. And trying to enforce it here is
> > a fool's errand since userspace can simply do KVM_SET_CPUID2 to circumvent the
> > restriction.
>
> Ok, I'll drop maxphys addr check.

Now Rick added a patch to check aliased GFN. This patch and per-VM mmu_max_gfn
become unnecessarily. Now I come up with update to pre_fault to test no
memslot case.
https://lore.kernel.org/kvm/20240718211230.1492011-19-rick.p.edgecombe@xxxxxxxxx/

For non-x86 case, I'm not sure if we can expect what error.