Commit b1a429fb authored by Sean Christopherson's avatar Sean Christopherson Committed by Paolo Bonzini

KVM: x86/mmu: Verify shadow walk doesn't terminate early in page faults

WARN and bail if the shadow walk for faulting in a SPTE terminates early,
i.e. doesn't reach the expected level because the walk encountered a
terminal SPTE.  The shadow walks for page faults are subtle in that they
install non-leaf SPTEs (zapping leaf SPTEs if necessary!) in the loop
body, and consume the newly created non-leaf SPTE in the loop control,
e.g. __shadow_walk_next().  In other words, the walks guarantee that the
walk will stop if and only if the target level is reached by installing
non-leaf SPTEs to guarantee the walk remains valid.

Opportunistically use fault->goal-level instead of it.level in
FNAME(fetch) to further clarify that KVM always installs the leaf SPTE at
the target level.
Reviewed-by: default avatarLai Jiangshan <jiangshanlai@gmail.com>
Signed-off-by: default avatarSean Christopherson <seanjc@google.com>
Signed-off-by: default avatarLai Jiangshan <laijs@linux.alibaba.com>
Message-Id: <20210906122547.263316-1-jiangshanlai@gmail.com>
Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
parent f0066d94
...@@ -3012,6 +3012,9 @@ static int __direct_map(struct kvm_vcpu *vcpu, struct kvm_page_fault *fault) ...@@ -3012,6 +3012,9 @@ static int __direct_map(struct kvm_vcpu *vcpu, struct kvm_page_fault *fault)
account_huge_nx_page(vcpu->kvm, sp); account_huge_nx_page(vcpu->kvm, sp);
} }
if (WARN_ON_ONCE(it.level != fault->goal_level))
return -EFAULT;
ret = mmu_set_spte(vcpu, it.sptep, ACC_ALL, ret = mmu_set_spte(vcpu, it.sptep, ACC_ALL,
fault->write, fault->goal_level, base_gfn, fault->pfn, fault->write, fault->goal_level, base_gfn, fault->pfn,
fault->prefault, fault->map_writable); fault->prefault, fault->map_writable);
......
...@@ -760,9 +760,12 @@ static int FNAME(fetch)(struct kvm_vcpu *vcpu, struct kvm_page_fault *fault, ...@@ -760,9 +760,12 @@ static int FNAME(fetch)(struct kvm_vcpu *vcpu, struct kvm_page_fault *fault,
} }
} }
if (WARN_ON_ONCE(it.level != fault->goal_level))
return -EFAULT;
ret = mmu_set_spte(vcpu, it.sptep, gw->pte_access, fault->write, ret = mmu_set_spte(vcpu, it.sptep, gw->pte_access, fault->write,
it.level, base_gfn, fault->pfn, fault->prefault, fault->goal_level, base_gfn, fault->pfn,
fault->map_writable); fault->prefault, fault->map_writable);
if (ret == RET_PF_SPURIOUS) if (ret == RET_PF_SPURIOUS)
return ret; return ret;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment