From: Sean Christopherson <seanjc@google.com>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: linux-kernel@vger.kernel.org, kvm@vger.kernel.org,
isaku.yamahata@intel.com, David Matlack <dmatlack@google.com>,
peterx@redhat.com
Subject: Re: [PATCH 02/16] KVM: x86: clamp host mapping level to max_level in kvm_mmu_max_mapping_level
Date: Fri, 13 Aug 2021 16:28:40 +0000 [thread overview]
Message-ID: <YRaduAFaHZ+w643k@google.com> (raw)
In-Reply-To: <20210807134936.3083984-3-pbonzini@redhat.com>
On Sat, Aug 07, 2021, Paolo Bonzini wrote:
> This patch started as a way to make kvm_mmu_hugepage_adjust a bit simpler,
> in preparation for switching it to struct kvm_page_fault, but it does
> fix a microscopic bug in zapping collapsible PTEs.
I think this also fixes a bug where userspace backs guest memory with a 1gb hugepage
but only assigns a subset of the page to the guest. 1gb pages would be disallowed
by the memslot, but not 2mb. kvm_mmu_max_mapping_level() would fall through to the
host_pfn_mapping_level() logic, see the 1gb huge, and map the whole thing into the
guest. I can't imagine any userspace would actually do something like that, but the
failure mode is serious enough that it warrants a Fixes: + Cc: stable@.
next prev parent reply other threads:[~2021-08-13 16:28 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-07 13:49 [PATCH 00/16] KVM: x86: pass arguments on the page fault path via struct kvm_page_fault Paolo Bonzini
2021-08-07 13:49 ` [PATCH 01/16] KVM: MMU: pass unadulterated gpa to direct_page_fault Paolo Bonzini
2021-09-01 22:54 ` Sean Christopherson
2021-08-07 13:49 ` [PATCH 02/16] KVM: x86: clamp host mapping level to max_level in kvm_mmu_max_mapping_level Paolo Bonzini
2021-08-13 16:28 ` Sean Christopherson [this message]
2021-08-07 13:49 ` [PATCH 03/16] KVM: MMU: Introduce struct kvm_page_fault Paolo Bonzini
2021-08-07 13:49 ` [PATCH 04/16] KVM: MMU: change mmu->page_fault() arguments to kvm_page_fault Paolo Bonzini
2021-08-07 13:49 ` [PATCH 05/16] KVM: MMU: change direct_page_fault() " Paolo Bonzini
2021-08-07 13:49 ` [PATCH 06/16] KVM: MMU: change page_fault_handle_page_track() " Paolo Bonzini
2021-09-01 23:04 ` Sean Christopherson
2021-08-07 13:49 ` [PATCH 07/16] KVM: MMU: change try_async_pf() " Paolo Bonzini
2021-09-01 23:05 ` Sean Christopherson
2021-08-07 13:49 ` [PATCH 08/16] KVM: MMU: change handle_abnormal_pfn() " Paolo Bonzini
2021-09-01 23:15 ` Sean Christopherson
2021-08-07 13:49 ` [PATCH 09/16] KVM: MMU: change __direct_map() " Paolo Bonzini
2021-08-07 13:49 ` [PATCH 10/16] KVM: MMU: change FNAME(fetch)() " Paolo Bonzini
2021-08-07 13:49 ` [PATCH 11/16] KVM: MMU: change kvm_tdp_mmu_map() " Paolo Bonzini
2021-08-07 13:49 ` [PATCH 12/16] KVM: MMU: change tdp_mmu_map_handle_target_level() " Paolo Bonzini
2021-08-07 13:49 ` [PATCH 13/16] KVM: MMU: change fast_page_fault() " Paolo Bonzini
2021-08-07 13:49 ` [PATCH 14/16] KVM: MMU: change kvm_mmu_hugepage_adjust() " Paolo Bonzini
2021-08-07 13:49 ` [PATCH 15/16] KVM: MMU: change disallowed_hugepage_adjust() " Paolo Bonzini
2021-08-07 13:49 ` [PATCH 16/16] KVM: MMU: change tracepoints " Paolo Bonzini
2021-09-01 23:28 ` Sean Christopherson
2021-08-12 17:44 ` [PATCH 00/16] KVM: x86: pass arguments on the page fault path via struct kvm_page_fault David Matlack
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YRaduAFaHZ+w643k@google.com \
--to=seanjc@google.com \
--cc=dmatlack@google.com \
--cc=isaku.yamahata@intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=peterx@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.