KVM: PPC: Book3S HV: Fix kvm_unmap_gfn_range_hv() for Hash MMU

mpe · mpe · commit da3bb206c9ce · 2021-05-12T11:07:39.000+10:00
Commit 32b48bf ("KVM: PPC: Book3S HV: Fix conversion to gfn-based MMU notifier callbacks") fixed kvm_unmap_gfn_range_hv() by adding a for loop over each gfn in the range. But for the Hash MMU it repeatedly calls kvm_unmap_rmapp() with the first gfn of the range, rather than iterating through the range. This exhibits as strange guest behaviour, sometimes crashing in firmare, or booting and then guest userspace crashing unexpectedly. Fix it by passing the iterator, gfn, to kvm_unmap_rmapp(). Fixes: 32b48bf ("KVM: PPC: Book3S HV: Fix conversion to gfn-based MMU notifier callbacks") Reviewed-by: Sean Christopherson <seanjc@google.com> Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> Link: https://lore.kernel.org/r/20210511105459.800788-1-mpe@ellerman.id.au
diff --git a/arch/powerpc/kvm/book3s_64_mmu_hv.c b/arch/powerpc/kvm/book3s_64_mmu_hv.c
@@ -840,7 +840,7 @@ bool kvm_unmap_gfn_range_hv(struct kvm *kvm, struct kvm_gfn_range *range)
 			kvm_unmap_radix(kvm, range->slot, gfn);
 	} else {
 		for (gfn = range->start; gfn < range->end; gfn++)
-			kvm_unmap_rmapp(kvm, range->slot, range->start);
+			kvm_unmap_rmapp(kvm, range->slot, gfn);
 	}
 
 	return false;

Original file line number	Diff line number	Diff line change
`@@ -840,7 +840,7 @@ bool kvm_unmap_gfn_range_hv(struct kvm kvm, struct kvm_gfn_range range)`
`840`	`840`	`kvm_unmap_radix(kvm, range->slot, gfn);`
`841`	`841`	`} else {`
`842`	`842`	`for (gfn = range->start; gfn < range->end; gfn++)`
`843`		`- kvm_unmap_rmapp(kvm, range->slot, range->start);`
	`843`	`+ kvm_unmap_rmapp(kvm, range->slot, gfn);`
`844`	`844`	`}`
`845`	`845`
`846`	`846`	`return false;`