Skip to content

Commit 92c5896

Browse files
dwmw2bonzini
dwmw2
authored and
bonzini
committed
KVM: x86/xen: Use kvm_read_guest_virt() instead of open-coding it badly
In particular, we shouldn't assume that being contiguous in guest virtual address space means being contiguous in guest *physical* address space. In dropping the manual calls to kvm_mmu_gva_to_gpa_system(), also drop the srcu_read_lock() that was around them. All call sites are reached from kvm_xen_hypercall() which is called from the handle_exit function with the read lock already held. 5363952 ("KVM: x86/xen: handle PV timers oneshot mode") 1a65105 ("KVM: x86/xen: handle PV spinlocks slowpath") Fixes: 2fd6df2 ("KVM: x86/xen: intercept EVTCHNOP_send from guests") Signed-off-by: David Woodhouse <[email protected]> Message-Id: <[email protected]> Signed-off-by: Paolo Bonzini <[email protected]>
1 parent 385407a commit 92c5896

File tree

1 file changed

+18
-38
lines changed

1 file changed

+18
-38
lines changed

arch/x86/kvm/xen.c

Lines changed: 18 additions & 38 deletions
Original file line numberDiff line numberDiff line change
@@ -1184,30 +1184,22 @@ static bool wait_pending_event(struct kvm_vcpu *vcpu, int nr_ports,
11841184
static bool kvm_xen_schedop_poll(struct kvm_vcpu *vcpu, bool longmode,
11851185
u64 param, u64 *r)
11861186
{
1187-
int idx, i;
11881187
struct sched_poll sched_poll;
11891188
evtchn_port_t port, *ports;
1190-
gpa_t gpa;
1189+
struct x86_exception e;
1190+
int i;
11911191

11921192
if (!lapic_in_kernel(vcpu) ||
11931193
!(vcpu->kvm->arch.xen_hvm_config.flags & KVM_XEN_HVM_CONFIG_EVTCHN_SEND))
11941194
return false;
11951195

1196-
idx = srcu_read_lock(&vcpu->kvm->srcu);
1197-
gpa = kvm_mmu_gva_to_gpa_system(vcpu, param, NULL);
1198-
srcu_read_unlock(&vcpu->kvm->srcu, idx);
1199-
if (!gpa) {
1200-
*r = -EFAULT;
1201-
return true;
1202-
}
1203-
12041196
if (IS_ENABLED(CONFIG_64BIT) && !longmode) {
12051197
struct compat_sched_poll sp32;
12061198

12071199
/* Sanity check that the compat struct definition is correct */
12081200
BUILD_BUG_ON(sizeof(sp32) != 16);
12091201

1210-
if (kvm_vcpu_read_guest(vcpu, gpa, &sp32, sizeof(sp32))) {
1202+
if (kvm_read_guest_virt(vcpu, param, &sp32, sizeof(sp32), &e)) {
12111203
*r = -EFAULT;
12121204
return true;
12131205
}
@@ -1221,8 +1213,8 @@ static bool kvm_xen_schedop_poll(struct kvm_vcpu *vcpu, bool longmode,
12211213
sched_poll.nr_ports = sp32.nr_ports;
12221214
sched_poll.timeout = sp32.timeout;
12231215
} else {
1224-
if (kvm_vcpu_read_guest(vcpu, gpa, &sched_poll,
1225-
sizeof(sched_poll))) {
1216+
if (kvm_read_guest_virt(vcpu, param, &sched_poll,
1217+
sizeof(sched_poll), &e)) {
12261218
*r = -EFAULT;
12271219
return true;
12281220
}
@@ -1244,18 +1236,13 @@ static bool kvm_xen_schedop_poll(struct kvm_vcpu *vcpu, bool longmode,
12441236
} else
12451237
ports = &port;
12461238

1239+
if (kvm_read_guest_virt(vcpu, (gva_t)sched_poll.ports, ports,
1240+
sched_poll.nr_ports * sizeof(*ports), &e)) {
1241+
*r = -EFAULT;
1242+
return true;
1243+
}
1244+
12471245
for (i = 0; i < sched_poll.nr_ports; i++) {
1248-
idx = srcu_read_lock(&vcpu->kvm->srcu);
1249-
gpa = kvm_mmu_gva_to_gpa_system(vcpu,
1250-
(gva_t)(sched_poll.ports + i),
1251-
NULL);
1252-
srcu_read_unlock(&vcpu->kvm->srcu, idx);
1253-
1254-
if (!gpa || kvm_vcpu_read_guest(vcpu, gpa,
1255-
&ports[i], sizeof(port))) {
1256-
*r = -EFAULT;
1257-
goto out;
1258-
}
12591246
if (ports[i] >= max_evtchn_port(vcpu->kvm)) {
12601247
*r = -EINVAL;
12611248
goto out;
@@ -1331,9 +1318,8 @@ static bool kvm_xen_hcall_vcpu_op(struct kvm_vcpu *vcpu, bool longmode, int cmd,
13311318
int vcpu_id, u64 param, u64 *r)
13321319
{
13331320
struct vcpu_set_singleshot_timer oneshot;
1321+
struct x86_exception e;
13341322
s64 delta;
1335-
gpa_t gpa;
1336-
int idx;
13371323

13381324
if (!kvm_xen_timer_enabled(vcpu))
13391325
return false;
@@ -1344,9 +1330,6 @@ static bool kvm_xen_hcall_vcpu_op(struct kvm_vcpu *vcpu, bool longmode, int cmd,
13441330
*r = -EINVAL;
13451331
return true;
13461332
}
1347-
idx = srcu_read_lock(&vcpu->kvm->srcu);
1348-
gpa = kvm_mmu_gva_to_gpa_system(vcpu, param, NULL);
1349-
srcu_read_unlock(&vcpu->kvm->srcu, idx);
13501333

13511334
/*
13521335
* The only difference for 32-bit compat is the 4 bytes of
@@ -1364,9 +1347,8 @@ static bool kvm_xen_hcall_vcpu_op(struct kvm_vcpu *vcpu, bool longmode, int cmd,
13641347
BUILD_BUG_ON(sizeof_field(struct compat_vcpu_set_singleshot_timer, flags) !=
13651348
sizeof_field(struct vcpu_set_singleshot_timer, flags));
13661349

1367-
if (!gpa ||
1368-
kvm_vcpu_read_guest(vcpu, gpa, &oneshot, longmode ? sizeof(oneshot) :
1369-
sizeof(struct compat_vcpu_set_singleshot_timer))) {
1350+
if (kvm_read_guest_virt(vcpu, param, &oneshot, longmode ? sizeof(oneshot) :
1351+
sizeof(struct compat_vcpu_set_singleshot_timer), &e)) {
13701352
*r = -EFAULT;
13711353
return true;
13721354
}
@@ -2003,14 +1985,12 @@ static bool kvm_xen_hcall_evtchn_send(struct kvm_vcpu *vcpu, u64 param, u64 *r)
20031985
{
20041986
struct evtchnfd *evtchnfd;
20051987
struct evtchn_send send;
2006-
gpa_t gpa;
2007-
int idx;
1988+
struct x86_exception e;
20081989

2009-
idx = srcu_read_lock(&vcpu->kvm->srcu);
2010-
gpa = kvm_mmu_gva_to_gpa_system(vcpu, param, NULL);
2011-
srcu_read_unlock(&vcpu->kvm->srcu, idx);
1990+
/* Sanity check: this structure is the same for 32-bit and 64-bit */
1991+
BUILD_BUG_ON(sizeof(send) != 4);
20121992

2013-
if (!gpa || kvm_vcpu_read_guest(vcpu, gpa, &send, sizeof(send))) {
1993+
if (kvm_read_guest_virt(vcpu, param, &send, sizeof(send), &e)) {
20141994
*r = -EFAULT;
20151995
return true;
20161996
}

0 commit comments

Comments
 (0)