KVM: guest_mem: Prevent overflows in kvm_gmem_invalidate_begin()

Remove WARN_ON_ONCE in kvm_gmem_invalidate_begin(), because when cleaning up a file, kvm_gmem_invalidate_begin() will be called with 0 and -1ul, and will cause a warning as long as the memslot doesn't begin at index 0. Taking max(gmem.index, start) ensures that 0 <= index_start - gmem.index There will be no overflow when adding that difference to base_gfn because xa_for_each_range() will only iterate ranges where gmem.index <= start < gmem.index + slot->npages Hence, 0 <= index_start - gmem.index < gmem.index + slot->npages Since (slot->base_gfn + slot->npages) and (gmem.index + slot->npages) never overflow (checked at memslot creation time), then the calculation of gfn_range.start will not overflow. Similar reasoning for gfn_range.end applies. Signed-off-by: Ackerley Tng <ackerleytng@google.com>
googleprodkernel · Jun 6, 2023 · bcc304e · bcc304e
1 parent cfae00d
commit bcc304e
Showing 1 changed file with 4 additions and 6 deletions.
diff --git a/virt/kvm/guest_mem.c b/virt/kvm/guest_mem.c
@@ -120,18 +120,16 @@ static void kvm_gmem_invalidate_begin(struct kvm *kvm, struct kvm_gmem *gmem,
 	kvm_mmu_invalidate_begin(kvm);
 
 	xa_for_each_range(&gmem->bindings, index, slot, start, end - 1) {
+		pgoff_t index_start = max(slot->gmem.index, start);
+		pgoff_t index_end = min(slot->gmem.index + slot->npages, end);
 		struct kvm_gfn_range gfn_range = {
-			.start = slot->base_gfn + start - slot->gmem.index,
-			.end = slot->base_gfn + min(end - slot->gmem.index, slot->npages),
+			.start = slot->base_gfn + index_start - slot->gmem.index,
+			.end = slot->base_gfn + index_end - slot->gmem.index,
 			.slot = slot,
 			.pte = __pte(0),
 			.may_block = true,
 		};
 
-		if (WARN_ON_ONCE(start < slot->gmem.index ||
-				 end > slot->gmem.index + slot->npages))
-			continue;
-
 		kvm_mmu_invalidate_range_add(kvm, gfn_range.start, gfn_range.end);
 
 		flush |= kvm_unmap_gfn_range(kvm, &gfn_range);