local_gpa2hpa: INVALID_GPA also means failure of address conversion

fyin1 · wenlingz · commit e8d00c2cece4 · 2020-04-28T09:23:30.000+08:00
Either INVALID_GPA or NULL returned from local_gpa2hpa means the page walk failure. But current code only take care of NULL and leave INVALID_GPA not detected. It could trigger ACRN crash in root mode when guest have a invalid gva. We add INVALID_GPA check as well. Tracked-On: #4721 Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
diff --git a/hypervisor/arch/x86/guest/guest_memory.c b/hypervisor/arch/x86/guest/guest_memory.c
@@ -443,5 +443,6 @@ int32_t copy_from_gva(struct acrn_vcpu *vcpu, void *h_ptr, uint64_t gva,
 /* gpa --> hpa -->hva */
 void *gpa2hva(struct acrn_vm *vm, uint64_t x)
 {
-	return hpa2hva(gpa2hpa(vm, x));
+	uint64_t hpa = gpa2hpa(vm, x);
+	return (hpa == INVALID_HPA) ? NULL : hpa2hva(hpa);
 }

Original file line number	Diff line number	Diff line change
`@@ -443,5 +443,6 @@ int32_t copy_from_gva(struct acrn_vcpu vcpu, void h_ptr, uint64_t gva,`
`443`	`443`	`/* gpa --> hpa -->hva */`
`444`	`444`	`void gpa2hva(struct acrn_vm vm, uint64_t x)`
`445`	`445`	`{`
`446`		`- return hpa2hva(gpa2hpa(vm, x));`
	`446`	`+ uint64_t hpa = gpa2hpa(vm, x);`
	`447`	`+ return (hpa == INVALID_HPA) ? NULL : hpa2hva(hpa);`
`447`	`448`	`}`