On 13.05.25 18:34, Fuad Tabba wrote:
From: Ackerley Tng <ackerleytng@xxxxxxxxxx>
On binding of a guest_memfd with a memslot, check that the slot's
userspace_addr and the requested fd and offset refer to the same memory
range.
This check is best-effort: nothing prevents userspace from later mapping
other memory to the same provided in slot->userspace_addr and breaking
guest operation.
Suggested-by: David Hildenbrand <david@xxxxxxxxxx>
Suggested-by: Sean Christopherson <seanjc@xxxxxxxxxx>
Suggested-by: Yan Zhao <yan.y.zhao@xxxxxxxxx>
Signed-off-by: Ackerley Tng <ackerleytng@xxxxxxxxxx>
Signed-off-by: Fuad Tabba <tabba@xxxxxxxxxx>
---
virt/kvm/guest_memfd.c | 37 ++++++++++++++++++++++++++++++++++---
1 file changed, 34 insertions(+), 3 deletions(-)
diff --git a/virt/kvm/guest_memfd.c b/virt/kvm/guest_memfd.c
index 8e6d1866b55e..2f499021df66 100644
--- a/virt/kvm/guest_memfd.c
+++ b/virt/kvm/guest_memfd.c
@@ -556,6 +556,32 @@ int kvm_gmem_create(struct kvm *kvm, struct kvm_create_guest_memfd *args)
return __kvm_gmem_create(kvm, size, flags);
}
+static bool kvm_gmem_is_same_range(struct kvm *kvm,
+ struct kvm_memory_slot *slot,
+ struct file *file, loff_t offset)
+{
+ struct mm_struct *mm = kvm->mm;
+ loff_t userspace_addr_offset;
+ struct vm_area_struct *vma;
+ bool ret = false;
+
+ mmap_read_lock(mm);
+
+ vma = vma_lookup(mm, slot->userspace_addr);
+ if (!vma)
+ goto out;
+
+ if (vma->vm_file != file)
+ goto out;
+
+ userspace_addr_offset = slot->userspace_addr - vma->vm_start;
+ ret = userspace_addr_offset + (vma->vm_pgoff << PAGE_SHIFT) == offset;
You'd probably have to iterate over the whole range (which might span
multiple VMAs), but reading the discussion, I'm fine with dropping this
patch for now.
I think it's more important to document that thoroughly: what does it
mean when we use GUEST_MEMFD_FLAG_SUPPORT_SHARED and then pass that fd
in a memslot.
Skimming over patch #15, I assume this is properly documented in there.
--
Cheers,
David / dhildenb
