Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider: - [High] Missing physical contiguity validation in large folio chunking leads to guest memory corruption and host-guest VMA inconsistencies. --
commit 8234ab081cfc742915853b13b8eaeeb12adcc021 Author: Anirudh Rayabharam (Microsoft) <[email protected]> mshv: support 1G hugepages by passing them as 2M-aligned chunks This commit modifies the mshv driver to support 1G hugepages by treating them as a sequence of 2M chunks, since the hypervisor map GPA hypercall coalesces contiguous 2M-aligned chunks. It uses a 2M stride for folios of at least PMD_ORDER. > diff --git a/drivers/hv/mshv_regions.c b/drivers/hv/mshv_regions.c > index fdffd4f002f6f..6d65e5b421529 100644 > --- a/drivers/hv/mshv_regions.c > +++ b/drivers/hv/mshv_regions.c [ ... ] > @@ -86,15 +84,14 @@ static long mshv_region_process_chunk(struct > mshv_mem_region *region, > u64 gfn = region->start_gfn + page_offset; > u64 count; > struct page *page; > - int stride, ret; > + unsigned int stride; > + int ret; > > page = region->mreg_pages[page_offset]; > if (!page) > return -EINVAL; > > stride = mshv_chunk_stride(page, gfn, page_count); > - if (stride < 0) > - return stride; > > /* Start at stride since the first stride is validated */ > for (count = stride; count < page_count; count += stride) { Does this code assume that all intermediate pages within the stride are physically contiguous simply because the first page belongs to a large folio? If a VMM constructs a fragmented VMA, for example by using MADV_DONTNEED on a shmem folio for guest memory ballooning, or MAP_FIXED to remap specific pages, get_user_pages() could populate mreg_pages with a mix of different pages. Since the loop advances by the stride without inspecting the intermediate pages between the stride boundaries, could this instruct the hypervisor to map the contiguous physical block of the large folio into the guest, ignoring the actual VMA mappings? Would this cause the guest to read and write the host large folio's tail pages instead of the VMM's intended pages? -- Sashiko AI review ยท https://sashiko.dev/#/patchset/[email protected]?part=1
