On Wed, Apr 22, 2026 at 08:19:45PM +0000, Yosry Ahmed wrote: > > > > Anyways, back to the hardening. We can do it with minimal additional > > churn. After > > patch 3 (passing a @gpa to __kvm_vcpu_map(), not a @gfn), do the below over > > a few > > patches (completely untested). This way the common case of mapping and > > accessing > > an entire page Just Works, and flows like the PI descriptor handling don't > > have to > > many provide the length (which also can be error prone). > > Yeah probably this (maybe not in the same order): > - Convert map->pfn to map->hpa. > - Pass size to __kvm_vcpu_map() and do bounds checking. > - Rename kvm_vcpu_map() and __kvm_vpcu_map() to kvm_vcpu_map_page() and > __kvm_vcpu_map_page(). > - Introduce kvm_vcpu_map_ptr() wrapper and simplify the nested PID call > site. > > Generally looks good with a small nit/question below. Peter, would you > be interested in extending the series to do this? If not, I can send a > follow up on top of your series when it's hashed out.
Yep, I can extend the series into v3. Adding kvm_vcpu_map_ptr() and renaming the original APIs make sense to me, and I want to check all the call sites again to see if anything else can be improved. Thanks for the discussion. The out-of-bounds issue was not something I had considered. > > [..]
