On 5/26/23 05:02, Kirill A. Shutemov wrote:
Touching privately mapped GPA that is not properly converted to private with MapGPA and accepted leads to unrecoverable exit to VMM.
load_unaligned_zeropad() can touch memory that is not owned by the caller, but just happened to next after the owned memory. This load_unaligned_zeropad() behaviour makes it important when kernel asks VMM to convert a GPA from shared to private or back. Kernel must never have a page mapped into direct mapping (and aliases) as private when the GPA is already converted to shared or when GPA is not yet converted to private.
guest.enc_status_change_prepare() called before adjusting direct mapping and therefore it is responsible for converting the memory to private.
guest.enc_status_change_finish() called after adjusting direct mapping and it converts the memory to shared.
It is okay to have a shared mapping of memory that is not converted properly. handle_mmio() knows how to deal with load_unaligned_zeropad() stepping on it.
Yeah, as other said, the changelog grammar here is a bit funky. Can you fix it up and resend, please?