[PATCH 36/43] KVM: arm64: gic-v5: Implement save/restore mechanisms for ISTs

[Vladimir Murzin]

Hi Sascha,

On 4/27/26 17:18, Sascha Bischoff wrote:
> +	tmp = le64_to_cpu(READ_ONCE(vmte->val[3]));
> +	host_id_bits = FIELD_GET(GICV5_VMTEL2E_IST_ID_BITS, tmp);
> +	host_istsz = FIELD_GET(GICV5_VMTEL2E_IST_ISTSZ, tmp);
> +	host_l2sz = FIELD_GET(GICV5_VMTEL2E_IST_L2SZ, tmp);
> +
> +	/* We always use a Linear SPI IST on the host */
> +	for (int i = 0; i < BIT(host_id_bits); ++i) {

IIUC here we iterate over host's SPIs and save them into buffer provided
by the user. One thing I noticed is that if user set number of SPIs via
KVM_DEV_ARM_VGIC_GRP_NR_IRQS bellow 16, say 1 (btw, it seems there is no
way to set SPIs to 0...), it would be rounded up to 16 in 
kvm_vgic_v5_irs_init(). So from user perspective it needs to save just
single SPI, thus it could provide buffer just for that single entry. With such
setup we can end up corrupting user's memory. We can argue that it is user's
problem... perhaps we need to spell explicitly requirements for the buffer or
provide interface to the user to query required size or respect nr_spis set
by user or some combinations of all :)

Cheers
Vladimir