From mboxrd@z Thu Jan 1 00:00:00 1970 From: Claude Code Review Bot To: dri-devel-reviews@example.com Subject: Claude review: drm/i915/gvt: validate LRCA-derived guest context range Date: Thu, 04 Jun 2026 16:31:02 +1000 Message-ID: In-Reply-To: <20260529132430.1636603-1-n.zhandarovich@fintech.ru> References: <20260529132430.1636603-1-n.zhandarovich@fintech.ru> X-Mailer: Claude Code Patch Reviewer Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit MIME-Version: 1.0 Overall Series Review Subject: drm/i915/gvt: validate LRCA-derived guest context range Author: Nikita Zhandarovich Patches: 1 Reviewed: 2026-06-04T16:31:02.106355 --- This is a single-patch series that adds an early validation check for the LRCA (Logical Ring Context Address) field in guest-submitted execlist context descriptors within the i915 GVT (GPU virtualization) scheduler. The fix addresses a real issue: a malicious or buggy guest VM can supply an `lrca` value close to the top of the 20-bit page range (e.g., `0xFFFFE`), causing `lrca + page_index` to overflow the 32-bit GMA (Graphics Memory Address) space when shifted by `I915_GTT_PAGE_SHIFT` (12). The overflow would cause silent address truncation before the `intel_vgpu_gma_to_gpa()` translation, potentially leading to incorrect GPA lookups. The approach is sound: validate once at workload creation time, before any GPA translation is attempted, and reject invalid descriptors with `EINVAL`. The new `intel_vgpu_context_page_num()` helper also centralizes the Broadwell RCS0 workaround for the context page count, which is duplicated inline in `populate_shadow_context()` and `update_guest_context()`. **Verdict: The patch is correct and addresses a legitimate security/robustness concern. Minor suggestions below.** --- Generated by Claude Code Patch Reviewer