CCing David
On Thu, Nov 13, 2025 at 11:58:42AM +0300, Daniil Tatianin wrote:
Just having a file descriptor is not enough to consider a memory region
public. If QEMU didn't map it as MAP_SHARED (in case of share=off), guest
writes to this region won't be visible to the vhost-user backend, thus
causing it to read all zeroes or garbage. Make sure we don't pass such
regions and include that to our definition of what a private region is.
Should we add a Fixes tag? Not really as bug fix, but more to make it
clear that this is a followup.
Fixes: 552b25229c ("vhost: Rework memslot filtering and fix "used_memslot"
tracking")
Signed-off-by: Daniil Tatianin <[email protected]>
---
hw/virtio/vhost.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/hw/virtio/vhost.c b/hw/virtio/vhost.c
index 266a11514a..eb098a25c5 100644
--- a/hw/virtio/vhost.c
+++ b/hw/virtio/vhost.c
@@ -591,11 +591,13 @@ static bool vhost_section(struct vhost_dev *dev,
MemoryRegionSection *section)
/*
* Some backends (like vhost-user) can only handle memory regions
* that have an fd (can be mapped into a different process). Filter
- * the ones without an fd out, if requested.
- *
- * TODO: we might have to limit to MAP_SHARED as well.
+ * the ones without an fd out, if requested. Also make sure that
+ * this region is mapped as shared so that the vhost backend can
+ * observe modifications to this region, otherwise we consider it
+ * private.
*/
- if (memory_region_get_fd(section->mr) < 0 &&
+ if ((memory_region_get_fd(section->mr) < 0 ||
+ !qemu_ram_is_shared(section->mr->ram_block)) &&
Maybe not for this patch, but should we introduce a
`memory_region_is_shared()` where to do these checks?
BTW this patch LGTM:
Acked-by: Stefano Garzarella <[email protected]>
dev->vhost_ops->vhost_backend_no_private_memslots &&
dev->vhost_ops->vhost_backend_no_private_memslots(dev)) {
trace_vhost_reject_section(mr->name, 2);
--
2.34.1
