hv:bugfix in write protect page hypercall

This patch fixes potential hypervisor crash when
 calling hcall_write_protect_page() with a crafted
 GPA in 'struct wp_data' instance, e.g. an invalid
 GPA that is not in the scope of the target VM's
 EPT address space.

 To check the validity for this GPA  before updating
 the 'write protect' page.

Tracked-On: #4240
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Reviewed-by: Fei Li <fei1.li@intel.com>

hypervisor/common/hypercall.c

@@ -714,13 +714,17 @@ static int32_t write_protect_page(struct acrn_vm *vm,const struct wp_data *wp)
 	uint64_t hpa, base_paddr;
 	uint64_t prot_set;
 	uint64_t prot_clr;
-	int32_t ret;
+	int32_t ret = -EINVAL;
 
+	if ((!mem_aligned_check(wp->gpa, PAGE_SIZE)) ||
+		(!ept_is_mr_valid(vm, wp->gpa, PAGE_SIZE))) {
+		pr_err("%s,vm[%hu] gpa 0x%lx,GPA is invalid or not page size aligned.",
+			__func__, vm->vm_id, wp->gpa);
+	} else {
 		hpa = gpa2hpa(vm, wp->gpa);
 		if (hpa == INVALID_HPA) {
 			pr_err("%s,vm[%hu] gpa 0x%lx,GPA is unmapping.",
 				__func__, vm->vm_id, wp->gpa);
-		ret = -EINVAL;
 		} else {
 			dev_dbg(ACRN_DBG_HYCALL, "[vm%d] gpa=0x%x hpa=0x%x",
 				vm->vm_id, wp->gpa, hpa);
@@ -730,7 +734,6 @@ static int32_t write_protect_page(struct acrn_vm *vm,const struct wp_data *wp)
 				((hpa >= base_paddr) &&
 				(hpa < (base_paddr + CONFIG_HV_RAM_SIZE)))) {
 				pr_err("%s: overlap the HV memory region.", __func__);
-			ret = -EINVAL;
 			} else {
 				prot_set = (wp->set != 0U) ? 0UL : EPT_WR;
 				prot_clr = (wp->set != 0U) ? EPT_WR : 0UL;
@@ -740,6 +743,7 @@ static int32_t write_protect_page(struct acrn_vm *vm,const struct wp_data *wp)
 				ret = 0;
 			}
 		}
+	}
 
 	return ret;
 }