diff mbox series

[RFC,v4,08/39] KVM: arm64: Deny changes to locked memslots

Message ID	20210825161815.266051-9-alexandru.elisei@arm.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <SRS0=+UL9=NQ=lists.infradead.org=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@kernel.org> DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 9A628610D1 From: Alexandru Elisei <alexandru.elisei@arm.com> To: maz@kernel.org, james.morse@arm.com, suzuki.poulose@arm.com, linux-arm-kernel@lists.infradead.org, kvmarm@lists.cs.columbia.edu, will@kernel.org, linux-kernel@vger.kernel.org Subject: [RFC PATCH v4 08/39] KVM: arm64: Deny changes to locked memslots Date: Wed, 25 Aug 2021 17:17:44 +0100 Message-Id: <20210825161815.266051-9-alexandru.elisei@arm.com> In-Reply-To: <20210825161815.266051-1-alexandru.elisei@arm.com> References: <20210825161815.266051-1-alexandru.elisei@arm.com> MIME-Version: 1.0 Precedence: list Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org> Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org
Series	KVM: arm64: Add Statistical Profiling Extension (SPE) support \| expand [RFC,v4,00/39] KVM: arm64: Add Statistical Profiling Extension (SPE) support [RFC,v4,01/39] KVM: arm64: Make lock_all_vcpus() available to the rest of KVM [RFC,v4,02/39] KVM: arm64: Add lock/unlock memslot user API [RFC,v4,03/39] KVM: arm64: Implement the memslot lock/unlock functionality [RFC,v4,04/39] KVM: arm64: Defer CMOs for locked memslots until a VCPU is run [RFC,v4,05/39] KVM: arm64: Perform CMOs on locked memslots when userspace resets VCPUs [RFC,v4,06/39] KVM: arm64: Delay tag scrubbing for locked memslots until a VCPU runs [RFC,v4,07/39] KVM: arm64: Unlock memslots after stage 2 tables are freed [RFC,v4,08/39] KVM: arm64: Deny changes to locked memslots [RFC,v4,09/39] KVM: Add kvm_warn{,_ratelimited} macros [RFC,v4,10/39] KVM: arm64: Print a warning for unexpected faults on locked memslots [RFC,v4,11/39] KVM: arm64: Allow userspace to lock and unlock memslots [RFC,v4,12/39] KVM: arm64: Add the KVM_ARM_VCPU_SUPPORTED_CPUS VCPU ioctl [RFC,v4,13/39] KVM: arm64: Add CONFIG_KVM_ARM_SPE Kconfig option [RFC,v4,14/39] KVM: arm64: Add SPE capability and VCPU feature [RFC,v4,15/39] drivers/perf: Expose the cpumask of CPUs that support SPE [RFC,v4,16/39] KVM: arm64: Make SPE available when at least one CPU supports it [RFC,v4,17/39] KVM: arm64: Set the VCPU SPE feature bit when SPE is available [RFC,v4,18/39] KVM: arm64: Expose SPE version to guests [RFC,v4,19/39] KVM: arm64: Do not emulate SPE on CPUs which don't have SPE [RFC,v4,20/39] KVM: arm64: Add a new VCPU device control group for SPE [RFC,v4,21/39] KVM: arm64: Add SPE VCPU device attribute to set the interrupt number [RFC,v4,22/39] KVM: arm64: Add SPE VCPU device attribute to initialize SPE [RFC,v4,23/39] KVM: arm64: VHE: Clear MDCR_EL2.E2PB in vcpu_put() [RFC,v4,24/39] KVM: arm64: debug: Configure MDCR_EL2 when a VCPU has SPE [RFC,v4,25/39] KVM: arm64: Move the write to MDCR_EL2 out of __activate_traps_common() [RFC,v4,26/39] KVM: arm64: VHE: Change MDCR_EL2 at world switch if VCPU has SPE [RFC,v4,27/39] KVM: arm64: Add SPE system registers to VCPU context [RFC,v4,28/39] KVM: arm64: nVHE: Save PMSCR_EL1 to the host context [RFC,v4,29/39] KVM: arm64: Rename DEBUG_STATE_SAVE_SPE -> DEBUG_SAVE_SPE_BUFFER flags [RFC,v4,30/39] KVM: arm64: nVHE: Context switch SPE state if VCPU has SPE [RFC,v4,31/39] KVM: arm64: VHE: Context switch SPE state if VCPU has SPE [RFC,v4,32/39] KVM: arm64: Save/restore PMSNEVFR_EL1 on VCPU put/load [RFC,v4,33/39] KVM: arm64: Allow guest to use physical timestamps if perfmon_capable() [RFC,v4,34/39] KVM: arm64: Emulate SPE buffer management interrupt [RFC,v4,35/39] KVM: arm64: Add an userspace API to stop a VCPU profiling [RFC,v4,36/39] KVM: arm64: Implement userspace API to stop a VCPU profiling [RFC,v4,37/39] KVM: arm64: Add PMSIDR_EL1 to the SPE register context [RFC,v4,38/39] KVM: arm64: Make CONFIG_KVM_ARM_SPE depend on !CONFIG_NUMA_BALANCING [RFC,v4,39/39] KVM: arm64: Allow userspace to enable SPE for guests

Commit Message

Alexandru Elisei Aug. 25, 2021, 4:17 p.m. UTC

Forbid userspace from making changes to a locked memslot. If userspace
wants to modify a locked memslot, then they will need to unlock it.

One special case is allowed: memslots locked for read, but not for write,
can have dirty page logging turned on.

Signed-off-by: Alexandru Elisei <alexandru.elisei@arm.com>
---
 arch/arm64/kvm/mmu.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff mbox series

Patch

diff --git a/arch/arm64/kvm/mmu.c b/arch/arm64/kvm/mmu.c
index 27b7befd4fa9..3ab8eba808ae 100644
--- a/arch/arm64/kvm/mmu.c
+++ b/arch/arm64/kvm/mmu.c
@@ -1842,8 +1842,23 @@  int kvm_arch_prepare_memory_region(struct kvm *kvm,
 {
 	hva_t hva = mem->userspace_addr;
 	hva_t reg_end = hva + mem->memory_size;
+	struct kvm_memory_slot *old;
 	int ret = 0;
 
+	/*
+	 * Forbid all changes to locked memslots with the exception of turning
+	 * on dirty page logging for memslots locked only for reads.
+	 */
+	old = id_to_memslot(kvm_memslots(kvm), memslot->id);
+	if (old && memslot_is_locked(old)) {
+		if (change == KVM_MR_FLAGS_ONLY &&
+		    memslot_is_logging(memslot) &&
+		    !(old->arch.flags & KVM_MEMSLOT_LOCK_WRITE))
+			memcpy(&memslot->arch, &old->arch, sizeof(old->arch));
+		else
+			return -EBUSY;
+	}
+
 	if (change != KVM_MR_CREATE && change != KVM_MR_MOVE &&
 			change != KVM_MR_FLAGS_ONLY)
 		return 0;