[RFC,14/45] KVM: arm64: pkvm: Prevent host donation of device memory

Commit Message

Jean-Philippe Brucker Feb. 1, 2023, 12:52 p.m. UTC

For the moment donating device memory cannot be supported. IOMMU support
requires tracking host-owned pages that are mapped in the IOMMU, but the
vmemmap portion of MMIO is not backed by physical pages, and ownership
information in the host stage-2 page tables is not kept by
host_stage2_try().

__check_page_state_visitor() already ensures that MMIO pages present in
the host stage-2 are not donated, so we're just extending that check to
pages that haven't been accessed by the host yet (typical of an MSI
doorbell), or that have been recycled by host_stage2_try().

Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
---
 arch/arm64/kvm/hyp/nvhe/mem_protect.c | 4 ++++
 1 file changed, 4 insertions(+)

Patch

diff --git a/arch/arm64/kvm/hyp/nvhe/mem_protect.c b/arch/arm64/kvm/hyp/nvhe/mem_protect.c
index cad5736026d5..856673291d70 100644
--- a/arch/arm64/kvm/hyp/nvhe/mem_protect.c
+++ b/arch/arm64/kvm/hyp/nvhe/mem_protect.c
@@ -719,6 +719,10 @@  static int host_request_owned_transition(u64 *completer_addr,
 	u64 size = tx->nr_pages * PAGE_SIZE;
 	u64 addr = tx->initiator.addr;
 
+	/* We don't support donating device memory at the moment */
+	if (!range_is_memory(addr, addr + size))
+		return -EINVAL;
+
 	*completer_addr = tx->initiator.host.completer_addr;
 	return __host_check_page_state_range(addr, size, PKVM_PAGE_OWNED);
 }