From patchwork Wed Feb  1 12:52:58 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jean-Philippe Brucker <jean-philippe@linaro.org>
X-Patchwork-Id: 13124390
Return-Path: 
 <linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from bombadil.infradead.org (bombadil.infradead.org
 [198.137.202.133])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.lore.kernel.org (Postfix) with ESMTPS id DE495C636CD
	for <linux-arm-kernel@archiver.kernel.org>;
 Wed,  1 Feb 2023 14:08:18 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20210309; h=Sender:
	Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:
	List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:
	Message-Id:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description:
	Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
	List-Owner; bh=BYu1qFUEHjwIBuqIV847rl0L6WtNm+qjXPITvdWgwNg=; b=WGs0VsPPPCuBvx
	OpfVVsn6yhan2FyXCgL5XqjMDpzY0YBb5/2HsEwy9OuftOru2IOAWq1wjkGJQiy+q751CjAldOFlg
	IFzc0lCquJQqSY81HDBQaThK0Pt4ICLS5qNFIFNHygYHHgNpGCxL5fk60F1SASx1Dj+cHsulYEbd6
	RyGeVd/OL8aKZVLIK2FQZ+CzaY8z8HXTnQxxl2vXw8GqTvYljhx7x1XJZTut1t+hOFV36IyVDC6V6
	IrRZTHh5UNru33aqM+D2nEwyErEOQi20ekLJDR28NyYx7CWYLckE+/3P7b7twxaEaBGx2XGPaGE0a
	00ZB9XXXDdI/vyXnrPyw==;
Received: from localhost ([::1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux))
	id 1pNDlq-00CDpG-6Y; Wed, 01 Feb 2023 14:07:31 +0000
Received: from desiato.infradead.org ([90.155.92.199])
	by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux))
	id 1pNCiC-00BnP4-Ge
	for linux-arm-kernel@bombadil.infradead.org; Wed, 01 Feb 2023 12:59:40 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=infradead.org; s=desiato.20200630; h=Content-Transfer-Encoding:MIME-Version
	:References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:
	Content-Type:Content-ID:Content-Description;
	bh=qy+b5xpgUFjRrLFCzYf6p/yqNIUOSZiLBkXfaz/rSx4=; b=UHzGNBAHJmYvz6llM7zjHE3iKK
	efKUClJMtU83EFgWCoru1Rqb2tWjWdcgqkedBj2f5D+Cew8fi8d0BAFRUi8yaEfVXPa/fOiaDLpvi
	oMBA+LxnoV7UZIiMgawAfkD118R9BSfgs2PC6KZ98Fv8Hrq2brXkFlJW3AqXCg5G0W6Ja401y7Vsj
	WGhj2WKAiAh4vczV7Rx7UXSEJps2d22iYOQIcWYrXgC/mltQgSgvI8qenQgtBeVR00C/V6iqGk9BT
	eP/5vg9kTF9jeUB5HyP8xgqjpwdfe3wZjIbHBLyx2O5/qh4h8xmNp19P+6HisUtW43N6N0kwqtZx1
	o5IVK7/A==;
Received: from mail-wr1-x433.google.com ([2a00:1450:4864:20::433])
	by desiato.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux))
	id 1pNChY-004m0t-2d
	for linux-arm-kernel@lists.infradead.org;
	Wed, 01 Feb 2023 12:59:03 +0000
Received: by mail-wr1-x433.google.com with SMTP id h16so17196715wrz.12
        for <linux-arm-kernel@lists.infradead.org>;
 Wed, 01 Feb 2023 04:59:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=linaro.org; s=google;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=qy+b5xpgUFjRrLFCzYf6p/yqNIUOSZiLBkXfaz/rSx4=;
        b=YJ7fGLhkbBxulYluP+1fv39JA5l0528cZV53/Txw5z0tGfVSkCZtFGijGYa2TEcL6r
         baAPyHxvwBdaKiFrHgLIhJpA+imisi8kE9BZPKdlVscUiCeuRTiCj/vAc9EUOX3wAc6m
         8cSJ++clWuf1NXz5qyFRpqahy3xbF7yVuR78qz/gnZYM6KkJLz1FuwqVll9FWiZzOhuU
         hBp4fFODpwyDfZ3l3CmLBBQjf5DsSrtp0tGs+m8kwqYgrkrwXOfWl2XS0JUKIRGnvPR8
         S5rnd8Yx4IyVQB6RW2EMrNVxuAywHqx/6EqE0YseVmErLkBpyKNEc/AOzqpJZvgr2lAM
         3r6g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=qy+b5xpgUFjRrLFCzYf6p/yqNIUOSZiLBkXfaz/rSx4=;
        b=LXCo9kzGHnMD+vAAvFL9RVgv/cfPEyymTigYhnE5WuhwrpHj20+6t1NWyvyOASHdoG
         jvexQwntmqxpdgeN1BEmFMgWwvD6+EpWNV5OEOfQZORuEDqiKbMw8d2nCFpPMbk7mCHN
         RvkFP5q6mGvCE+52PSwcV/V1wtZhfub3ZEqNY3wrq0U8x4JvdvmvM0btYd9N/LPLpbDp
         FxLXT/uIFtaR+wWfbz67Bik38waZ5iuVmTepcw1Ot+EN3MGvyg3bEbVkzW786kW2ArLM
         91al/lV5Htj6fPoP1WqX1WW2/YQgxu4FrdGt5LuPq4cYTnA1AUZTm/03JjE9aJftDnPq
         jBRg==
X-Gm-Message-State: AO0yUKXx0ohI+jF2IWOo3/m2icNpiTF0tvGIUhic0fd1F28rIFkSOIT9
	JaZeMUtFBT41OMmTPfkat9dNGQ==
X-Google-Smtp-Source: 
 AK7set9FM4aaT3DiyolDQn9oGyxggfW62I5aRvlYUGsF2z4FeLPxOTWcxwy/9PLJAOejzAnBnuWMGg==
X-Received: by 2002:a5d:4810:0:b0:2bf:c09a:c60e with SMTP id
 l16-20020a5d4810000000b002bfc09ac60emr2385342wrq.2.1675256370318;
        Wed, 01 Feb 2023 04:59:30 -0800 (PST)
Received: from localhost.localdomain (054592b0.skybroadband.com.
 [5.69.146.176])
        by smtp.gmail.com with ESMTPSA id
 m15-20020a056000024f00b002bfae16ee2fsm17972811wrz.111.2023.02.01.04.59.29
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 01 Feb 2023 04:59:29 -0800 (PST)
From: Jean-Philippe Brucker <jean-philippe@linaro.org>
To: maz@kernel.org,
	catalin.marinas@arm.com,
	will@kernel.org,
	joro@8bytes.org
Cc: robin.murphy@arm.com,
	james.morse@arm.com,
	suzuki.poulose@arm.com,
	oliver.upton@linux.dev,
	yuzenghui@huawei.com,
	smostafa@google.com,
	dbrazdil@google.com,
	ryan.roberts@arm.com,
	linux-arm-kernel@lists.infradead.org,
	kvmarm@lists.linux.dev,
	iommu@lists.linux.dev,
	Jean-Philippe Brucker <jean-philippe@linaro.org>
Subject: [RFC PATCH 14/45] KVM: arm64: pkvm: Prevent host donation of device
 memory
Date: Wed,  1 Feb 2023 12:52:58 +0000
Message-Id: <20230201125328.2186498-15-jean-philippe@linaro.org>
X-Mailer: git-send-email 2.39.0
In-Reply-To: <20230201125328.2186498-1-jean-philippe@linaro.org>
References: <20230201125328.2186498-1-jean-philippe@linaro.org>
MIME-Version: 1.0
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20230201_125901_420582_969533D2 
X-CRM114-Status: GOOD (  12.68  )
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: <linux-arm-kernel.lists.infradead.org>
List-Unsubscribe: 
 <http://lists.infradead.org/mailman/options/linux-arm-kernel>,
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/>
List-Post: <mailto:linux-arm-kernel@lists.infradead.org>
List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>
List-Subscribe: 
 <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>,
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: 
 linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org

For the moment donating device memory cannot be supported. IOMMU support
requires tracking host-owned pages that are mapped in the IOMMU, but the
vmemmap portion of MMIO is not backed by physical pages, and ownership
information in the host stage-2 page tables is not kept by
host_stage2_try().

__check_page_state_visitor() already ensures that MMIO pages present in
the host stage-2 are not donated, so we're just extending that check to
pages that haven't been accessed by the host yet (typical of an MSI
doorbell), or that have been recycled by host_stage2_try().

Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
---
 arch/arm64/kvm/hyp/nvhe/mem_protect.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/arch/arm64/kvm/hyp/nvhe/mem_protect.c b/arch/arm64/kvm/hyp/nvhe/mem_protect.c
index cad5736026d5..856673291d70 100644
--- a/arch/arm64/kvm/hyp/nvhe/mem_protect.c
+++ b/arch/arm64/kvm/hyp/nvhe/mem_protect.c
@@ -719,6 +719,10 @@ static int host_request_owned_transition(u64 *completer_addr,
 	u64 size = tx->nr_pages * PAGE_SIZE;
 	u64 addr = tx->initiator.addr;
 
+	/* We don't support donating device memory at the moment */
+	if (!range_is_memory(addr, addr + size))
+		return -EINVAL;
+
 	*completer_addr = tx->initiator.host.completer_addr;
 	return __host_check_page_state_range(addr, size, PKVM_PAGE_OWNED);
 }