Commit 9e27085c authored by Oliver Upton's avatar Oliver Upton
Browse files

KVM: arm64: nv: Respect stage-2 write permssion when setting stage-1 AF 



Naturally, updating the Access Flag in a stage-1 descriptor requires
write permission at stage-2, although this isn't actually enforced in
KVM's software PTW.

Generate a stage-2 permission fault if the stage-1 walk attempts to
update the descriptor and its corresponding stage-2 translation lacks
write permission.

Fixes: bff8aa21 ("KVM: arm64: Implement HW access flag management in stage-1 SW PTW")
Reviewed-by: default avatarMarc Zyngier <maz@kernel.org>
Link: https://msgid.link/20260108204230.677172-1-oupton@kernel.org


Signed-off-by: default avatarOliver Upton <oupton@kernel.org>
parent 9cb2c20f

arch/arm64/kvm/at.c

+6 −2
Original line number Diff line number Diff line
@@ -403,6 +403,7 @@ static int walk_s1(struct kvm_vcpu *vcpu, struct s1_walk_info *wi, 
		   struct s1_walk_result *wr, u64 va)

{

	u64 va_top, va_bottom, baddr, desc, new_desc, ipa;

	struct kvm_s2_trans s2_trans = {};

	int level, stride, ret;



	level = wi->sl;
@@ -420,8 +421,6 @@ static int walk_s1(struct kvm_vcpu *vcpu, struct s1_walk_info *wi, 
		ipa = baddr | index;



		if (wi->s2) {

			struct kvm_s2_trans s2_trans = {};



			ret = kvm_walk_nested_s2(vcpu, ipa, &s2_trans);

			if (ret) {

				fail_s1_walk(wr,
@@ -515,6 +514,11 @@ static int walk_s1(struct kvm_vcpu *vcpu, struct s1_walk_info *wi, 
		new_desc |= PTE_AF;



	if (new_desc != desc) {

		if (wi->s2 && !kvm_s2_trans_writable(&s2_trans)) {

			fail_s1_walk(wr, ESR_ELx_FSC_PERM_L(level), true);

			return -EPERM;

		}



		ret = kvm_swap_s1_desc(vcpu, ipa, desc, new_desc, wi);

		if (ret)

			return ret;