KVM: arm64: Prevent unsupported memslot operations on protected VMs (f0877a14) · Commits · git / linux-net

arch/arm64/kvm/mmu.c

+13 −0

Original line number	Diff line number	Diff line
		@@ -2414,6 +2414,19 @@ int kvm_arch_prepare_memory_region(struct kvm *kvm,
		hva_t hva, reg_end;
		int ret = 0;

		if (kvm_vm_is_protected(kvm)) {
		/* Cannot modify memslots once a pVM has run. */
		if (pkvm_hyp_vm_is_created(kvm) &&
		(change == KVM_MR_DELETE \|\| change == KVM_MR_MOVE)) {
		return -EPERM;
		}

		if (new &&
		new->flags & (KVM_MEM_LOG_DIRTY_PAGES \| KVM_MEM_READONLY)) {
		return -EPERM;
		}
		}

		if (change != KVM_MR_CREATE && change != KVM_MR_MOVE &&
		change != KVM_MR_FLAGS_ONLY)
		return 0;

+6 −0

Original line number	Diff line number	Diff line
		@@ -192,10 +192,16 @@ int pkvm_create_hyp_vm(struct kvm *kvm)
		{
		int ret = 0;

		/*
		* Synchronise with kvm_arch_prepare_memory_region(), as we
		* prevent memslot modifications on a pVM that has been run.
		*/
		mutex_lock(&kvm->slots_lock);
		mutex_lock(&kvm->arch.config_lock);
		if (!pkvm_hyp_vm_is_created(kvm))
		ret = __pkvm_create_hyp_vm(kvm);
		mutex_unlock(&kvm->arch.config_lock);
		mutex_unlock(&kvm->slots_lock);

		return ret;
		}