From patchwork Wed Oct 13 15:58:28 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Quentin Perret X-Patchwork-Id: 12556273 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D4B86C433F5 for ; Wed, 13 Oct 2021 16:07:15 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 9914C60EE9 for ; Wed, 13 Oct 2021 16:07:15 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 9914C60EE9 Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:References: Mime-Version:Message-Id:In-Reply-To:Date:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=Qnh4E+w3yKv3IOQl45tjRgfatUCAJ83vEtu11AdDkv4=; b=pfr+thzER342twTcX7EoO/giHS CmcuKqZPtMktDqD40FRKzg6zstXtaqjXN/fxaM1kabCs3D7FhOaCPWI5rnfuReeVozEvV5ECR3cQl tHaRuNerl1qT2dF4GhYK5ntSYS4JSupGot+jR6hcOvknwR4tgDVXGrtfQy3aadt4zQY3bnWCA+il4 5P/+HsNUXK0YcjRqyCTMPVO0zVj/ukZmL2BEGspMPg0cBZASii74NOP9X6Vt03MBSfif1+qK9TAwY EfLhpTtOY4DqjbwPT27hggPbFA2ZlWSPl/x3FOjqKsrri9ZJu2JyB7Kcun4Y+3AzAnC2AHsZ1rZrx TCPSx7YQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1magl8-00HWFj-My; Wed, 13 Oct 2021 16:05:39 +0000 Received: from mail-qv1-xf49.google.com ([2607:f8b0:4864:20::f49]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1mageo-00HTRR-EI for linux-arm-kernel@lists.infradead.org; Wed, 13 Oct 2021 15:59:08 +0000 Received: by mail-qv1-xf49.google.com with SMTP id q17-20020ad45491000000b003832299965bso2941997qvy.18 for ; Wed, 13 Oct 2021 08:59:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=DEoxdh+qQqNfn4kriXOPtuGm5/KezrtRJAuAEOvIIEc=; b=TpLWDDRB66gNFtTO9H4DRYs+65J/g5K+vn3S4IswImh0cKDwKxr4tBSjZcRccVl/Gl PA7nAXYwmNvaJhrKw46Ts3VNmjOrJZAny7BGVWCNErEuHLrCRinaJt33ySp3tdu1rhlU ObF8iMNmln/oDydOezVDr5M8tvVtysJpT8v+dFboU9XBwY12v9a9YJdoISKQDzlPyc89 gwxqYq45K+oRmNXwFvSb/RgfedaC9VADqHJA3tsa8lwe9+sahvN4PIU9zbtzmjuqi1TS TY2B5+x2nY3sIMBjjwqLbn3F5AEhqAsehabz6sua9uKu7eipWBEh68yQaYKn6biu+OzM jw3Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=DEoxdh+qQqNfn4kriXOPtuGm5/KezrtRJAuAEOvIIEc=; b=flhzgGw617RO1qIwGnVCpAhipORR4U2dVu/KdXEOWXGdf8BBTbXkyvxQ2q0y53pDNQ qXX4ICQ8V2wW8B8/yUz8o1nfSGhhPtBRzhNaA6yYx0LWb0ytXjMwt4wFTk0BbADKvVqt GcAvgWKKIEPd/nbttYD0yNzKx9vzKRZH6+Aaenrxu8Pg7NxVzodEcRGUZY2gRX+EcN+K pdxYYc7eq2S4XrhywTo/adILAyeN6RLfT33QaX9nrqr8e04tC5MJRbuL+7aigJbvvbvR aJ9z+3e02A7znUTie12wP159samll67uSD65xF+JumzQwgrAJEdew9NMXie/V/GzaC2q jHWA== X-Gm-Message-State: AOAM531wJe51nWcRpOxYolea27f/CFrAl2nkal9vQ+ryNzds2Ia24Ede vf/WdK1Y1T4Z8zGOU121RbgcrsirUCyY X-Google-Smtp-Source: ABdhPJxxY5hYqLzNoNmIsVUGeAsrdYoGroAg6GyRP+fKCKJAdv6jBH4kuWvly/Nv7EL03M4qWkxiLE/AW3NG X-Received: from luke.lon.corp.google.com ([2a00:79e0:d:210:65b5:73d3:1558:b9ae]) (user=qperret job=sendgmr) by 2002:ac8:5385:: with SMTP id x5mr73629qtp.105.1634140744121; Wed, 13 Oct 2021 08:59:04 -0700 (PDT) Date: Wed, 13 Oct 2021 16:58:28 +0100 In-Reply-To: <20211013155831.943476-1-qperret@google.com> Message-Id: <20211013155831.943476-14-qperret@google.com> Mime-Version: 1.0 References: <20211013155831.943476-1-qperret@google.com> X-Mailer: git-send-email 2.33.0.882.g93a45727a2-goog Subject: [PATCH 13/16] KVM: arm64: Move double-sharing logic into hyp-specific function From: Quentin Perret To: Marc Zyngier , James Morse , Alexandru Elisei , Suzuki K Poulose , Catalin Marinas , Will Deacon , Fuad Tabba , David Brazdil Cc: linux-arm-kernel@lists.infradead.org, kvmarm@lists.cs.columbia.edu, linux-kernel@vger.kernel.org, kernel-team@android.com X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20211013_085906_555878_94F360F5 X-CRM114-Status: GOOD ( 17.11 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org From: Will Deacon Strictly speaking, double-sharing a page is an invalid transition and should be rejected, however we allow this in order to simplify the book-keeping when KVM metadata (such as vcpu structures) co-exists in the same page. Given that double-sharing is only required for pages shared with the hypervisor by the host, move the handling into a hyp-specific function to check incoming shares, therefore preventing double-sharing outside of this particular transition. Signed-off-by: Will Deacon Signed-off-by: Quentin Perret --- arch/arm64/kvm/hyp/nvhe/mem_protect.c | 57 +++++++++++++++++++-------- 1 file changed, 41 insertions(+), 16 deletions(-) diff --git a/arch/arm64/kvm/hyp/nvhe/mem_protect.c b/arch/arm64/kvm/hyp/nvhe/mem_protect.c index 909e60f71b06..3378117d010c 100644 --- a/arch/arm64/kvm/hyp/nvhe/mem_protect.c +++ b/arch/arm64/kvm/hyp/nvhe/mem_protect.c @@ -536,6 +536,33 @@ static int ack_share(struct pkvm_page_share_ack *ack, } } +static int hyp_check_incoming_share(struct pkvm_page_req *req, + struct pkvm_page_share_ack *ack, + enum pkvm_component_id initiator, + enum kvm_pgtable_prot prot) +{ + /* + * We allow the host to share the same page twice, but that means we + * have to check that the states really do match exactly. + */ + if (initiator != PKVM_ID_HOST) + return -EPERM; + + if (req->initiator.state != PKVM_PAGE_SHARED_OWNED) + return -EPERM; + + if (ack->completer.state != PKVM_PAGE_SHARED_BORROWED) + return -EPERM; + + if (ack->completer.phys != req->phys) + return -EPERM; + + if (ack->completer.prot != prot) + return -EPERM; + + return 0; +} + /* * Check that the page states in the initiator and the completer are compatible * for the requested page-sharing operation to go ahead. @@ -544,6 +571,8 @@ static int check_share(struct pkvm_page_req *req, struct pkvm_page_share_ack *ack, struct pkvm_mem_share *share) { + struct pkvm_mem_transition *tx = &share->tx; + if (!addr_is_memory(req->phys)) return -EINVAL; @@ -552,25 +581,22 @@ static int check_share(struct pkvm_page_req *req, return 0; } - if (req->initiator.state != PKVM_PAGE_SHARED_OWNED) - return -EPERM; - - if (ack->completer.state != PKVM_PAGE_SHARED_BORROWED) - return -EPERM; - - if (ack->completer.phys != req->phys) - return -EPERM; - - if (ack->completer.prot != share->prot) + switch (tx->completer.id) { + case PKVM_ID_HYP: + return hyp_check_incoming_share(req, ack, tx->initiator.id, + share->prot); + default: return -EPERM; - - return 0; + } } static int host_initiate_share(struct pkvm_page_req *req) { enum kvm_pgtable_prot prot; + if (req->initiator.state == PKVM_PAGE_SHARED_OWNED) + return 0; + prot = pkvm_mkstate(PKVM_HOST_MEM_PROT, PKVM_PAGE_SHARED_OWNED); return host_stage2_idmap_locked(req->initiator.addr, PAGE_SIZE, prot); } @@ -595,6 +621,9 @@ static int hyp_complete_share(struct pkvm_page_req *req, void *start = (void *)req->completer.addr, *end = start + PAGE_SIZE; enum kvm_pgtable_prot prot; + if (req->initiator.state == PKVM_PAGE_SHARED_OWNED) + return 0; + prot = pkvm_mkstate(perms, PKVM_PAGE_SHARED_BORROWED); return pkvm_create_mappings_locked(start, end, prot); } @@ -653,10 +682,6 @@ static int do_share(struct pkvm_mem_share *share) if (ret) break; - /* Allow double-sharing by skipping over the page */ - if (req.initiator.state == PKVM_PAGE_SHARED_OWNED) - continue; - ret = initiate_share(&req, share); if (ret) break;