From patchwork Thu Aug 1 09:01:10 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Fuad Tabba X-Patchwork-Id: 13749994 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 609C9C49EA1 for ; Thu, 1 Aug 2024 09:01:32 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id E07AC6B0096; Thu, 1 Aug 2024 05:01:30 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id DB6156B0098; Thu, 1 Aug 2024 05:01:30 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id C0A086B0099; Thu, 1 Aug 2024 05:01:30 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 9273C6B0096 for ; Thu, 1 Aug 2024 05:01:30 -0400 (EDT) Received: from smtpin10.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 5060FA67A2 for ; Thu, 1 Aug 2024 09:01:30 +0000 (UTC) X-FDA: 82403083140.10.B54A2A9 Received: from mail-yw1-f202.google.com (mail-yw1-f202.google.com [209.85.128.202]) by imf30.hostedemail.com (Postfix) with ESMTP id 8106480012 for ; Thu, 1 Aug 2024 09:01:28 +0000 (UTC) Authentication-Results: imf30.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=SsutGZ8o; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf30.hostedemail.com: domain of 3506rZgUKCG4fMNNMSaaSXQ.OaYXUZgj-YYWhMOW.adS@flex--tabba.bounces.google.com designates 209.85.128.202 as permitted sender) smtp.mailfrom=3506rZgUKCG4fMNNMSaaSXQ.OaYXUZgj-YYWhMOW.adS@flex--tabba.bounces.google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1722502825; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=r2dA+/WuAip0LraCdE4saiE0NevgxBDmZ5s6G2UnSY8=; b=Hwe0ZeKZQ6gEhX6wkgMAwATj1hR2aX0pKAd1Ehf8mMrXqFQOZHKroxT5LHWjUr7TLCUjW6 fJaw2b5VSngLuQeX6h+UX26m4ZUmhU1LZOfga8TO6nVPcVoGxXy+0n3gJUJujPYHd6i+JX UjgpQsTvkoh/d6937+RLt8Z72ayxvYo= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1722502825; a=rsa-sha256; cv=none; b=FfwOQXRPQX5KzCD0vqtNIVpINE+MTImhO8grfn6tSfFPZ03vmw0ekbxpFcFZKp2ea33oBe FAGc9/yPw6jFWQXGlRAWriPg7ON8gHgH5etU0xbJ3SgmhExSWZOLsNhpGFt9PGxVT/dCCI 611pNCNYYo5k2jiweYyxit5FJ4J3iig= ARC-Authentication-Results: i=1; imf30.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=SsutGZ8o; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf30.hostedemail.com: domain of 3506rZgUKCG4fMNNMSaaSXQ.OaYXUZgj-YYWhMOW.adS@flex--tabba.bounces.google.com designates 209.85.128.202 as permitted sender) smtp.mailfrom=3506rZgUKCG4fMNNMSaaSXQ.OaYXUZgj-YYWhMOW.adS@flex--tabba.bounces.google.com Received: by mail-yw1-f202.google.com with SMTP id 00721157ae682-664b7a67ad4so134698897b3.2 for ; Thu, 01 Aug 2024 02:01:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1722502887; x=1723107687; darn=kvack.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=r2dA+/WuAip0LraCdE4saiE0NevgxBDmZ5s6G2UnSY8=; b=SsutGZ8oTg48W2WCjUvH3igQGTzTW5jJBBa5PX9UJtze9MoMQDFyXXfi5rCKVAQ113 bikgw8wHGUul3chzBZp9N+LDwZVRgarw1VaYw/LKK1bXjgSbz6ViL5ZwHOdujHSSZnWI J22EpAMVPlYhAUuRKrAneFdI4nEsA/sWLsRJQetDwSqXwEiqZbCaJdtpy5iLGSwiGJNb gyN8sbMxblmzqQRcYTCEI9kY0ivyHZbbssviUGbJfSyS4RocsNvMLJ2VGw4X3JlFUTyE XB5pvDkT3wlaY1WeAUMWGxPsYgz04ieStwh9ETm0VPvAlS71a4U1BPlQ4jwxrsYI2CCV YOIA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722502887; x=1723107687; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=r2dA+/WuAip0LraCdE4saiE0NevgxBDmZ5s6G2UnSY8=; b=cK4L8xCEQpJckESPvMZ4AD5g/iMhxdSjFJPDW0Q/DvVXo/2KDrCyQjxXUURTbs3J/l UTQre4OHSa72RCGpLqpop4yGF0Ou/bSjfY0/9PvO1+QqS+uzT7yzFI6oXssHq0imJbJb necSVQtsbi2vpnpG09fy88CUufUMTjDYyGN1hZyIvyRnVsLgvslxZGLgkJFp1/R5nU/J kOZQe4m5DqfkB/0YHG4QB85jTZ3H4OWnBP0iMS/ravdEabVRq9KyT8OhPDgDfoI72zWX u0Mn2vjgIzET229vQ4owWDBfe8Q+8S5dtAhlk1loSr5SfL5R+v3fnNOzkXiRPoJCfksb /2Hg== X-Forwarded-Encrypted: i=1; AJvYcCWW8/G8zyALOlT/PvMGD8fefxhN7j+8+mmHFm2LWQ3/Fo9Z8xtFPBa/5vrjrCPKkln6mxOvdd4e8tAyYZeDEQFnvH4= X-Gm-Message-State: AOJu0YwnFkyO4zeWJOMdBRfM3DDw+AROgB90ANjPHwcnxC7pX6Q527Yz 2WazlmfJMFHi11jIODSyYifWHGY7QBwhxs46ZvEcFraCra1aSgJkIel+5b4ONQBTLWwhD1bqBw= = X-Google-Smtp-Source: AGHT+IFTyhbnlkMzi/3eqbxm5qXZ73AAT9ul7/e/eVlxOdal7iBxLuY+Lba4cs8t3PeL8JTir4ZyTcDElQ== X-Received: from fuad.c.googlers.com ([fda3:e722:ac3:cc00:28:9cb1:c0a8:1613]) (user=tabba job=sendgmr) by 2002:a05:690c:9e:b0:673:b39a:92ce with SMTP id 00721157ae682-6874be4e4b8mr30147b3.3.1722502887498; Thu, 01 Aug 2024 02:01:27 -0700 (PDT) Date: Thu, 1 Aug 2024 10:01:10 +0100 In-Reply-To: <20240801090117.3841080-1-tabba@google.com> Mime-Version: 1.0 References: <20240801090117.3841080-1-tabba@google.com> X-Mailer: git-send-email 2.46.0.rc1.232.g9752f9e123-goog Message-ID: <20240801090117.3841080-4-tabba@google.com> Subject: [RFC PATCH v2 03/10] KVM: Implement kvm_(read|/write)_guest_page for private memory slots From: Fuad Tabba To: kvm@vger.kernel.org, linux-arm-msm@vger.kernel.org, linux-mm@kvack.org Cc: pbonzini@redhat.com, chenhuacai@kernel.org, mpe@ellerman.id.au, anup@brainfault.org, paul.walmsley@sifive.com, palmer@dabbelt.com, aou@eecs.berkeley.edu, seanjc@google.com, viro@zeniv.linux.org.uk, brauner@kernel.org, willy@infradead.org, akpm@linux-foundation.org, xiaoyao.li@intel.com, yilun.xu@intel.com, chao.p.peng@linux.intel.com, jarkko@kernel.org, amoorthy@google.com, dmatlack@google.com, yu.c.zhang@linux.intel.com, isaku.yamahata@intel.com, mic@digikod.net, vbabka@suse.cz, vannapurve@google.com, ackerleytng@google.com, mail@maciej.szmigiero.name, david@redhat.com, michael.roth@amd.com, wei.w.wang@intel.com, liam.merwick@oracle.com, isaku.yamahata@gmail.com, kirill.shutemov@linux.intel.com, suzuki.poulose@arm.com, steven.price@arm.com, quic_eberman@quicinc.com, quic_mnalajal@quicinc.com, quic_tsoni@quicinc.com, quic_svaddagi@quicinc.com, quic_cvanscha@quicinc.com, quic_pderrin@quicinc.com, quic_pheragu@quicinc.com, catalin.marinas@arm.com, james.morse@arm.com, yuzenghui@huawei.com, oliver.upton@linux.dev, maz@kernel.org, will@kernel.org, qperret@google.com, keirf@google.com, roypat@amazon.co.uk, shuah@kernel.org, hch@infradead.org, jgg@nvidia.com, rientjes@google.com, jhubbard@nvidia.com, fvdl@google.com, hughd@google.com, tabba@google.com X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: 8106480012 X-Stat-Signature: sogccxejorj3dmj6d3dfcm915m8q4k4d X-Rspam-User: X-HE-Tag: 1722502888-718921 X-HE-Meta: U2FsdGVkX18xMJ88Pxl4g2foK8nZckb6uFaT/ckUfR/vNOA6A+vFB1FWZ7XrQR6OWEYyBxuPW9GXC3jSnuJ3nng2xFOJ6ez3nKoRKgv3r875Xl4c4whS1pnC6M0FyPvGCUYigQqyTigZx3pEhBBU+7KDBIeIdnga+MkHR9kAUT6tUxWTUeAaUCYtXNIRzv0JZ01bcCxiwX1gsh4xKeZ4Z+QGZeo6Tje7kzjtJj9FAh3uExGroL6Uz0ziiPiCGYbR6S5g5q9V1M5OlraDYfHOY4RWAME+KSVYeVj2HvQXRpKctpcti+SEiem/21fi3vT4hDa2atuAOQ254t2KAGAG5EUIstJGm8uoL153dk3dMM02RkG9vwQ906L3Zr5rHKK/Wukv91r+wLcA8N78V9zHcrbt+KVADq4FuXcl2AhnPkpd4Cxv2vPS+Z/DXgZrea75nunn+yqrX9rSIGxdA4YJRmSaxErzD/sITxE37bcAtVPEbP6PjMhIa/xSbpMC3nyMzXietO4xznFa0xwHHHsGiwDSKm6xoLn+YEP9UIJFAPo/eleRJCCEZVa+UHO/SXcSvEFQdVt2SwC2+uc5j2mJycgy6Vs+WQ6oWQJ+r1aqQjx9iTmU3vY/A7RZgIPnXl3SVw5cD8pwIr3LQzxQwoPvm8uJomm7x1O9D/bb0GifscmY/AA6dWxAMs/MTbMYYF0vl3pCnuCoZwFIzIAu3r4h/gZz89hWTo5V7jkD3FR2v8G1pkhqzd54NWY18rnbtRDWSsjTYpb72wvIuz7TGLRjRlLJsQ9eSLRUAHqhumxN50hG3jNgzlP6/bkyVYG0GgTn5cCJ34mSLZBpFfNT1BsMJr+qYfANfSefXTcBPS1yrCDbe5dHBEqJCP5+8oc3V9E6hcB2ozSZ5T+PcblSn9doPPBVRfaPo3aap7j420yw+OyWwNlURkTO71SUc8lYJi4/23FJr7gAkfaRByB/A6o rzx9ToVf 6l0835YsZm36LB9KBsGoky6QJLnPbJC3niaH2p22EZPZnxITdgPgN9Akueu9WAixe4iiFAssYr68QFBzfYZ831NpmIpIzyQ8MMeBZAbxx2Rt4qJP9KhMSR/TclC4xB0FogohRB/iBOUDpskUj6ZFvpc0xkSJMQrnMsT3YKXyNMLDV502mm9lGNxKPSHAWlU1IxuF0Y1D+snvd68Q7vsbj8QDDBIZ/shHMP71DrgyDUf+Ks4B1tv46p0FwilcEIdrkc7+Ioew8G4Sa7vu/Qt3VRBRph3xXPoAb/RhZjvcyeq8Lp0w77CcEQu4Iza42/1NBwc2ZhQ0E2zDDQHAGTtqYpke68nTwA8KpdvNHQmSRyW7XbGtD96CIT2XG7c4kynQyqMJzNF+FGnvpJC3+X/py+9f3+NbDzUmtXm46i/x0Ec0z18NRKI9qG+s4HXwVprMd8mTav+NNJ+weUvxMBCS28SAAOxt33mib0pnFAuRixCg9rMuSXS7kClAdo84b93CSN9V4r0l7XQMq4VxGmUyWTRguTd10bpVjd0L3ymH8/V1RBrW15/gaKWjJ1WwcBZgIJXKDb9aCvBRlunOZsH26n8uwNxpO9G0HpHId9Vgh9wN4aAcGsNt/FH0WLA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Make __kvm_read_guest_page/__kvm_write_guest_page capable of accessing guest memory if no userspace address is available. Moreover, check that the memory being accessed is shared with the host before attempting the access. KVM at the host might need to access shared memory that is not mapped in the host userspace but is in fact shared with the host, e.g., when accounting for stolen time. This allows the access without relying on the slot's userspace_addr being set. This does not circumvent protection, since the access is only attempted if the memory is mappable by the host, which implies shareability. Signed-off-by: Fuad Tabba --- virt/kvm/kvm_main.c | 127 ++++++++++++++++++++++++++++++++++++++------ 1 file changed, 111 insertions(+), 16 deletions(-) diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index f4b4498d4de6..ec6255c7325e 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -3385,20 +3385,108 @@ int kvm_gmem_clear_mappable(struct kvm *kvm, gfn_t start, gfn_t end) return kvm_gmem_toggle_mappable(kvm, start, end, false); } +static int __kvm_read_private_guest_page(struct kvm *kvm, + struct kvm_memory_slot *slot, + gfn_t gfn, void *data, int offset, + int len) +{ + struct page *page; + u64 pfn; + int r = 0; + + if (size_add(offset, len) > PAGE_SIZE) + return -E2BIG; + + mutex_lock(&kvm->slots_lock); + + if (!__kvm_gmem_is_mappable(kvm, gfn, gfn + 1)) { + r = -EPERM; + goto unlock; + } + + r = kvm_gmem_get_pfn_locked(kvm, slot, gfn, &pfn, NULL); + if (r) + goto unlock; + + page = pfn_to_page(pfn); + memcpy(data, page_address(page) + offset, len); + unlock_page(page); + kvm_release_pfn_clean(pfn); +unlock: + mutex_unlock(&kvm->slots_lock); + + return r; +} + +static int __kvm_write_private_guest_page(struct kvm *kvm, + struct kvm_memory_slot *slot, + gfn_t gfn, const void *data, + int offset, int len) +{ + struct page *page; + u64 pfn; + int r = 0; + + if (size_add(offset, len) > PAGE_SIZE) + return -E2BIG; + + mutex_lock(&kvm->slots_lock); + + if (!__kvm_gmem_is_mappable(kvm, gfn, gfn + 1)) { + r = -EPERM; + goto unlock; + } + + r = kvm_gmem_get_pfn_locked(kvm, slot, gfn, &pfn, NULL); + if (r) + goto unlock; + + page = pfn_to_page(pfn); + memcpy(page_address(page) + offset, data, len); + unlock_page(page); + kvm_release_pfn_dirty(pfn); +unlock: + mutex_unlock(&kvm->slots_lock); + + return r; +} +#else +static int __kvm_read_private_guest_page(struct kvm *kvm, + struct kvm_memory_slot *slot, + gfn_t gfn, void *data, int offset, + int len) +{ + WARN_ON_ONCE(1); + return -EIO; +} + +static int __kvm_write_private_guest_page(struct kvm *kvm, + struct kvm_memory_slot *slot, + gfn_t gfn, const void *data, + int offset, int len) +{ + WARN_ON_ONCE(1); + return -EIO; +} #endif /* CONFIG_KVM_PRIVATE_MEM_MAPPABLE */ /* Copy @len bytes from guest memory at '(@gfn * PAGE_SIZE) + @offset' to @data */ -static int __kvm_read_guest_page(struct kvm_memory_slot *slot, gfn_t gfn, - void *data, int offset, int len) + +static int __kvm_read_guest_page(struct kvm *kvm, struct kvm_memory_slot *slot, + gfn_t gfn, void *data, int offset, int len) { - int r; unsigned long addr; + if (IS_ENABLED(CONFIG_KVM_PRIVATE_MEM_MAPPABLE) && + kvm_slot_can_be_private(slot)) { + return __kvm_read_private_guest_page(kvm, slot, gfn, data, + offset, len); + } + addr = gfn_to_hva_memslot_prot(slot, gfn, NULL); if (kvm_is_error_hva(addr)) return -EFAULT; - r = __copy_from_user(data, (void __user *)addr + offset, len); - if (r) + if (__copy_from_user(data, (void __user *)addr + offset, len)) return -EFAULT; return 0; } @@ -3408,7 +3496,7 @@ int kvm_read_guest_page(struct kvm *kvm, gfn_t gfn, void *data, int offset, { struct kvm_memory_slot *slot = gfn_to_memslot(kvm, gfn); - return __kvm_read_guest_page(slot, gfn, data, offset, len); + return __kvm_read_guest_page(kvm, slot, gfn, data, offset, len); } EXPORT_SYMBOL_GPL(kvm_read_guest_page); @@ -3417,7 +3505,7 @@ int kvm_vcpu_read_guest_page(struct kvm_vcpu *vcpu, gfn_t gfn, void *data, { struct kvm_memory_slot *slot = kvm_vcpu_gfn_to_memslot(vcpu, gfn); - return __kvm_read_guest_page(slot, gfn, data, offset, len); + return __kvm_read_guest_page(vcpu->kvm, slot, gfn, data, offset, len); } EXPORT_SYMBOL_GPL(kvm_vcpu_read_guest_page); @@ -3492,17 +3580,24 @@ EXPORT_SYMBOL_GPL(kvm_vcpu_read_guest_atomic); /* Copy @len bytes from @data into guest memory at '(@gfn * PAGE_SIZE) + @offset' */ static int __kvm_write_guest_page(struct kvm *kvm, struct kvm_memory_slot *memslot, gfn_t gfn, - const void *data, int offset, int len) + const void *data, int offset, int len) { - int r; - unsigned long addr; + if (IS_ENABLED(CONFIG_KVM_PRIVATE_MEM_MAPPABLE) && + kvm_slot_can_be_private(memslot)) { + int r = __kvm_write_private_guest_page(kvm, memslot, gfn, data, + offset, len); + + if (r) + return r; + } else { + unsigned long addr = gfn_to_hva_memslot(memslot, gfn); + + if (kvm_is_error_hva(addr)) + return -EFAULT; + if (__copy_to_user((void __user *)addr + offset, data, len)) + return -EFAULT; + } - addr = gfn_to_hva_memslot(memslot, gfn); - if (kvm_is_error_hva(addr)) - return -EFAULT; - r = __copy_to_user((void __user *)addr + offset, data, len); - if (r) - return -EFAULT; mark_page_dirty_in_slot(kvm, memslot, gfn); return 0; }