From c4cb035083ae092dc63288be565ec0c7128d15ee Mon Sep 17 00:00:00 2001 From: Quentin Perret Date: Fri, 6 May 2022 08:59:32 +0000 Subject: [PATCH] ANDROID: BACKPORT: KVM: arm64: Disallow dirty logging and RO memslots with pKVM The current implementation of pKVM doesn't support dirty logging or read-only memslots. Although support for these features is desirable, this will require future work, so let's cleanly report the limitations to userspace by failing the ioctls until then. Signed-off-by: Quentin Perret [willdeacon@: Refer to 'memslot' arg to kvm_arch_prepare_memory_region() instead of non-existent 'new'] Signed-off-by: Will Deacon Bug: 233587962 Change-Id: Ifc434c234ac58b46a244fdd44114bc9a51f53e19 --- arch/arm64/kvm/mmu.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/arch/arm64/kvm/mmu.c b/arch/arm64/kvm/mmu.c index c9dfe6a83f37..3d133b73d3a7 100644 --- a/arch/arm64/kvm/mmu.c +++ b/arch/arm64/kvm/mmu.c @@ -1734,11 +1734,17 @@ int kvm_arch_prepare_memory_region(struct kvm *kvm, hva_t reg_end = hva + mem->memory_size; int ret = 0; - /* In protected mode, cannot modify memslots once a VM has run. */ - if (is_protected_kvm_enabled() && - (change == KVM_MR_DELETE || change == KVM_MR_MOVE) && - kvm->arch.pkvm.handle) { - return -EPERM; + if (is_protected_kvm_enabled()) { + /* In protected mode, cannot modify memslots once a VM has run. */ + if ((change == KVM_MR_DELETE || change == KVM_MR_MOVE) && + kvm->arch.pkvm.handle) { + return -EPERM; + } + + if (memslot && + memslot->flags & (KVM_MEM_LOG_DIRTY_PAGES | KVM_MEM_READONLY)) { + return -EPERM; + } } if (change != KVM_MR_CREATE && change != KVM_MR_MOVE &&