Forbid userspace from making changes to a locked memslot. If userspace
wants to modify a locked memslot, then they will need to unlock it.
One special case is allowed: memslots locked for read, but not for write,
can have dirty page logging turned on.
Signed-off-by: Alexandru Elisei <alexandru.elisei@xxxxxxx>
---
arch/arm64/kvm/mmu.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/arch/arm64/kvm/mmu.c b/arch/arm64/kvm/mmu.c
index 27b7befd4fa9..3ab8eba808ae 100644
--- a/arch/arm64/kvm/mmu.c
+++ b/arch/arm64/kvm/mmu.c
@@ -1842,8 +1842,23 @@ int kvm_arch_prepare_memory_region(struct kvm *kvm,
{
hva_t hva = mem->userspace_addr;
hva_t reg_end = hva + mem->memory_size;
+ struct kvm_memory_slot *old;
int ret = 0;
+ /*
+ * Forbid all changes to locked memslots with the exception of turning
+ * on dirty page logging for memslots locked only for reads.
+ */
+ old = id_to_memslot(kvm_memslots(kvm), memslot->id);
+ if (old && memslot_is_locked(old)) {
+ if (change == KVM_MR_FLAGS_ONLY &&
+ memslot_is_logging(memslot) &&
+ !(old->arch.flags & KVM_MEMSLOT_LOCK_WRITE))
+ memcpy(&memslot->arch, &old->arch, sizeof(old->arch));
+ else
+ return -EBUSY;
+ }
+
if (change != KVM_MR_CREATE && change != KVM_MR_MOVE &&
change != KVM_MR_FLAGS_ONLY)
return 0;
--
2.33.0
_______________________________________________
kvmarm mailing list
kvmarm@xxxxxxxxxxxxxxxxxxxxx
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
