Handling changes to private memory slots can be difficult, since it would probably require some cooperation from the hypervisor and/or the guest. Do not allow such changes for now. Signed-off-by: Fuad Tabba <tabba@xxxxxxxxxx> --- arch/arm64/kvm/mmu.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/arm64/kvm/mmu.c b/arch/arm64/kvm/mmu.c index e632e10ea395..b1fc636fb670 100644 --- a/arch/arm64/kvm/mmu.c +++ b/arch/arm64/kvm/mmu.c @@ -1970,6 +1970,10 @@ int kvm_arch_prepare_memory_region(struct kvm *kvm, change != KVM_MR_FLAGS_ONLY) return 0; + if ((change == KVM_MR_MOVE || change == KVM_MR_FLAGS_ONLY) && + ((kvm_slot_can_be_private(old)) || (kvm_slot_can_be_private(new)))) + return -EPERM; + /* * Prevent userspace from creating a memory region outside of the IPA * space addressable by the KVM guest IPA space. -- 2.46.0.rc1.232.g9752f9e123-goog
