Allow calling KVM_GUEST_MEMFD_POPULATE ioctl by the process that does
not own the KVM context.
This is to enable guest_memfd population by a non-VMM process that is
useful for isolation of the memory management logic from the VMM for
security and performance reasons.
Signed-off-by: Nikita Kalyazin <kalyazin@xxxxxxxxxx>
---
virt/kvm/kvm_main.c | 29 ++++++++++++++++++-----------
1 file changed, 18 insertions(+), 11 deletions(-)
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index e5bd2c0031bf..eb626c4bf4d7 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -5159,8 +5159,25 @@ static long kvm_vm_ioctl(struct file *filp,
void __user *argp = (void __user *)arg;
int r;
- if (kvm->mm != current->mm || kvm->vm_dead)
+ if (kvm->vm_dead)
return -EIO;
+
+#ifdef CONFIG_KVM_PRIVATE_MEM
+ if (ioctl == KVM_GUEST_MEMFD_POPULATE) {
+ struct kvm_guest_memfd_populate populate;
+
+ r = -EFAULT;
+ if (copy_from_user(&populate, argp, sizeof(populate)))
+ goto out;
+
+ r = kvm_gmem_guest_memfd_populate(kvm, &populate);
+ goto out;
+ }
+#endif
+
+ if (kvm->mm != current->mm)
+ return -EIO;
+
switch (ioctl) {
case KVM_CREATE_VCPU:
r = kvm_vm_ioctl_create_vcpu(kvm, arg);
@@ -5383,16 +5400,6 @@ static long kvm_vm_ioctl(struct file *filp,
r = kvm_gmem_create(kvm, &guest_memfd);
break;
}
- case KVM_GUEST_MEMFD_POPULATE: {
- struct kvm_guest_memfd_populate populate;
-
- r = -EFAULT;
- if (copy_from_user(&populate, argp, sizeof(populate)))
- goto out;
-
- r = kvm_gmem_guest_memfd_populate(kvm, &populate);
- break;
- }
#endif
default:
r = kvm_arch_vm_ioctl(filp, ioctl, arg);
--
2.40.1
