Add wrappers around the page table entry (pgd/p4d/pud/pmd) set function
to check that an existing entry is not being overwritten.
Signed-off-by: Alexandre Chartre <alexandre.chartre@xxxxxxxxxx>
---
arch/x86/kvm/isolation.c | 107 ++++++++++++++++++++++++++++++++++++++++++++++
1 files changed, 107 insertions(+), 0 deletions(-)
diff --git a/arch/x86/kvm/isolation.c b/arch/x86/kvm/isolation.c
index 6ec86df..b681e4f 100644
--- a/arch/x86/kvm/isolation.c
+++ b/arch/x86/kvm/isolation.c
@@ -342,6 +342,113 @@ static inline void kvm_p4d_free(struct mm_struct *mm, p4d_t *p4d)
return p4d;
}
+/*
+ * kvm_set_pXX() functions are equivalent to kernel set_pXX() functions
+ * but, in addition, they ensure that they are not overwriting an already
+ * existing reference in the page table. Otherwise an error is returned.
+ *
+ * Note that this is not used for PTE because a PTE entry points to page
+ * frames containing the actual user data, and not to another entry in the
+ * page table. However this is used for PGD.
+ */
+
+static int kvm_set_pmd(pmd_t *pmd, pmd_t pmd_value)
+{
+#ifdef DEBUG
+ /*
+ * The pmd pointer should come from kvm_pmd_alloc() or kvm_pmd_offset()
+ * both of which check if the pointer is in the KVM page table. So this
+ * is a paranoid check to ensure the pointer is really in the KVM page
+ * table.
+ */
+ if (!kvm_valid_pgt_entry(pmd)) {
+ pr_err("PMD %px is not in KVM page table\n", pmd);
+ return -EINVAL;
+ }
+#endif
+ if (pmd_val(*pmd) == pmd_val(pmd_value))
+ return 0;
+
+ if (!pmd_none(*pmd)) {
+ pr_err("PMD %px: overwriting %lx with %lx\n",
+ pmd, pmd_val(*pmd), pmd_val(pmd_value));
+ return -EBUSY;
+ }
+
+ set_pmd(pmd, pmd_value);
+
+ return 0;
+}
+
+static int kvm_set_pud(pud_t *pud, pud_t pud_value)
+{
+#ifdef DEBUG
+ /*
+ * The pud pointer should come from kvm_pud_alloc() or kvm_pud_offset()
+ * both of which check if the pointer is in the KVM page table. So this
+ * is a paranoid check to ensure the pointer is really in the KVM page
+ * table.
+ */
+ if (!kvm_valid_pgt_entry(pud)) {
+ pr_err("PUD %px is not in KVM page table\n", pud);
+ return -EINVAL;
+ }
+#endif
+ if (pud_val(*pud) == pud_val(pud_value))
+ return 0;
+
+ if (!pud_none(*pud)) {
+ pr_err("PUD %px: overwriting %lx\n", pud, pud_val(*pud));
+ return -EBUSY;
+ }
+
+ set_pud(pud, pud_value);
+
+ return 0;
+}
+
+static int kvm_set_p4d(p4d_t *p4d, p4d_t p4d_value)
+{
+#ifdef DEBUG
+ /*
+ * The p4d pointer should come from kvm_p4d_alloc() or kvm_p4d_offset()
+ * both of which check if the pointer is in the KVM page table. So this
+ * is a paranoid check to ensure the pointer is really in the KVM page
+ * table.
+ */
+ if (!kvm_valid_pgt_entry(p4d)) {
+ pr_err("P4D %px is not in KVM page table\n", p4d);
+ return -EINVAL;
+ }
+#endif
+ if (p4d_val(*p4d) == p4d_val(p4d_value))
+ return 0;
+
+ if (!p4d_none(*p4d)) {
+ pr_err("P4D %px: overwriting %lx\n", p4d, p4d_val(*p4d));
+ return -EBUSY;
+ }
+
+ set_p4d(p4d, p4d_value);
+
+ return 0;
+}
+
+static int kvm_set_pgd(pgd_t *pgd, pgd_t pgd_value)
+{
+ if (pgd_val(*pgd) == pgd_val(pgd_value))
+ return 0;
+
+ if (!pgd_none(*pgd)) {
+ pr_err("PGD %px: overwriting %lx\n", pgd, pgd_val(*pgd));
+ return -EBUSY;
+ }
+
+ set_pgd(pgd, pgd_value);
+
+ return 0;
+}
+
static int kvm_isolation_init_mm(void)
{
--
1.7.1
