On Tue, Sep 29, 2020 at 08:43:23AM +0100, Marc Zyngier wrote:
> Commit c4ad98e4b72cb5be30ea282fce935248f2300e62 upstream.
>
> KVM currently assumes that an instruction abort can never be a write.
> This is in general true, except when the abort is triggered by
> a S1PTW on instruction fetch that tries to update the S1 page tables
> (to set AF, for example).
>
> This can happen if the page tables have been paged out and brought
> back in without seeing a direct write to them (they are thus marked
> read only), and the fault handling code will make the PT executable(!)
> instead of writable. The guest gets stuck forever.
>
> In these conditions, the permission fault must be considered as
> a write so that the Stage-1 update can take place. This is essentially
> the I-side equivalent of the problem fixed by 60e21a0ef54c ("arm64: KVM:
> Take S1 walks into account when determining S2 write faults").
>
> Update kvm_is_write_fault() to return true on IABT+S1PTW, and introduce
> kvm_vcpu_trap_is_exec_fault() that only return true when no faulting
> on a S1 fault. Additionally, kvm_vcpu_dabt_iss1tw() is renamed to
> kvm_vcpu_abt_iss1tw(), as the above makes it plain that it isn't
> specific to data abort.
>
> Signed-off-by: Marc Zyngier <maz@xxxxxxxxxx>
> Reviewed-by: Will Deacon <will@xxxxxxxxxx>
> Cc: stable@xxxxxxxxxxxxxxx
> Link: https://lore.kernel.org/r/20200915104218.1284701-2-maz@xxxxxxxxxx
> ---
> arch/arm/include/asm/kvm_emulate.h | 11 ++++++++---
> arch/arm64/include/asm/kvm_emulate.h | 9 +++++++--
> arch/arm64/kvm/hyp/switch.c | 2 +-
> virt/kvm/arm/mmio.c | 2 +-
> virt/kvm/arm/mmu.c | 5 ++++-
> 5 files changed, 21 insertions(+), 8 deletions(-)
Now queued up, thanks.
greg k-h
