Forbid userspace from making changes to a locked memslot. If userspace wants to modify a locked memslot, then they will need to unlock it.
One special case is allowed: memslots locked for read, but not for write, can have dirty page logging turned on. Signed-off-by: Alexandru Elisei <[email protected]> --- arch/arm64/kvm/mmu.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/arch/arm64/kvm/mmu.c b/arch/arm64/kvm/mmu.c index 27b7befd4fa9..3ab8eba808ae 100644 --- a/arch/arm64/kvm/mmu.c +++ b/arch/arm64/kvm/mmu.c @@ -1842,8 +1842,23 @@ int kvm_arch_prepare_memory_region(struct kvm *kvm, { hva_t hva = mem->userspace_addr; hva_t reg_end = hva + mem->memory_size; + struct kvm_memory_slot *old; int ret = 0; + /* + * Forbid all changes to locked memslots with the exception of turning + * on dirty page logging for memslots locked only for reads. + */ + old = id_to_memslot(kvm_memslots(kvm), memslot->id); + if (old && memslot_is_locked(old)) { + if (change == KVM_MR_FLAGS_ONLY && + memslot_is_logging(memslot) && + !(old->arch.flags & KVM_MEMSLOT_LOCK_WRITE)) + memcpy(&memslot->arch, &old->arch, sizeof(old->arch)); + else + return -EBUSY; + } + if (change != KVM_MR_CREATE && change != KVM_MR_MOVE && change != KVM_MR_FLAGS_ONLY) return 0; -- 2.33.0 _______________________________________________ kvmarm mailing list [email protected] https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
