From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 0390CC433EF
	for <linux-kernel@archiver.kernel.org>; Wed, 13 Oct 2021 15:59:25 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by mail.kernel.org (Postfix) with ESMTP id D8E3F60EE9
	for <linux-kernel@archiver.kernel.org>; Wed, 13 Oct 2021 15:59:24 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S237211AbhJMQB0 (ORCPT <rfc822;linux-kernel@archiver.kernel.org>);
        Wed, 13 Oct 2021 12:01:26 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42884 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S236277AbhJMQBI (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 13 Oct 2021 12:01:08 -0400
Received: from mail-qv1-xf49.google.com (mail-qv1-xf49.google.com [IPv6:2607:f8b0:4864:20::f49])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E9F24C061749
        for <linux-kernel@vger.kernel.org>; Wed, 13 Oct 2021 08:59:04 -0700 (PDT)
Received: by mail-qv1-xf49.google.com with SMTP id kk3-20020a056214508300b00382d8d1bd71so2979269qvb.7
        for <linux-kernel@vger.kernel.org>; Wed, 13 Oct 2021 08:59:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20210112;
        h=date:in-reply-to:message-id:mime-version:references:subject:from:to
         :cc;
        bh=DEoxdh+qQqNfn4kriXOPtuGm5/KezrtRJAuAEOvIIEc=;
        b=TpLWDDRB66gNFtTO9H4DRYs+65J/g5K+vn3S4IswImh0cKDwKxr4tBSjZcRccVl/Gl
         PA7nAXYwmNvaJhrKw46Ts3VNmjOrJZAny7BGVWCNErEuHLrCRinaJt33ySp3tdu1rhlU
         ObF8iMNmln/oDydOezVDr5M8tvVtysJpT8v+dFboU9XBwY12v9a9YJdoISKQDzlPyc89
         gwxqYq45K+oRmNXwFvSb/RgfedaC9VADqHJA3tsa8lwe9+sahvN4PIU9zbtzmjuqi1TS
         TY2B5+x2nY3sIMBjjwqLbn3F5AEhqAsehabz6sua9uKu7eipWBEh68yQaYKn6biu+OzM
         jw3Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:date:in-reply-to:message-id:mime-version
         :references:subject:from:to:cc;
        bh=DEoxdh+qQqNfn4kriXOPtuGm5/KezrtRJAuAEOvIIEc=;
        b=rv6wfSB47FchnkElzmDOGIg/6PMnPuVJ1Z//gsZzbIHplFGAo1wxFvarIh6pbbE+89
         FZlmoh8ChThvNghHTuDrFA+D9NZ3cnCUz9ZC1kpbp78pO8rU4kzyP4lD+l05HhDDaVFJ
         KPDYO9i4/K4csqlCMS5R64HGRnG+hq7kGwTNtL9jO8TrvRl6jJ7DRLn5KHE/NBrFwic2
         ZkXGCvqJODLJQ5oVLVekNTPqh5n5X39sGezh0/mAmbbbPS4SDnm1kTRmoHo9+5I/oeNX
         BVXHbmJkNgniue383SazuWBq4x/UYkDdGapgataUKPNoILDj+p82iGW8hts5b2PEt3BA
         UfEg==
X-Gm-Message-State: AOAM532RcL2MlJuXtUg6ifXpU1D+aD+lKNLsDwxFXbZCVv/ZdFnFqhsS
        OfmOmM+ZBhZtOlBIF5ICeHIST8eZe5Vp
X-Google-Smtp-Source: ABdhPJxxY5hYqLzNoNmIsVUGeAsrdYoGroAg6GyRP+fKCKJAdv6jBH4kuWvly/Nv7EL03M4qWkxiLE/AW3NG
X-Received: from luke.lon.corp.google.com ([2a00:79e0:d:210:65b5:73d3:1558:b9ae])
 (user=qperret job=sendgmr) by 2002:ac8:5385:: with SMTP id
 x5mr73629qtp.105.1634140744121; Wed, 13 Oct 2021 08:59:04 -0700 (PDT)
Date:   Wed, 13 Oct 2021 16:58:28 +0100
In-Reply-To: <20211013155831.943476-1-qperret@google.com>
Message-Id: <20211013155831.943476-14-qperret@google.com>
Mime-Version: 1.0
References: <20211013155831.943476-1-qperret@google.com>
X-Mailer: git-send-email 2.33.0.882.g93a45727a2-goog
Subject: [PATCH 13/16] KVM: arm64: Move double-sharing logic into hyp-specific function
From:   Quentin Perret <qperret@google.com>
To:     Marc Zyngier <maz@kernel.org>, James Morse <james.morse@arm.com>,
        Alexandru Elisei <alexandru.elisei@arm.com>,
        Suzuki K Poulose <suzuki.poulose@arm.com>,
        Catalin Marinas <catalin.marinas@arm.com>,
        Will Deacon <will@kernel.org>, Fuad Tabba <tabba@google.com>,
        David Brazdil <dbrazdil@google.com>
Cc:     linux-arm-kernel@lists.infradead.org, kvmarm@lists.cs.columbia.edu,
        linux-kernel@vger.kernel.org, kernel-team@android.com
Content-Type: text/plain; charset="UTF-8"
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Will Deacon <will@kernel.org>

Strictly speaking, double-sharing a page is an invalid transition and
should be rejected, however we allow this in order to simplify the
book-keeping when KVM metadata (such as vcpu structures) co-exists in
the same page.

Given that double-sharing is only required for pages shared with the
hypervisor by the host, move the handling into a hyp-specific function
to check incoming shares, therefore preventing double-sharing outside
of this particular transition.

Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Quentin Perret <qperret@google.com>
---
 arch/arm64/kvm/hyp/nvhe/mem_protect.c | 57 +++++++++++++++++++--------
 1 file changed, 41 insertions(+), 16 deletions(-)

diff --git a/arch/arm64/kvm/hyp/nvhe/mem_protect.c b/arch/arm64/kvm/hyp/nvhe/mem_protect.c
index 909e60f71b06..3378117d010c 100644
--- a/arch/arm64/kvm/hyp/nvhe/mem_protect.c
+++ b/arch/arm64/kvm/hyp/nvhe/mem_protect.c
@@ -536,6 +536,33 @@ static int ack_share(struct pkvm_page_share_ack *ack,
 	}
 }
 
+static int hyp_check_incoming_share(struct pkvm_page_req *req,
+				    struct pkvm_page_share_ack *ack,
+				    enum pkvm_component_id initiator,
+				    enum kvm_pgtable_prot prot)
+{
+	/*
+	 * We allow the host to share the same page twice, but that means we
+	 * have to check that the states really do match exactly.
+	 */
+	if (initiator != PKVM_ID_HOST)
+		return -EPERM;
+
+	if (req->initiator.state != PKVM_PAGE_SHARED_OWNED)
+		return -EPERM;
+
+	if (ack->completer.state != PKVM_PAGE_SHARED_BORROWED)
+		return -EPERM;
+
+	if (ack->completer.phys != req->phys)
+		return -EPERM;
+
+	if (ack->completer.prot != prot)
+		return -EPERM;
+
+	return 0;
+}
+
 /*
  * Check that the page states in the initiator and the completer are compatible
  * for the requested page-sharing operation to go ahead.
@@ -544,6 +571,8 @@ static int check_share(struct pkvm_page_req *req,
 		       struct pkvm_page_share_ack *ack,
 		       struct pkvm_mem_share *share)
 {
+	struct pkvm_mem_transition *tx = &share->tx;
+
 	if (!addr_is_memory(req->phys))
 		return -EINVAL;
 
@@ -552,25 +581,22 @@ static int check_share(struct pkvm_page_req *req,
 		return 0;
 	}
 
-	if (req->initiator.state != PKVM_PAGE_SHARED_OWNED)
-		return -EPERM;
-
-	if (ack->completer.state != PKVM_PAGE_SHARED_BORROWED)
-		return -EPERM;
-
-	if (ack->completer.phys != req->phys)
-		return -EPERM;
-
-	if (ack->completer.prot != share->prot)
+	switch (tx->completer.id) {
+	case PKVM_ID_HYP:
+		return hyp_check_incoming_share(req, ack, tx->initiator.id,
+						share->prot);
+	default:
 		return -EPERM;
-
-	return 0;
+	}
 }
 
 static int host_initiate_share(struct pkvm_page_req *req)
 {
 	enum kvm_pgtable_prot prot;
 
+	if (req->initiator.state == PKVM_PAGE_SHARED_OWNED)
+		return 0;
+
 	prot = pkvm_mkstate(PKVM_HOST_MEM_PROT, PKVM_PAGE_SHARED_OWNED);
 	return host_stage2_idmap_locked(req->initiator.addr, PAGE_SIZE, prot);
 }
@@ -595,6 +621,9 @@ static int hyp_complete_share(struct pkvm_page_req *req,
 	void *start = (void *)req->completer.addr, *end = start + PAGE_SIZE;
 	enum kvm_pgtable_prot prot;
 
+	if (req->initiator.state == PKVM_PAGE_SHARED_OWNED)
+		return 0;
+
 	prot = pkvm_mkstate(perms, PKVM_PAGE_SHARED_BORROWED);
 	return pkvm_create_mappings_locked(start, end, prot);
 }
@@ -653,10 +682,6 @@ static int do_share(struct pkvm_mem_share *share)
 		if (ret)
 			break;
 
-		/* Allow double-sharing by skipping over the page */
-		if (req.initiator.state == PKVM_PAGE_SHARED_OWNED)
-			continue;
-
 		ret = initiate_share(&req, share);
 		if (ret)
 			break;
-- 
2.33.0.882.g93a45727a2-goog


From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=5TFS=PB=lists.cs.columbia.edu=kvmarm-bounces@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 600C9C433FE
	for <kvmarm@archiver.kernel.org>; Wed, 13 Oct 2021 15:59:09 +0000 (UTC)
Received: from mm01.cs.columbia.edu (mm01.cs.columbia.edu [128.59.11.253])
	by mail.kernel.org (Postfix) with ESMTP id 134D5611CB
	for <kvmarm@archiver.kernel.org>; Wed, 13 Oct 2021 15:59:09 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 134D5611CB
Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=lists.cs.columbia.edu
Received: from localhost (localhost [127.0.0.1])
	by mm01.cs.columbia.edu (Postfix) with ESMTP id B92844B132;
	Wed, 13 Oct 2021 11:59:08 -0400 (EDT)
X-Virus-Scanned: at lists.cs.columbia.edu
Authentication-Results: mm01.cs.columbia.edu (amavisd-new); dkim=softfail
	(fail, message has been altered) header.i=@google.com
Received: from mm01.cs.columbia.edu ([127.0.0.1])
	by localhost (mm01.cs.columbia.edu [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id WJwibW2sAGqs; Wed, 13 Oct 2021 11:59:07 -0400 (EDT)
Received: from mm01.cs.columbia.edu (localhost [127.0.0.1])
	by mm01.cs.columbia.edu (Postfix) with ESMTP id 95A294B15C;
	Wed, 13 Oct 2021 11:59:07 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1])
 by mm01.cs.columbia.edu (Postfix) with ESMTP id 434AF4B132
 for <kvmarm@lists.cs.columbia.edu>; Wed, 13 Oct 2021 11:59:06 -0400 (EDT)
X-Virus-Scanned: at lists.cs.columbia.edu
Received: from mm01.cs.columbia.edu ([127.0.0.1])
 by localhost (mm01.cs.columbia.edu [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id m-EKWteVnuOB for <kvmarm@lists.cs.columbia.edu>;
 Wed, 13 Oct 2021 11:59:05 -0400 (EDT)
Received: from mail-qv1-f73.google.com (mail-qv1-f73.google.com
 [209.85.219.73])
 by mm01.cs.columbia.edu (Postfix) with ESMTPS id 7AB484B176
 for <kvmarm@lists.cs.columbia.edu>; Wed, 13 Oct 2021 11:59:04 -0400 (EDT)
Received: by mail-qv1-f73.google.com with SMTP id
 hf12-20020a0562140e8c00b00382cdfe644eso2919126qvb.23
 for <kvmarm@lists.cs.columbia.edu>; Wed, 13 Oct 2021 08:59:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112;
 h=date:in-reply-to:message-id:mime-version:references:subject:from:to
 :cc; bh=DEoxdh+qQqNfn4kriXOPtuGm5/KezrtRJAuAEOvIIEc=;
 b=TpLWDDRB66gNFtTO9H4DRYs+65J/g5K+vn3S4IswImh0cKDwKxr4tBSjZcRccVl/Gl
 PA7nAXYwmNvaJhrKw46Ts3VNmjOrJZAny7BGVWCNErEuHLrCRinaJt33ySp3tdu1rhlU
 ObF8iMNmln/oDydOezVDr5M8tvVtysJpT8v+dFboU9XBwY12v9a9YJdoISKQDzlPyc89
 gwxqYq45K+oRmNXwFvSb/RgfedaC9VADqHJA3tsa8lwe9+sahvN4PIU9zbtzmjuqi1TS
 TY2B5+x2nY3sIMBjjwqLbn3F5AEhqAsehabz6sua9uKu7eipWBEh68yQaYKn6biu+OzM
 jw3Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:date:in-reply-to:message-id:mime-version
 :references:subject:from:to:cc;
 bh=DEoxdh+qQqNfn4kriXOPtuGm5/KezrtRJAuAEOvIIEc=;
 b=au8m2DqQs+d+dH0o529hHDaDIU6tkbDh+VUxUCHYPPJFrwQlVJEUrcF589VK43iDeg
 P/48kyAlTN1qY+HRr600+wc/QDkuRJ+IJ5vGFBszUsUX+FJmiTn3E0ODwXvaQkXchkcV
 cvPzLdMXku7Wb3wX0D0fZ3LmEQj5gD8sG6StvvZqjHTydvcL6vGginVLcANrJIlergMa
 mf00dzRGU9MnKpolgORY6gI3djs94belgtkP7OJV9qJM31igUyNdSK3SQdd8js0emTGt
 bK9zxHBnJIHsDl50cWtixqtm1nLwg5/LmABZW78GtW7NEJb254eXTTQyRog7HfzRQIxA
 6/GA==
X-Gm-Message-State: AOAM532r6UPb/u6YKMqCyHhGeyEo+sczcS9M36WLxXBucXmEfUj+nUUB
 0EBb2oO1w9/Q9kxCKI6ciLn+jfQRnZlb
X-Google-Smtp-Source: ABdhPJxxY5hYqLzNoNmIsVUGeAsrdYoGroAg6GyRP+fKCKJAdv6jBH4kuWvly/Nv7EL03M4qWkxiLE/AW3NG
X-Received: from luke.lon.corp.google.com
 ([2a00:79e0:d:210:65b5:73d3:1558:b9ae])
 (user=qperret job=sendgmr) by 2002:ac8:5385:: with SMTP id
 x5mr73629qtp.105.1634140744121; Wed, 13 Oct 2021 08:59:04 -0700 (PDT)
Date: Wed, 13 Oct 2021 16:58:28 +0100
In-Reply-To: <20211013155831.943476-1-qperret@google.com>
Message-Id: <20211013155831.943476-14-qperret@google.com>
Mime-Version: 1.0
References: <20211013155831.943476-1-qperret@google.com>
X-Mailer: git-send-email 2.33.0.882.g93a45727a2-goog
Subject: [PATCH 13/16] KVM: arm64: Move double-sharing logic into hyp-specific
 function
From: Quentin Perret <qperret@google.com>
To: Marc Zyngier <maz@kernel.org>, James Morse <james.morse@arm.com>, 
 Alexandru Elisei <alexandru.elisei@arm.com>,
 Suzuki K Poulose <suzuki.poulose@arm.com>, 
 Catalin Marinas <catalin.marinas@arm.com>, Will Deacon <will@kernel.org>,
 Fuad Tabba <tabba@google.com>, David Brazdil <dbrazdil@google.com>
Cc: kernel-team@android.com, kvmarm@lists.cs.columbia.edu,
 linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org
X-BeenThere: kvmarm@lists.cs.columbia.edu
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Where KVM/ARM decisions are made <kvmarm.lists.cs.columbia.edu>
List-Unsubscribe: <https://lists.cs.columbia.edu/mailman/options/kvmarm>,
 <mailto:kvmarm-request@lists.cs.columbia.edu?subject=unsubscribe>
List-Archive: <https://lists.cs.columbia.edu/pipermail/kvmarm>
List-Post: <mailto:kvmarm@lists.cs.columbia.edu>
List-Help: <mailto:kvmarm-request@lists.cs.columbia.edu?subject=help>
List-Subscribe: <https://lists.cs.columbia.edu/mailman/listinfo/kvmarm>,
 <mailto:kvmarm-request@lists.cs.columbia.edu?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kvmarm-bounces@lists.cs.columbia.edu
Sender: kvmarm-bounces@lists.cs.columbia.edu

From: Will Deacon <will@kernel.org>

Strictly speaking, double-sharing a page is an invalid transition and
should be rejected, however we allow this in order to simplify the
book-keeping when KVM metadata (such as vcpu structures) co-exists in
the same page.

Given that double-sharing is only required for pages shared with the
hypervisor by the host, move the handling into a hyp-specific function
to check incoming shares, therefore preventing double-sharing outside
of this particular transition.

Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Quentin Perret <qperret@google.com>
---
 arch/arm64/kvm/hyp/nvhe/mem_protect.c | 57 +++++++++++++++++++--------
 1 file changed, 41 insertions(+), 16 deletions(-)

diff --git a/arch/arm64/kvm/hyp/nvhe/mem_protect.c b/arch/arm64/kvm/hyp/nvhe/mem_protect.c
index 909e60f71b06..3378117d010c 100644
--- a/arch/arm64/kvm/hyp/nvhe/mem_protect.c
+++ b/arch/arm64/kvm/hyp/nvhe/mem_protect.c
@@ -536,6 +536,33 @@ static int ack_share(struct pkvm_page_share_ack *ack,
 	}
 }
 
+static int hyp_check_incoming_share(struct pkvm_page_req *req,
+				    struct pkvm_page_share_ack *ack,
+				    enum pkvm_component_id initiator,
+				    enum kvm_pgtable_prot prot)
+{
+	/*
+	 * We allow the host to share the same page twice, but that means we
+	 * have to check that the states really do match exactly.
+	 */
+	if (initiator != PKVM_ID_HOST)
+		return -EPERM;
+
+	if (req->initiator.state != PKVM_PAGE_SHARED_OWNED)
+		return -EPERM;
+
+	if (ack->completer.state != PKVM_PAGE_SHARED_BORROWED)
+		return -EPERM;
+
+	if (ack->completer.phys != req->phys)
+		return -EPERM;
+
+	if (ack->completer.prot != prot)
+		return -EPERM;
+
+	return 0;
+}
+
 /*
  * Check that the page states in the initiator and the completer are compatible
  * for the requested page-sharing operation to go ahead.
@@ -544,6 +571,8 @@ static int check_share(struct pkvm_page_req *req,
 		       struct pkvm_page_share_ack *ack,
 		       struct pkvm_mem_share *share)
 {
+	struct pkvm_mem_transition *tx = &share->tx;
+
 	if (!addr_is_memory(req->phys))
 		return -EINVAL;
 
@@ -552,25 +581,22 @@ static int check_share(struct pkvm_page_req *req,
 		return 0;
 	}
 
-	if (req->initiator.state != PKVM_PAGE_SHARED_OWNED)
-		return -EPERM;
-
-	if (ack->completer.state != PKVM_PAGE_SHARED_BORROWED)
-		return -EPERM;
-
-	if (ack->completer.phys != req->phys)
-		return -EPERM;
-
-	if (ack->completer.prot != share->prot)
+	switch (tx->completer.id) {
+	case PKVM_ID_HYP:
+		return hyp_check_incoming_share(req, ack, tx->initiator.id,
+						share->prot);
+	default:
 		return -EPERM;
-
-	return 0;
+	}
 }
 
 static int host_initiate_share(struct pkvm_page_req *req)
 {
 	enum kvm_pgtable_prot prot;
 
+	if (req->initiator.state == PKVM_PAGE_SHARED_OWNED)
+		return 0;
+
 	prot = pkvm_mkstate(PKVM_HOST_MEM_PROT, PKVM_PAGE_SHARED_OWNED);
 	return host_stage2_idmap_locked(req->initiator.addr, PAGE_SIZE, prot);
 }
@@ -595,6 +621,9 @@ static int hyp_complete_share(struct pkvm_page_req *req,
 	void *start = (void *)req->completer.addr, *end = start + PAGE_SIZE;
 	enum kvm_pgtable_prot prot;
 
+	if (req->initiator.state == PKVM_PAGE_SHARED_OWNED)
+		return 0;
+
 	prot = pkvm_mkstate(perms, PKVM_PAGE_SHARED_BORROWED);
 	return pkvm_create_mappings_locked(start, end, prot);
 }
@@ -653,10 +682,6 @@ static int do_share(struct pkvm_mem_share *share)
 		if (ret)
 			break;
 
-		/* Allow double-sharing by skipping over the page */
-		if (req.initiator.state == PKVM_PAGE_SHARED_OWNED)
-			continue;
-
 		ret = initiate_share(&req, share);
 		if (ret)
 			break;
-- 
2.33.0.882.g93a45727a2-goog

_______________________________________________
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm

From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=+cAE=PB=lists.infradead.org=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id D4B86C433F5
	for <linux-arm-kernel@archiver.kernel.org>; Wed, 13 Oct 2021 16:07:15 +0000 (UTC)
Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id 9914C60EE9
	for <linux-arm-kernel@archiver.kernel.org>; Wed, 13 Oct 2021 16:07:15 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 9914C60EE9
Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com
Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=lists.infradead.org
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20210309; h=Sender:
	Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:
	List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:References:
	Mime-Version:Message-Id:In-Reply-To:Date:Reply-To:Content-ID:
	Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
	:Resent-Message-ID:List-Owner;
	bh=Qnh4E+w3yKv3IOQl45tjRgfatUCAJ83vEtu11AdDkv4=; b=pfr+thzER342twTcX7EoO/giHS
	CmcuKqZPtMktDqD40FRKzg6zstXtaqjXN/fxaM1kabCs3D7FhOaCPWI5rnfuReeVozEvV5ECR3cQl
	tHaRuNerl1qT2dF4GhYK5ntSYS4JSupGot+jR6hcOvknwR4tgDVXGrtfQy3aadt4zQY3bnWCA+il4
	5P/+HsNUXK0YcjRqyCTMPVO0zVj/ukZmL2BEGspMPg0cBZASii74NOP9X6Vt03MBSfif1+qK9TAwY
	EfLhpTtOY4DqjbwPT27hggPbFA2ZlWSPl/x3FOjqKsrri9ZJu2JyB7Kcun4Y+3AzAnC2AHsZ1rZrx
	TCPSx7YQ==;
Received: from localhost ([::1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux))
	id 1magl8-00HWFj-My; Wed, 13 Oct 2021 16:05:39 +0000
Received: from mail-qv1-xf49.google.com ([2607:f8b0:4864:20::f49])
 by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux))
 id 1mageo-00HTRR-EI
 for linux-arm-kernel@lists.infradead.org; Wed, 13 Oct 2021 15:59:08 +0000
Received: by mail-qv1-xf49.google.com with SMTP id
 q17-20020ad45491000000b003832299965bso2941997qvy.18
 for <linux-arm-kernel@lists.infradead.org>;
 Wed, 13 Oct 2021 08:59:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112;
 h=date:in-reply-to:message-id:mime-version:references:subject:from:to
 :cc; bh=DEoxdh+qQqNfn4kriXOPtuGm5/KezrtRJAuAEOvIIEc=;
 b=TpLWDDRB66gNFtTO9H4DRYs+65J/g5K+vn3S4IswImh0cKDwKxr4tBSjZcRccVl/Gl
 PA7nAXYwmNvaJhrKw46Ts3VNmjOrJZAny7BGVWCNErEuHLrCRinaJt33ySp3tdu1rhlU
 ObF8iMNmln/oDydOezVDr5M8tvVtysJpT8v+dFboU9XBwY12v9a9YJdoISKQDzlPyc89
 gwxqYq45K+oRmNXwFvSb/RgfedaC9VADqHJA3tsa8lwe9+sahvN4PIU9zbtzmjuqi1TS
 TY2B5+x2nY3sIMBjjwqLbn3F5AEhqAsehabz6sua9uKu7eipWBEh68yQaYKn6biu+OzM
 jw3Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:date:in-reply-to:message-id:mime-version
 :references:subject:from:to:cc;
 bh=DEoxdh+qQqNfn4kriXOPtuGm5/KezrtRJAuAEOvIIEc=;
 b=flhzgGw617RO1qIwGnVCpAhipORR4U2dVu/KdXEOWXGdf8BBTbXkyvxQ2q0y53pDNQ
 qXX4ICQ8V2wW8B8/yUz8o1nfSGhhPtBRzhNaA6yYx0LWb0ytXjMwt4wFTk0BbADKvVqt
 GcAvgWKKIEPd/nbttYD0yNzKx9vzKRZH6+Aaenrxu8Pg7NxVzodEcRGUZY2gRX+EcN+K
 pdxYYc7eq2S4XrhywTo/adILAyeN6RLfT33QaX9nrqr8e04tC5MJRbuL+7aigJbvvbvR
 aJ9z+3e02A7znUTie12wP159samll67uSD65xF+JumzQwgrAJEdew9NMXie/V/GzaC2q
 jHWA==
X-Gm-Message-State: AOAM531wJe51nWcRpOxYolea27f/CFrAl2nkal9vQ+ryNzds2Ia24Ede
 vf/WdK1Y1T4Z8zGOU121RbgcrsirUCyY
X-Google-Smtp-Source: ABdhPJxxY5hYqLzNoNmIsVUGeAsrdYoGroAg6GyRP+fKCKJAdv6jBH4kuWvly/Nv7EL03M4qWkxiLE/AW3NG
X-Received: from luke.lon.corp.google.com
 ([2a00:79e0:d:210:65b5:73d3:1558:b9ae])
 (user=qperret job=sendgmr) by 2002:ac8:5385:: with SMTP id
 x5mr73629qtp.105.1634140744121; Wed, 13 Oct 2021 08:59:04 -0700 (PDT)
Date: Wed, 13 Oct 2021 16:58:28 +0100
In-Reply-To: <20211013155831.943476-1-qperret@google.com>
Message-Id: <20211013155831.943476-14-qperret@google.com>
Mime-Version: 1.0
References: <20211013155831.943476-1-qperret@google.com>
X-Mailer: git-send-email 2.33.0.882.g93a45727a2-goog
Subject: [PATCH 13/16] KVM: arm64: Move double-sharing logic into hyp-specific
 function
From: Quentin Perret <qperret@google.com>
To: Marc Zyngier <maz@kernel.org>, James Morse <james.morse@arm.com>, 
 Alexandru Elisei <alexandru.elisei@arm.com>,
 Suzuki K Poulose <suzuki.poulose@arm.com>, 
 Catalin Marinas <catalin.marinas@arm.com>, Will Deacon <will@kernel.org>,
 Fuad Tabba <tabba@google.com>, David Brazdil <dbrazdil@google.com>
Cc: linux-arm-kernel@lists.infradead.org, kvmarm@lists.cs.columbia.edu, 
 linux-kernel@vger.kernel.org, kernel-team@android.com
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20211013_085906_555878_94F360F5 
X-CRM114-Status: GOOD (  17.11  )
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: <linux-arm-kernel.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/linux-arm-kernel>, 
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/>
List-Post: <mailto:linux-arm-kernel@lists.infradead.org>
List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>, 
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org

From: Will Deacon <will@kernel.org>

Strictly speaking, double-sharing a page is an invalid transition and
should be rejected, however we allow this in order to simplify the
book-keeping when KVM metadata (such as vcpu structures) co-exists in
the same page.

Given that double-sharing is only required for pages shared with the
hypervisor by the host, move the handling into a hyp-specific function
to check incoming shares, therefore preventing double-sharing outside
of this particular transition.

Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Quentin Perret <qperret@google.com>
---
 arch/arm64/kvm/hyp/nvhe/mem_protect.c | 57 +++++++++++++++++++--------
 1 file changed, 41 insertions(+), 16 deletions(-)

diff --git a/arch/arm64/kvm/hyp/nvhe/mem_protect.c b/arch/arm64/kvm/hyp/nvhe/mem_protect.c
index 909e60f71b06..3378117d010c 100644
--- a/arch/arm64/kvm/hyp/nvhe/mem_protect.c
+++ b/arch/arm64/kvm/hyp/nvhe/mem_protect.c
@@ -536,6 +536,33 @@ static int ack_share(struct pkvm_page_share_ack *ack,
 	}
 }
 
+static int hyp_check_incoming_share(struct pkvm_page_req *req,
+				    struct pkvm_page_share_ack *ack,
+				    enum pkvm_component_id initiator,
+				    enum kvm_pgtable_prot prot)
+{
+	/*
+	 * We allow the host to share the same page twice, but that means we
+	 * have to check that the states really do match exactly.
+	 */
+	if (initiator != PKVM_ID_HOST)
+		return -EPERM;
+
+	if (req->initiator.state != PKVM_PAGE_SHARED_OWNED)
+		return -EPERM;
+
+	if (ack->completer.state != PKVM_PAGE_SHARED_BORROWED)
+		return -EPERM;
+
+	if (ack->completer.phys != req->phys)
+		return -EPERM;
+
+	if (ack->completer.prot != prot)
+		return -EPERM;
+
+	return 0;
+}
+
 /*
  * Check that the page states in the initiator and the completer are compatible
  * for the requested page-sharing operation to go ahead.
@@ -544,6 +571,8 @@ static int check_share(struct pkvm_page_req *req,
 		       struct pkvm_page_share_ack *ack,
 		       struct pkvm_mem_share *share)
 {
+	struct pkvm_mem_transition *tx = &share->tx;
+
 	if (!addr_is_memory(req->phys))
 		return -EINVAL;
 
@@ -552,25 +581,22 @@ static int check_share(struct pkvm_page_req *req,
 		return 0;
 	}
 
-	if (req->initiator.state != PKVM_PAGE_SHARED_OWNED)
-		return -EPERM;
-
-	if (ack->completer.state != PKVM_PAGE_SHARED_BORROWED)
-		return -EPERM;
-
-	if (ack->completer.phys != req->phys)
-		return -EPERM;
-
-	if (ack->completer.prot != share->prot)
+	switch (tx->completer.id) {
+	case PKVM_ID_HYP:
+		return hyp_check_incoming_share(req, ack, tx->initiator.id,
+						share->prot);
+	default:
 		return -EPERM;
-
-	return 0;
+	}
 }
 
 static int host_initiate_share(struct pkvm_page_req *req)
 {
 	enum kvm_pgtable_prot prot;
 
+	if (req->initiator.state == PKVM_PAGE_SHARED_OWNED)
+		return 0;
+
 	prot = pkvm_mkstate(PKVM_HOST_MEM_PROT, PKVM_PAGE_SHARED_OWNED);
 	return host_stage2_idmap_locked(req->initiator.addr, PAGE_SIZE, prot);
 }
@@ -595,6 +621,9 @@ static int hyp_complete_share(struct pkvm_page_req *req,
 	void *start = (void *)req->completer.addr, *end = start + PAGE_SIZE;
 	enum kvm_pgtable_prot prot;
 
+	if (req->initiator.state == PKVM_PAGE_SHARED_OWNED)
+		return 0;
+
 	prot = pkvm_mkstate(perms, PKVM_PAGE_SHARED_BORROWED);
 	return pkvm_create_mappings_locked(start, end, prot);
 }
@@ -653,10 +682,6 @@ static int do_share(struct pkvm_mem_share *share)
 		if (ret)
 			break;
 
-		/* Allow double-sharing by skipping over the page */
-		if (req.initiator.state == PKVM_PAGE_SHARED_OWNED)
-			continue;
-
 		ret = initiate_share(&req, share);
 		if (ret)
 			break;
-- 
2.33.0.882.g93a45727a2-goog


_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel