Commit 83bbb8ff authored by Paolo Bonzini's avatar Paolo Bonzini
Browse files

Merge tag 'kvmarm-fixes-5.10-5' of... 

Merge tag 'kvmarm-fixes-5.10-5' of git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm into HEAD

kvm/arm64 fixes for 5.10, take #5

- Don't leak page tables on PTE update
- Correctly invalidate TLBs on table to block transition
- Only update permissions if the fault level matches the
  expected mapping size
parents 339f5a7f 7d894834

arch/arm64/include/asm/esr.h

+1 −0
Original line number Diff line number Diff line
@@ -104,6 +104,7 @@ 
/* Shared ISS fault status code(IFSC/DFSC) for Data/Instruction aborts */

#define ESR_ELx_FSC		(0x3F)

#define ESR_ELx_FSC_TYPE	(0x3C)

#define ESR_ELx_FSC_LEVEL	(0x03)

#define ESR_ELx_FSC_EXTABT	(0x10)

#define ESR_ELx_FSC_SERROR	(0x11)

#define ESR_ELx_FSC_ACCESS	(0x08)

arch/arm64/include/asm/kvm_emulate.h

+5 −0
Original line number Diff line number Diff line
@@ -350,6 +350,11 @@ static __always_inline u8 kvm_vcpu_trap_get_fault_type(const struct kvm_vcpu *vc 
	return kvm_vcpu_get_esr(vcpu) & ESR_ELx_FSC_TYPE;

}



static __always_inline u8 kvm_vcpu_trap_get_fault_level(const struct kvm_vcpu *vcpu)

{

	return kvm_vcpu_get_esr(vcpu) & ESR_ELx_FSC_LEVEL;

}



static __always_inline bool kvm_vcpu_abt_issea(const struct kvm_vcpu *vcpu)

{

	switch (kvm_vcpu_trap_get_fault(vcpu)) {

arch/arm64/kvm/hyp/pgtable.c

+16 −1
Original line number Diff line number Diff line
@@ -470,6 +470,15 @@ static bool stage2_map_walker_try_leaf(u64 addr, u64 end, u32 level, 
	if (!kvm_block_mapping_supported(addr, end, phys, level))

		return false;



	/*

	 * If the PTE was already valid, drop the refcount on the table

	 * early, as it will be bumped-up again in stage2_map_walk_leaf().

	 * This ensures that the refcount stays constant across a valid to

	 * valid PTE update.

	 */

	if (kvm_pte_valid(*ptep))

		put_page(virt_to_page(ptep));



	if (kvm_set_valid_leaf_pte(ptep, phys, data->attr, level))

		goto out;
@@ -493,7 +502,13 @@ static int stage2_map_walk_table_pre(u64 addr, u64 end, u32 level, 
		return 0;



	kvm_set_invalid_pte(ptep);

	kvm_call_hyp(__kvm_tlb_flush_vmid_ipa, data->mmu, addr, 0);



	/*

	 * Invalidate the whole stage-2, as we may have numerous leaf

	 * entries below us which would otherwise need invalidating

	 * individually.

	 */

	kvm_call_hyp(__kvm_tlb_flush_vmid, data->mmu);

	data->anchor = ptep;

	return 0;

}

arch/arm64/kvm/mmu.c

+9 −2
Original line number Diff line number Diff line
@@ -754,10 +754,12 @@ static int user_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa, 
	gfn_t gfn;

	kvm_pfn_t pfn;

	bool logging_active = memslot_is_logging(memslot);

	unsigned long vma_pagesize;

	unsigned long fault_level = kvm_vcpu_trap_get_fault_level(vcpu);

	unsigned long vma_pagesize, fault_granule;

	enum kvm_pgtable_prot prot = KVM_PGTABLE_PROT_R;

	struct kvm_pgtable *pgt;



	fault_granule = 1UL << ARM64_HW_PGTABLE_LEVEL_SHIFT(fault_level);

	write_fault = kvm_is_write_fault(vcpu);

	exec_fault = kvm_vcpu_trap_is_exec_fault(vcpu);

	VM_BUG_ON(write_fault && exec_fault);
@@ -896,7 +898,12 @@ static int user_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa, 
	else if (cpus_have_const_cap(ARM64_HAS_CACHE_DIC))

		prot |= KVM_PGTABLE_PROT_X;



	if (fault_status == FSC_PERM && !(logging_active && writable)) {

	/*

	 * Under the premise of getting a FSC_PERM fault, we just need to relax

	 * permissions only if vma_pagesize equals fault_granule. Otherwise,

	 * kvm_pgtable_stage2_map() should be called to change block size.

	 */

	if (fault_status == FSC_PERM && vma_pagesize == fault_granule) {

		ret = kvm_pgtable_stage2_relax_perms(pgt, fault_ipa, prot);

	} else {

		ret = kvm_pgtable_stage2_map(pgt, fault_ipa, vma_pagesize,

CRA Git | Maintained and supported by SUSTech CRA and CCSE