[RESEND PATCH V8 09/11] KVM: Add new exit reason For ROE violations

From: Ahmed Abd El Mawgood
Date: Mon Jan 21 2019 - 03:11:52 EST

Next message: Federico Vaga: "Re: [PATCH] doc:it_IT: add translations in process/"
Previous message: Kishon Vijay Abraham I: "Re: [PATCH v5 2/2] phy: zynqmp: Add phy driver for xilinx zynqmp phy core"
In reply to: Ahmed Abd El Mawgood: "[RESEND PATCH V8 02/11] KVM: X86: Add arbitrary data pointer in kvm memslot iterator functions"
Next in thread: Ahmed Abd El Mawgood: "[RESEND PATCH V8 08/11] KVM: X86: Port ROE_MPROTECT_CHUNK to x86"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The problem is that qemu will not be able to detect ROE violations, so
one option would be create host API to tell if a given page is ROE
protected, or create ROE violation exit reason.

Signed-off-by: Ahmed Abd El Mawgood <ahmedsoliman@xxxxxxxxxxx>
---
arch/x86/kvm/x86.c | 10 +++++++++-
include/kvm/roe.h | 12 ++++++++++++
include/uapi/linux/kvm.h | 2 +-
virt/kvm/kvm_main.c | 1 +
virt/kvm/roe.c | 2 +-
virt/kvm/roe_generic.h | 9 +--------
6 files changed, 25 insertions(+), 11 deletions(-)

diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 19b0f2307e..368e3d99fd 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -5409,6 +5409,7 @@ static int emulator_read_write(struct x86_emulate_ctxt *ctxt,
const struct read_write_emulator_ops *ops)
{
struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt);
+ struct kvm_memory_slot *slot;
gpa_t gpa;
int rc;

@@ -5450,7 +5451,14 @@ static int emulator_read_write(struct x86_emulate_ctxt *ctxt,

vcpu->run->mmio.len = min(8u, vcpu->mmio_fragments[0].len);
vcpu->run->mmio.is_write = vcpu->mmio_is_write = ops->write;
- vcpu->run->exit_reason = KVM_EXIT_MMIO;
+ slot = kvm_vcpu_gfn_to_memslot(vcpu, gpa >> PAGE_SHIFT);
+ if (slot && ops->write && (kvm_roe_check_range(slot, gpa>>PAGE_SHIFT,
+ gpa - (gpa & PAGE_MASK), bytes) ||
+ gfn_is_full_roe(slot, gpa>>PAGE_SHIFT)))
+ vcpu->run->exit_reason = KVM_EXIT_ROE;
+ else
+ vcpu->run->exit_reason = KVM_EXIT_MMIO;
+
vcpu->run->mmio.phys_addr = gpa;

return ops->read_write_exit_mmio(vcpu, gpa, val, bytes);
diff --git a/include/kvm/roe.h b/include/kvm/roe.h
index 6a86866623..3121a67753 100644
--- a/include/kvm/roe.h
+++ b/include/kvm/roe.h
@@ -13,4 +13,16 @@ void kvm_roe_arch_commit_protection(struct kvm *kvm,
struct kvm_memory_slot *slot);
int kvm_roe(struct kvm_vcpu *vcpu, u64 a0, u64 a1, u64 a2, u64 a3);
bool kvm_roe_arch_is_userspace(struct kvm_vcpu *vcpu);
+bool kvm_roe_check_range(struct kvm_memory_slot *slot, gfn_t gfn, int offset,
+ int len);
+static inline bool gfn_is_full_roe(struct kvm_memory_slot *slot, gfn_t gfn)
+{
+ return test_bit(gfn - slot->base_gfn, slot->roe_bitmap);
+
+}
+static inline bool gfn_is_partial_roe(struct kvm_memory_slot *slot, gfn_t gfn)
+{
+ return test_bit(gfn - slot->base_gfn, slot->partial_roe_bitmap);
+}
+
#endif
diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h
index 6d4ea4b6c9..0a386bb5f2 100644
--- a/include/uapi/linux/kvm.h
+++ b/include/uapi/linux/kvm.h
@@ -235,7 +235,7 @@ struct kvm_hyperv_exit {
#define KVM_EXIT_S390_STSI 25
#define KVM_EXIT_IOAPIC_EOI 26
#define KVM_EXIT_HYPERV 27
-
+#define KVM_EXIT_ROE 28
/* For KVM_EXIT_INTERNAL_ERROR */
/* Emulate instruction failed. */
#define KVM_INTERNAL_ERROR_EMULATION 1
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index 819033f475..d92d300539 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -62,6 +62,7 @@
#include "async_pf.h"
#include "vfio.h"
#include "roe_generic.h"
+#include <kvm/roe.h>

#define CREATE_TRACE_POINTS
#include <trace/events/kvm.h>
diff --git a/virt/kvm/roe.c b/virt/kvm/roe.c
index 4393a6a6a2..9540473f89 100644
--- a/virt/kvm/roe.c
+++ b/virt/kvm/roe.c
@@ -60,7 +60,7 @@ bool kvm_roe_check_range(struct kvm_memory_slot *slot, gfn_t gfn, int offset,
return false;
return kvm_roe_protected_range(slot, gpa, len);
}
-
+EXPORT_SYMBOL_GPL(kvm_roe_check_range);

void kvm_roe_free(struct kvm_memory_slot *slot)
{
diff --git a/virt/kvm/roe_generic.h b/virt/kvm/roe_generic.h
index ad121372f2..f1ce4a8aec 100644
--- a/virt/kvm/roe_generic.h
+++ b/virt/kvm/roe_generic.h
@@ -14,12 +14,5 @@ void kvm_roe_free(struct kvm_memory_slot *slot);
int kvm_roe_init(struct kvm_memory_slot *slot);
bool kvm_roe_check_range(struct kvm_memory_slot *slot, gfn_t gfn, int offset,
int len);
-static inline bool gfn_is_full_roe(struct kvm_memory_slot *slot, gfn_t gfn)
-{
- return test_bit(gfn - slot->base_gfn, slot->roe_bitmap);
-}
-static inline bool gfn_is_partial_roe(struct kvm_memory_slot *slot, gfn_t gfn)
-{
- return test_bit(gfn - slot->base_gfn, slot->partial_roe_bitmap);
-}
+
#endif
--
2.19.2

Next message: Federico Vaga: "Re: [PATCH] doc:it_IT: add translations in process/"
Previous message: Kishon Vijay Abraham I: "Re: [PATCH v5 2/2] phy: zynqmp: Add phy driver for xilinx zynqmp phy core"
In reply to: Ahmed Abd El Mawgood: "[RESEND PATCH V8 02/11] KVM: X86: Add arbitrary data pointer in kvm memslot iterator functions"
Next in thread: Ahmed Abd El Mawgood: "[RESEND PATCH V8 08/11] KVM: X86: Port ROE_MPROTECT_CHUNK to x86"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]