[PATCH 10/28] KVM: PPC: Book3S HV: Don't give the guest RW access to RO pages

kvm.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Alexander Graf <agraf@suse.de>
To: Marcelo Tosatti <mtosatti@redhat.com>
Cc: Gleb Natapov <gleb@redhat.com>, kvm-ppc <kvm-ppc@vger.kernel.org>,
	KVM list <kvm@vger.kernel.org>, Paul Mackerras <paulus@samba.org>
Subject: [PATCH 10/28] KVM: PPC: Book3S HV: Don't give the guest RW access to RO pages
Date: Thu,  6 Dec 2012 01:40:59 +0100	[thread overview]
Message-ID: <1354754477-15472-11-git-send-email-agraf@suse.de> (raw)
In-Reply-To: <1354754477-15472-1-git-send-email-agraf@suse.de>

From: Paul Mackerras <paulus@samba.org>

Currently, if the guest does an H_PROTECT hcall requesting that the
permissions on a HPT entry be changed to allow writing, we make the
requested change even if the page is marked read-only in the host
Linux page tables.  This is a problem since it would for instance
allow a guest to modify a page that KSM has decided can be shared
between multiple guests.

To fix this, if the new permissions for the page allow writing, we need
to look up the memslot for the page, work out the host virtual address,
and look up the Linux page tables to get the PTE for the page.  If that
PTE is read-only, we reduce the HPTE permissions to read-only.

Signed-off-by: Paul Mackerras <paulus@samba.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
---
 arch/powerpc/kvm/book3s_hv_rm_mmu.c |   22 ++++++++++++++++++++++
 1 files changed, 22 insertions(+), 0 deletions(-)

diff --git a/arch/powerpc/kvm/book3s_hv_rm_mmu.c b/arch/powerpc/kvm/book3s_hv_rm_mmu.c
index fc3da32..7a57ea4 100644
--- a/arch/powerpc/kvm/book3s_hv_rm_mmu.c
+++ b/arch/powerpc/kvm/book3s_hv_rm_mmu.c
@@ -600,6 +600,28 @@ long kvmppc_h_protect(struct kvm_vcpu *vcpu, unsigned long flags,
 			asm volatile("tlbiel %0" : : "r" (rb));
 			asm volatile("ptesync" : : : "memory");
 		}
+		/*
+		 * If the host has this page as readonly but the guest
+		 * wants to make it read/write, reduce the permissions.
+		 * Checking the host permissions involves finding the
+		 * memslot and then the Linux PTE for the page.
+		 */
+		if (hpte_is_writable(r) && kvm->arch.using_mmu_notifiers) {
+			unsigned long psize, gfn, hva;
+			struct kvm_memory_slot *memslot;
+			pgd_t *pgdir = vcpu->arch.pgdir;
+			pte_t pte;
+
+			psize = hpte_page_size(v, r);
+			gfn = ((r & HPTE_R_RPN) & ~(psize - 1)) >> PAGE_SHIFT;
+			memslot = __gfn_to_memslot(kvm_memslots(kvm), gfn);
+			if (memslot) {
+				hva = __gfn_to_hva_memslot(memslot, gfn);
+				pte = lookup_linux_pte(pgdir, hva, 1, &psize);
+				if (pte_present(pte) && !pte_write(pte))
+					r = hpte_make_readonly(r);
+			}
+		}
 	}
 	hpte[1] = r;
 	eieio();
-- 
1.6.0.2

next prev parent reply	other threads:[~2012-12-06  0:40 UTC|newest]

Thread overview: 30+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-12-06  0:40 [PULL 00/28] ppc patch queue 2012-12-06 Alexander Graf
2012-12-06  0:40 ` [PATCH 01/28] KVM: Distangle eventfd code from irqchip Alexander Graf
2012-12-06  0:40 ` [PATCH 02/28] KVM: PPC: Support eventfd Alexander Graf
2012-12-06  0:40 ` [PATCH 03/28] KVM: PPC: Book3S HV: Restructure HPT entry creation code Alexander Graf
2012-12-06  0:40 ` [PATCH 04/28] KVM: PPC: Book3S HV: Fix bug causing loss of page dirty state Alexander Graf
2012-12-06  0:40 ` [PATCH 05/28] KVM: PPC: Book3S HV: Add a mechanism for recording modified HPTEs Alexander Graf
2012-12-06  0:40 ` [PATCH 06/28] KVM: PPC: Book3S HV: Make a HPTE removal function available Alexander Graf
2012-12-06  0:40 ` [PATCH 07/28] KVM: PPC: Book3S HV: Provide a method for userspace to read and write the HPT Alexander Graf
2012-12-06  0:40 ` [PATCH 08/28] KVM: PPC: Book3S HV: Reset reverse-map chains when resetting " Alexander Graf
2012-12-06  0:40 ` [PATCH 09/28] KVM: PPC: Book3S HV: Report correct HPT entry index when reading HPT Alexander Graf
2012-12-06  0:40 ` Alexander Graf [this message]
2012-12-06  0:41 ` [PATCH 11/28] KVM: PPC: Book3S PR: Emulate PURR, SPURR and DSCR registers Alexander Graf
2012-12-06  0:41 ` [PATCH 12/28] KVM: PPC: Book3S PR: Fix VSX handling Alexander Graf
2012-12-06  0:41 ` [PATCH 13/28] KVM: PPC: Book3S PR: MSR_DE doesn't exist on Book 3S Alexander Graf
2012-12-06  0:41 ` [PATCH 14/28] MAINTAINERS: Add git tree link for PPC KVM Alexander Graf
2012-12-06  0:41 ` [PATCH 15/28] KVM: PPC: Book3S HV: Improve handling of local vs. global TLB invalidations Alexander Graf
2012-12-06  0:41 ` [PATCH 16/28] KVM: PPC: Book3S HV: Handle guest-caused machine checks on POWER7 without panicking Alexander Graf
2012-12-06  0:41 ` [PATCH 17/28] KVM: PPC: e500: Silence bogus GCC warning in tlb code Alexander Graf
2012-12-06  0:41 ` [PATCH 18/28] KVM: PPC: booke: Fix get_tb() compile error on 64-bit Alexander Graf
2012-12-06  0:41 ` [PATCH 19/28] KVM: PPC: bookehv: Remove GET_VCPU macro from exception handler Alexander Graf
2012-12-06  0:41 ` [PATCH 20/28] KVM: PPC: bookehv64: Add support for interrupt handling Alexander Graf
2012-12-06  0:41 ` [PATCH 21/28] KVM: PPC: e500: Add emulation helper for getting instruction ea Alexander Graf
2012-12-06  0:41 ` [PATCH 22/28] KVM: PPC: Mask ea's high 32-bits in 32/64 instr emulation Alexander Graf
2012-12-06  0:41 ` [PATCH 23/28] KVM: PPC: e500: Mask MAS2 EPN high 32-bits in 32/64 tlbwe emulation Alexander Graf
2012-12-06  0:41 ` [PATCH 24/28] KVM: PPC: booke: Extend MAS2 EPN mask for 64-bit Alexander Graf
2012-12-06  0:41 ` [PATCH 25/28] KVM: PPC: Make EPCR a valid field for booke64 and bookehv Alexander Graf
2012-12-06  0:41 ` [PATCH 26/28] KVM: PPC: bookehv: Add guest computation mode for irq delivery Alexander Graf
2012-12-06  0:41 ` [PATCH 27/28] KVM: PPC: bookehv: Add EPCR support in mtspr/mfspr emulation Alexander Graf
2012-12-06  0:41 ` [PATCH 28/28] KVM: PPC: booke: Get/set guest EPCR register using ONE_REG interface Alexander Graf
2012-12-09 20:44 ` [PULL 00/28] ppc patch queue 2012-12-06 Marcelo Tosatti

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:fc3da32 dfblob:7a57ea4 )
 OR (
bs:"[PATCH 10/28] KVM: PPC: Book3S HV: Don't give the guest RW access to RO pages" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1354754477-15472-11-git-send-email-agraf@suse.de \
    --to=agraf@suse.de \
    --cc=gleb@redhat.com \
    --cc=kvm-ppc@vger.kernel.org \
    --cc=kvm@vger.kernel.org \
    --cc=mtosatti@redhat.com \
    --cc=paulus@samba.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).