From patchwork Sat May 13 00:35:47 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Sean Christopherson <seanjc@google.com>
X-Patchwork-Id: 93449
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp5480990vqo;
        Fri, 12 May 2023 17:39:25 -0700 (PDT)
X-Google-Smtp-Source: 
 ACHHUZ7jiM4+YWZPadBliSviDPDVB9KSF6O3ID592cPftSZt1MWYYWzx9WAho70403qs/A4gjxO6
X-Received: by 2002:a05:6a20:8e05:b0:104:ecd9:a9f3 with SMTP id
 y5-20020a056a208e0500b00104ecd9a9f3mr1729031pzj.7.1683938364743;
        Fri, 12 May 2023 17:39:24 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1683938364; cv=none;
        d=google.com; s=arc-20160816;
        b=E+nLtCBM+PygO4EIKBFHb9jMz2LuUFWuCNW0mE5nhlYWlH71cPn3z3wh6IDj+RCV1i
         +D2P0WlDYrS7O+gxCdXlBb0SEXn+maC5DnZJxR3eX/XJfZZoFlBsfCo7QtgJ9BLeBnr6
         ine2RwZx0x61GP6/eUNFMujaVXyrsjOWBHRiRkKdloS4iBKm9bS0b2N7v9AR1zgK6msh
         e+dQfm+v8xp7Om6XXPVHTFBrrC26U9W8hH6yhXG+w/8zWwkxH0eysozMqnXOZK928bPF
         xGpKVQIbmBX+rBHnqVMRSzsH8WCFWeB/2GH6yzUZyxbe3YOaoYu1gPa452Qx9Fsq0PF7
         qnJQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-id:precedence:cc:to:from:subject:message-id:references
         :mime-version:in-reply-to:date:reply-to:dkim-signature;
        bh=ppmpPnvYH2liION2C18+4wtZokm3fkaR+RkN6Z/HLA4=;
        b=kqkJ6pxihyQ5wm51B0A7bSkXE7wCDBQhqe5Rl7n6tlDBt3j3onTOVsNIMQ0JfdpMsG
         eJV0CuTQBV/qLCckTtMB+3sq63+te2ZUabeGh5wbRZeBKc921P1UbP1TtLLPr1yTEY+I
         IXiW+p1bNfsBWIccchQsC6TX1dkfhSR1WgkJwC/Vh6vLtux3CjjrE0MoPBG4kp5m1oR8
         /Y2J1iSiY2SWHMh66XYWf5cIQS6kDwra1rZ7y+XXvYMEnh3KvY/9aTVplw/rz0csZpBy
         tW8CTSf4VfDvGo/XIas8yB63UwLdFpC0vCm9Raw/Nx4aFigoda+NcIRhFTtLSHKCkcAi
         aqMA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20221208 header.b=45UXT9+S;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id
 f27-20020a63381b000000b0051b1966e6b6si10191156pga.521.2023.05.12.17.39.12;
        Fri, 12 May 2023 17:39:24 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20221208 header.b=45UXT9+S;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S241744AbjEMAho (ORCPT <rfc822;peekingduck44@gmail.com>
        + 99 others); Fri, 12 May 2023 20:37:44 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45092 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S241736AbjEMAg4 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 12 May 2023 20:36:56 -0400
Received: from mail-yw1-x1149.google.com (mail-yw1-x1149.google.com
 [IPv6:2607:f8b0:4864:20::1149])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BB71FD2D2
        for <linux-kernel@vger.kernel.org>;
 Fri, 12 May 2023 17:36:38 -0700 (PDT)
Received: by mail-yw1-x1149.google.com with SMTP id
 00721157ae682-559f48c530eso172383017b3.0
        for <linux-kernel@vger.kernel.org>;
 Fri, 12 May 2023 17:36:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20221208; t=1683938194; x=1686530194;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=ppmpPnvYH2liION2C18+4wtZokm3fkaR+RkN6Z/HLA4=;
        b=45UXT9+SktxePZpw2T3kVWDruDvjmvEtVDBKj9cD13lxzc+wcDHTX1vfWSxxwD74Q5
         RkCQv8COWyYfaup3oymSJZNKJOF09mKoC3BDy8v/rvLfKkHYICZQ+z5io7IBdiOa+ro7
         pLsKJKBn4GtdpqxqnOOWFsQZAZob2rn2K1hmGq5qSndnyviQsbmFx2RMjk9VpLmrFVdc
         EtrmzT72ZwUTG2/nLbUY9/41N1zuDT7bo7FxLVHZPG196vNcbU/uoYh4rFAlqZVh1ook
         O6qy8LI9LxKiBA457PiKeZO0WZuUXPtezPe8yrINQ4yJ5DfAcSjqhxDgdV6/hPIqVIpr
         HbNw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1683938194; x=1686530194;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=ppmpPnvYH2liION2C18+4wtZokm3fkaR+RkN6Z/HLA4=;
        b=LX9pLyvooc52q1FGcHif+2s7Cbzr1z7n2brFl1vRSIHH3TjeScP9ZhrW0wJR5p1hrr
         ErTIn5aOnJA6yLO9nFK0eDAoroE/43vfu1du5vFyI+tjq3JHoS+112QCNjkRevP7vwpe
         ebHKjnlm2r/MmTdfe5iyj1oIycTjs1l+Wei0SJi1Iwe+FwIEL6K4yYefLnfzcfltVYMJ
         ewsZkblyNxBKod5NlGnlYB1C4LMMFwge4U+SMNsnbMnN+8xtx5OiiYZUxgM9UFZbfIi6
         KZQO/9ZsmYa5VBSCsdcMUI5jAlo4WyUBrNhUsrsAnEHAMSXszZpsfwU1Ol66mF38LOCX
         cuVg==
X-Gm-Message-State: AC+VfDx/M0kjwiTCBaSAlZjPC/vwyePWpJaKNdO5ET+7K7mjSDG72988
        osnNQMX1EUWbi8RMPtL4EkdgbK0kZ5c=
X-Received: from zagreus.c.googlers.com
 ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37])
 (user=seanjc job=sendgmr) by 2002:a81:4509:0:b0:561:244d:c40 with SMTP id
 s9-20020a814509000000b00561244d0c40mr1686825ywa.5.1683938194315; Fri, 12 May
 2023 17:36:34 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Fri, 12 May 2023 17:35:47 -0700
In-Reply-To: <20230513003600.818142-1-seanjc@google.com>
Mime-Version: 1.0
References: <20230513003600.818142-1-seanjc@google.com>
X-Mailer: git-send-email 2.40.1.606.ga4b1b128d6-goog
Message-ID: <20230513003600.818142-16-seanjc@google.com>
Subject: [PATCH v3 15/28] KVM: x86: Reject memslot MOVE operations if KVMGT is
 attached
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
        Paolo Bonzini <pbonzini@redhat.com>,
        Zhenyu Wang <zhenyuw@linux.intel.com>,
        Zhi Wang <zhi.a.wang@intel.com>
Cc: kvm@vger.kernel.org, intel-gvt-dev@lists.freedesktop.org,
        intel-gfx@lists.freedesktop.org, linux-kernel@vger.kernel.org,
        Yan Zhao <yan.y.zhao@intel.com>,
        Ben Gardon <bgardon@google.com>
X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
        SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL
        autolearn=unavailable autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1765737354739283661?=
X-GMAIL-MSGID: =?utf-8?q?1765737354739283661?=

Disallow moving memslots if the VM has external page-track users, i.e. if
KVMGT is being used to expose a virtual GPU to the guest, as KVMGT doesn't
correctly handle moving memory regions.

Note, this is potential ABI breakage!  E.g. userspace could move regions
that aren't shadowed by KVMGT without harming the guest.  However, the
only known user of KVMGT is QEMU, and QEMU doesn't move generic memory
regions.  KVM's own support for moving memory regions was also broken for
multiple years (albeit for an edge case, but arguably moving RAM is
itself an edge case), e.g. see commit edd4fa37baa6 ("KVM: x86: Allocate
new rmap and large page tracking when moving memslot").

Reviewed-by: Yan Zhao <yan.y.zhao@intel.com>
Signed-off-by: Sean Christopherson <seanjc@google.com>
---
 arch/x86/include/asm/kvm_page_track.h | 3 +++
 arch/x86/kvm/mmu/page_track.c         | 5 +++++
 arch/x86/kvm/x86.c                    | 7 +++++++
 3 files changed, 15 insertions(+)

diff --git a/arch/x86/include/asm/kvm_page_track.h b/arch/x86/include/asm/kvm_page_track.h
index 8c4d216e3b2b..f744682648e7 100644
--- a/arch/x86/include/asm/kvm_page_track.h
+++ b/arch/x86/include/asm/kvm_page_track.h
@@ -75,4 +75,7 @@ kvm_page_track_unregister_notifier(struct kvm *kvm,
 void kvm_page_track_write(struct kvm_vcpu *vcpu, gpa_t gpa, const u8 *new,
 			  int bytes);
 void kvm_page_track_flush_slot(struct kvm *kvm, struct kvm_memory_slot *slot);
+
+bool kvm_page_track_has_external_user(struct kvm *kvm);
+
 #endif
diff --git a/arch/x86/kvm/mmu/page_track.c b/arch/x86/kvm/mmu/page_track.c
index 891e5cc52b45..e6de9638e560 100644
--- a/arch/x86/kvm/mmu/page_track.c
+++ b/arch/x86/kvm/mmu/page_track.c
@@ -303,3 +303,8 @@ void kvm_page_track_flush_slot(struct kvm *kvm, struct kvm_memory_slot *slot)
 			n->track_flush_slot(kvm, slot, n);
 	srcu_read_unlock(&head->track_srcu, idx);
 }
+
+bool kvm_page_track_has_external_user(struct kvm *kvm)
+{
+	return hlist_empty(&kvm->arch.track_notifier_head.track_notifier_list);
+}
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index b2d9c5979df7..c6bbd8ffd8c8 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -12588,6 +12588,13 @@ int kvm_arch_prepare_memory_region(struct kvm *kvm,
 				   struct kvm_memory_slot *new,
 				   enum kvm_mr_change change)
 {
+	/*
+	 * KVM doesn't support moving memslots when there are external page
+	 * trackers attached to the VM, i.e. if KVMGT is in use.
+	 */
+	if (change == KVM_MR_MOVE && kvm_page_track_has_external_user(kvm))
+		return -EINVAL;
+
 	if (change == KVM_MR_CREATE || change == KVM_MR_MOVE) {
 		if ((new->base_gfn + new->npages - 1) > kvm_mmu_max_gfn())
 			return -EINVAL;