From patchwork Sat Jul 29 01:35:22 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Sean Christopherson <seanjc@google.com>
X-Patchwork-Id: 128021
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:918b:0:b0:3e4:2afc:c1 with SMTP id s11csp887717vqg;
        Sat, 29 Jul 2023 00:02:07 -0700 (PDT)
X-Google-Smtp-Source: 
 APBJJlE42qNnFrsrwtblE8q1ZKy9kXx7lXLPTcyeHxoJUwu1OpuzGqU6ykhV0DGk+28fFx1CuEKo
X-Received: by 2002:aa7:9a8c:0:b0:686:5f73:4eac with SMTP id
 x12-20020aa79a8c000000b006865f734eacmr4238748pfi.13.1690614127020;
        Sat, 29 Jul 2023 00:02:07 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1690614127; cv=none;
        d=google.com; s=arc-20160816;
        b=ejlebnTsxLVYP5vtJauItv4C0TEhicNR4OSHbmbVRBwNhiAAL6bLSZ5q8mwwlGWeTi
         o83cyBdWjVfDLQ+zDnVTwAupOO/n5K75tsKHr9ppTKw4NCCY6e9LPm38Ho8NgwH5L+u5
         iZ8e2P8C14vidpcuOu3/XcaOOaZol7vFaNlGwTEtYjtfdH1TnbcPk/VBIea4AlpHSRv2
         3j/LMNFjzdpnlYt8XvBr7SI2AIpQsRv6on0SIBGoKFGBt6CYRjaTS3SD2QwirL0HqMGY
         O7RIDxtfgpoTL4APrzvHdTSctvyangz3/O3gm2zmdfHmCHHHNH+3xX5OJUFOCQNJvAqb
         Vx2Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-id:precedence:cc:to:from:subject:message-id:references
         :mime-version:in-reply-to:date:reply-to:dkim-signature;
        bh=z6dQLmm/StL+nbdYI6kfPQ6ebivx3KtEw65/p6OzGX0=;
        fh=J37Q4aKtoxdyy+p3BpF2uV3z0maXFfn3A5M61jlSlO0=;
        b=zmVApXqBwiPFyMdda36IloVm0QWXSGRbhrrV7+3TxcHaNJD9sS5d2+GMQLYE6aHFH5
         xz7ZUw+fAKjv1tlUvsYqJPz/+svXnDsvHr8I0iXFWvnYTnORnqhcEWMEoQBKe/2QpZGE
         pcws9pVYwbOcCdCZXaDTpp49fH6u3vAVappnt+NJhcq6sMaFKMygcRyukWNLWMWQirz3
         YXyrDX/VPL99/jARXDY3h6zV3bS2hZlvffJfMxZJTnBaf/duwu6octCaMGmh+E9Zopoz
         FynCU/83NS87GTvaZ9A5Dd1QFhbASn5W/YO5S19S2Pkdg8cGhMfhUfoU5nPUPX1Y17PN
         GdxQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20221208 header.b=PYLMQsUp;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id
 m13-20020a656a0d000000b0055bc2561b6esi4401336pgu.673.2023.07.29.00.01.53;
        Sat, 29 Jul 2023 00:02:07 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20221208 header.b=PYLMQsUp;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S233803AbjG2Bhn (ORCPT <rfc822;hanasaki@gmail.com> + 99 others);
        Fri, 28 Jul 2023 21:37:43 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47764 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S237286AbjG2BhS (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 28 Jul 2023 21:37:18 -0400
Received: from mail-yw1-x114a.google.com (mail-yw1-x114a.google.com
 [IPv6:2607:f8b0:4864:20::114a])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9F83955B9
        for <linux-kernel@vger.kernel.org>;
 Fri, 28 Jul 2023 18:36:54 -0700 (PDT)
Received: by mail-yw1-x114a.google.com with SMTP id
 00721157ae682-585f254c41aso4634107b3.1
        for <linux-kernel@vger.kernel.org>;
 Fri, 28 Jul 2023 18:36:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20221208; t=1690594575; x=1691199375;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=z6dQLmm/StL+nbdYI6kfPQ6ebivx3KtEw65/p6OzGX0=;
        b=PYLMQsUpqHGHMegWWt06xlTjghMitn7mO2KnrzDNEwNAoXINfqnOQJ5ev/u5TXiCKP
         2+yGvwd3++Y3BgWFCL1PAfl6WvEWEOlYBM1PAw9/uevnNbMBzA31dU/PCLUz14Ze086P
         3mWp6DpT/1yOv5NxTWnhRi/7KAYKYV4EJTEP4DgubEh7CYvnmn7e40/tCw1mQt/fSP8K
         rgwQCD0pKzsWpApeenl8X3TWcD3e8hrwkA67+KSSpPTZGPWd02uGqR06syUiL8++5vFJ
         RjtVpZ3MQgE0WTDOnWzCe0gRzokdWSbf9Noet+nTzkmdPSwQ5smVPkLS5Cwky6MgdsL8
         c+HQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1690594575; x=1691199375;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=z6dQLmm/StL+nbdYI6kfPQ6ebivx3KtEw65/p6OzGX0=;
        b=KN0i+HgAN++PwNGpk1RHO7cPjsL/zMWVg1jgRj78lGxmhwyRCfLQTOEvs77W80jWcW
         svRoIMDYA5AJumbQ7uBxGhRxN+46ix0WoIv2Y/LwrjJnJ1HUgcc9tQSRX1p7JXf+7pMf
         +VTeeBMYZA7CvHveiqMjNQfSS2YIbMGCHuPk47ChbNjAGzfuMeWXvoBKoyjw9kjuxL9R
         NO2CB385+g4ntVdZpc/vZJxPik5tRi+9fIHSkY7kFbyK3m/oU6twFwIuYsKtvDJ3+9J/
         FLb/ewAly0wrz1Rpu83xGAncLPsAsDpIxjMoUGn7oWm3pbnyqDf4ZbUrCnfjKs2HZFAH
         2DAA==
X-Gm-Message-State: ABy/qLYaA5GbqQnXcYzKDIdnHcptjwsSoGO7JDiRK5h983qf2HuvG5Wr
        KPSwI8LdFtqJcZXDYbAReBsWValnMcw=
X-Received: from zagreus.c.googlers.com
 ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37])
 (user=seanjc job=sendgmr) by 2002:a81:ad5f:0:b0:579:fa4c:1f25 with SMTP id
 l31-20020a81ad5f000000b00579fa4c1f25mr22783ywk.7.1690594574877; Fri, 28 Jul
 2023 18:36:14 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Fri, 28 Jul 2023 18:35:22 -0700
In-Reply-To: <20230729013535.1070024-1-seanjc@google.com>
Mime-Version: 1.0
References: <20230729013535.1070024-1-seanjc@google.com>
X-Mailer: git-send-email 2.41.0.487.g6d72f3e995-goog
Message-ID: <20230729013535.1070024-17-seanjc@google.com>
Subject: [PATCH v4 16/29] KVM: x86: Reject memslot MOVE operations if KVMGT is
 attached
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
        Paolo Bonzini <pbonzini@redhat.com>,
        Zhenyu Wang <zhenyuw@linux.intel.com>,
        Zhi Wang <zhi.a.wang@intel.com>
Cc: kvm@vger.kernel.org, intel-gvt-dev@lists.freedesktop.org,
        intel-gfx@lists.freedesktop.org, linux-kernel@vger.kernel.org,
        Yan Zhao <yan.y.zhao@intel.com>,
        Yongwei Ma <yongwei.ma@intel.com>,
        Ben Gardon <bgardon@google.com>
X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
        SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL
        autolearn=unavailable autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1772737398491990336
X-GMAIL-MSGID: 1772737398491990336

Disallow moving memslots if the VM has external page-track users, i.e. if
KVMGT is being used to expose a virtual GPU to the guest, as KVMGT doesn't
correctly handle moving memory regions.

Note, this is potential ABI breakage!  E.g. userspace could move regions
that aren't shadowed by KVMGT without harming the guest.  However, the
only known user of KVMGT is QEMU, and QEMU doesn't move generic memory
regions.  KVM's own support for moving memory regions was also broken for
multiple years (albeit for an edge case, but arguably moving RAM is
itself an edge case), e.g. see commit edd4fa37baa6 ("KVM: x86: Allocate
new rmap and large page tracking when moving memslot").

Reviewed-by: Yan Zhao <yan.y.zhao@intel.com>
Tested-by: Yongwei Ma <yongwei.ma@intel.com>
Signed-off-by: Sean Christopherson <seanjc@google.com>
---
 arch/x86/include/asm/kvm_page_track.h | 3 +++
 arch/x86/kvm/mmu/page_track.c         | 5 +++++
 arch/x86/kvm/x86.c                    | 7 +++++++
 3 files changed, 15 insertions(+)

diff --git a/arch/x86/include/asm/kvm_page_track.h b/arch/x86/include/asm/kvm_page_track.h
index 8c4d216e3b2b..f744682648e7 100644
--- a/arch/x86/include/asm/kvm_page_track.h
+++ b/arch/x86/include/asm/kvm_page_track.h
@@ -75,4 +75,7 @@ kvm_page_track_unregister_notifier(struct kvm *kvm,
 void kvm_page_track_write(struct kvm_vcpu *vcpu, gpa_t gpa, const u8 *new,
 			  int bytes);
 void kvm_page_track_flush_slot(struct kvm *kvm, struct kvm_memory_slot *slot);
+
+bool kvm_page_track_has_external_user(struct kvm *kvm);
+
 #endif
diff --git a/arch/x86/kvm/mmu/page_track.c b/arch/x86/kvm/mmu/page_track.c
index 891e5cc52b45..e6de9638e560 100644
--- a/arch/x86/kvm/mmu/page_track.c
+++ b/arch/x86/kvm/mmu/page_track.c
@@ -303,3 +303,8 @@ void kvm_page_track_flush_slot(struct kvm *kvm, struct kvm_memory_slot *slot)
 			n->track_flush_slot(kvm, slot, n);
 	srcu_read_unlock(&head->track_srcu, idx);
 }
+
+bool kvm_page_track_has_external_user(struct kvm *kvm)
+{
+	return hlist_empty(&kvm->arch.track_notifier_head.track_notifier_list);
+}
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 059571d5abed..4394bb49051f 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -12606,6 +12606,13 @@ int kvm_arch_prepare_memory_region(struct kvm *kvm,
 				   struct kvm_memory_slot *new,
 				   enum kvm_mr_change change)
 {
+	/*
+	 * KVM doesn't support moving memslots when there are external page
+	 * trackers attached to the VM, i.e. if KVMGT is in use.
+	 */
+	if (change == KVM_MR_MOVE && kvm_page_track_has_external_user(kvm))
+		return -EINVAL;
+
 	if (change == KVM_MR_CREATE || change == KVM_MR_MOVE) {
 		if ((new->base_gfn + new->npages - 1) > kvm_mmu_max_gfn())
 			return -EINVAL;