KVM: x86/mmu: Track PRIVATE impact on hugepage mappings for all memslots

sean-jc · sean-jc · commit 26cf4453d2d9 · 2023-09-28T18:13:18.000-07:00
Track the effects of private attributes on potential hugepage mappings if the VM supports private memory, i.e. even if the target memslot can only ever be mapped shared. If userspace configures a chunk of memory as private, KVM must not allow that memory to be mapped shared regardless of whether or not the *current* memslot can be mapped private. E.g. if the guest accesses a private range using a shared memslot, then KVM must exit to userspace. Fixes: 5bb0b4e ("KVM: x86: Disallow hugepages when memory attributes are mixed") Link: https://lore.kernel.org/r/20230921203331.3746712-8-seanjc@google.com Signed-off-by: Sean Christopherson <seanjc@google.com>
diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c
@@ -7314,10 +7314,12 @@ bool kvm_arch_post_set_memory_attributes(struct kvm *kvm,
 	lockdep_assert_held(&kvm->slots_lock);
 
 	/*
-	 * KVM x86 currently only supports KVM_MEMORY_ATTRIBUTE_PRIVATE, skip
-	 * the slot if the slot will never consume the PRIVATE attribute.
+	 * Calculate which ranges can be mapped with hugepages even if the slot
+	 * can't map memory PRIVATE.  KVM mustn't create a SHARED hugepage over
+	 * a range that has PRIVATE GFNs, and conversely converting a range to
+	 * SHARED may now allow hugepages.
 	 */
-	if (!kvm_slot_can_be_private(slot))
+	if (WARN_ON_ONCE(!kvm_arch_has_private_mem(kvm)))
 		return false;
 
 	/*
@@ -7372,7 +7374,7 @@ void kvm_mmu_init_memslot_memory_attributes(struct kvm *kvm,
 {
 	int level;
 
-	if (!kvm_slot_can_be_private(slot))
+	if (!kvm_arch_has_private_mem(kvm))
 		return;
 
 	for (level = PG_LEVEL_2M; level <= KVM_MAX_HUGEPAGE_LEVEL; level++) {
