Received: by 2002:a05:6358:c692:b0:131:369:b2a3 with SMTP id fe18csp1983432rwb;
        Fri, 28 Jul 2023 19:56:21 -0700 (PDT)
X-Google-Smtp-Source: APBJJlG5gN777AR5N8rsd8X3CiU7lWouf1ujyXVdjE2IXUTbC5KKt7x6irc4k4m8TDZ3NNbVAk2/
X-Received: by 2002:a17:903:22c4:b0:1bb:c896:1da3 with SMTP id y4-20020a17090322c400b001bbc8961da3mr4139272plg.24.1690599381242;
        Fri, 28 Jul 2023 19:56:21 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1690599381; cv=none;
        d=google.com; s=arc-20160816;
        b=g1RK5+Mkq4AqfmmQbGNW0kc+mt7cigzaRoqNIvOs39DaAqTRWfMjIEc3NppNUShHez
         9+rqZ7PMPAkMai49JjZImTDgkWIPGgXKWDN7wvbeTCIqBvAvSAw01tsR4BMJLbZwtsw4
         0BQ7F9XvoWWkVX8xl3NKMj681jBSaoZwrursNu1wF/QwuHFt3YaGlJmgAosPx0jIpd+u
         mg/QElMcIx9ODue6QafUi4fPKRQ8V7E6NpZnbMZoBYOJs+x8pRT9oH63X6stuXG8qvan
         H71lx1PPZtEi/X6yPYm61MdADvplS8qPXqt2RCHk4JHdN6oOr3f+wApZm0jaICNHK+AT
         1qvg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:cc:to:from:subject:message-id:references
         :mime-version:in-reply-to:date:reply-to:dkim-signature;
        bh=z6dQLmm/StL+nbdYI6kfPQ6ebivx3KtEw65/p6OzGX0=;
        fh=J37Q4aKtoxdyy+p3BpF2uV3z0maXFfn3A5M61jlSlO0=;
        b=zmVApXqBwiPFyMdda36IloVm0QWXSGRbhrrV7+3TxcHaNJD9sS5d2+GMQLYE6aHFH5
         xz7ZUw+fAKjv1tlUvsYqJPz/+svXnDsvHr8I0iXFWvnYTnORnqhcEWMEoQBKe/2QpZGE
         pcws9pVYwbOcCdCZXaDTpp49fH6u3vAVappnt+NJhcq6sMaFKMygcRyukWNLWMWQirz3
         YXyrDX/VPL99/jARXDY3h6zV3bS2hZlvffJfMxZJTnBaf/duwu6octCaMGmh+E9Zopoz
         FynCU/83NS87GTvaZ9A5Dd1QFhbASn5W/YO5S19S2Pkdg8cGhMfhUfoU5nPUPX1Y17PN
         GdxQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20221208 header.b=PYLMQsUp;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id k15-20020a170902c40f00b001b8ac52a19esi4155709plk.436.2023.07.28.19.56.09;
        Fri, 28 Jul 2023 19:56:21 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20221208 header.b=PYLMQsUp;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S235844AbjG2Bhm (ORCPT <rfc822;anothersharkwizard@gmail.com>
        + 99 others); Fri, 28 Jul 2023 21:37:42 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47764 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S237286AbjG2BhS (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 28 Jul 2023 21:37:18 -0400
Received: from mail-yw1-x114a.google.com (mail-yw1-x114a.google.com [IPv6:2607:f8b0:4864:20::114a])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9F83955B9
        for <linux-kernel@vger.kernel.org>; Fri, 28 Jul 2023 18:36:54 -0700 (PDT)
Received: by mail-yw1-x114a.google.com with SMTP id 00721157ae682-585f254c41aso4634107b3.1
        for <linux-kernel@vger.kernel.org>; Fri, 28 Jul 2023 18:36:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20221208; t=1690594575; x=1691199375;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=z6dQLmm/StL+nbdYI6kfPQ6ebivx3KtEw65/p6OzGX0=;
        b=PYLMQsUpqHGHMegWWt06xlTjghMitn7mO2KnrzDNEwNAoXINfqnOQJ5ev/u5TXiCKP
         2+yGvwd3++Y3BgWFCL1PAfl6WvEWEOlYBM1PAw9/uevnNbMBzA31dU/PCLUz14Ze086P
         3mWp6DpT/1yOv5NxTWnhRi/7KAYKYV4EJTEP4DgubEh7CYvnmn7e40/tCw1mQt/fSP8K
         rgwQCD0pKzsWpApeenl8X3TWcD3e8hrwkA67+KSSpPTZGPWd02uGqR06syUiL8++5vFJ
         RjtVpZ3MQgE0WTDOnWzCe0gRzokdWSbf9Noet+nTzkmdPSwQ5smVPkLS5Cwky6MgdsL8
         c+HQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1690594575; x=1691199375;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=z6dQLmm/StL+nbdYI6kfPQ6ebivx3KtEw65/p6OzGX0=;
        b=KN0i+HgAN++PwNGpk1RHO7cPjsL/zMWVg1jgRj78lGxmhwyRCfLQTOEvs77W80jWcW
         svRoIMDYA5AJumbQ7uBxGhRxN+46ix0WoIv2Y/LwrjJnJ1HUgcc9tQSRX1p7JXf+7pMf
         +VTeeBMYZA7CvHveiqMjNQfSS2YIbMGCHuPk47ChbNjAGzfuMeWXvoBKoyjw9kjuxL9R
         NO2CB385+g4ntVdZpc/vZJxPik5tRi+9fIHSkY7kFbyK3m/oU6twFwIuYsKtvDJ3+9J/
         FLb/ewAly0wrz1Rpu83xGAncLPsAsDpIxjMoUGn7oWm3pbnyqDf4ZbUrCnfjKs2HZFAH
         2DAA==
X-Gm-Message-State: ABy/qLYaA5GbqQnXcYzKDIdnHcptjwsSoGO7JDiRK5h983qf2HuvG5Wr
        KPSwI8LdFtqJcZXDYbAReBsWValnMcw=
X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37])
 (user=seanjc job=sendgmr) by 2002:a81:ad5f:0:b0:579:fa4c:1f25 with SMTP id
 l31-20020a81ad5f000000b00579fa4c1f25mr22783ywk.7.1690594574877; Fri, 28 Jul
 2023 18:36:14 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date:   Fri, 28 Jul 2023 18:35:22 -0700
In-Reply-To: <20230729013535.1070024-1-seanjc@google.com>
Mime-Version: 1.0
References: <20230729013535.1070024-1-seanjc@google.com>
X-Mailer: git-send-email 2.41.0.487.g6d72f3e995-goog
Message-ID: <20230729013535.1070024-17-seanjc@google.com>
Subject: [PATCH v4 16/29] KVM: x86: Reject memslot MOVE operations if KVMGT is attached
From:   Sean Christopherson <seanjc@google.com>
To:     Sean Christopherson <seanjc@google.com>,
        Paolo Bonzini <pbonzini@redhat.com>,
        Zhenyu Wang <zhenyuw@linux.intel.com>,
        Zhi Wang <zhi.a.wang@intel.com>
Cc:     kvm@vger.kernel.org, intel-gvt-dev@lists.freedesktop.org,
        intel-gfx@lists.freedesktop.org, linux-kernel@vger.kernel.org,
        Yan Zhao <yan.y.zhao@intel.com>,
        Yongwei Ma <yongwei.ma@intel.com>,
        Ben Gardon <bgardon@google.com>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
        SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL
        autolearn=unavailable autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Disallow moving memslots if the VM has external page-track users, i.e. if
KVMGT is being used to expose a virtual GPU to the guest, as KVMGT doesn't
correctly handle moving memory regions.

Note, this is potential ABI breakage!  E.g. userspace could move regions
that aren't shadowed by KVMGT without harming the guest.  However, the
only known user of KVMGT is QEMU, and QEMU doesn't move generic memory
regions.  KVM's own support for moving memory regions was also broken for
multiple years (albeit for an edge case, but arguably moving RAM is
itself an edge case), e.g. see commit edd4fa37baa6 ("KVM: x86: Allocate
new rmap and large page tracking when moving memslot").

Reviewed-by: Yan Zhao <yan.y.zhao@intel.com>
Tested-by: Yongwei Ma <yongwei.ma@intel.com>
Signed-off-by: Sean Christopherson <seanjc@google.com>
---
 arch/x86/include/asm/kvm_page_track.h | 3 +++
 arch/x86/kvm/mmu/page_track.c         | 5 +++++
 arch/x86/kvm/x86.c                    | 7 +++++++
 3 files changed, 15 insertions(+)

diff --git a/arch/x86/include/asm/kvm_page_track.h b/arch/x86/include/asm/kvm_page_track.h
index 8c4d216e3b2b..f744682648e7 100644
--- a/arch/x86/include/asm/kvm_page_track.h
+++ b/arch/x86/include/asm/kvm_page_track.h
@@ -75,4 +75,7 @@ kvm_page_track_unregister_notifier(struct kvm *kvm,
 void kvm_page_track_write(struct kvm_vcpu *vcpu, gpa_t gpa, const u8 *new,
 			  int bytes);
 void kvm_page_track_flush_slot(struct kvm *kvm, struct kvm_memory_slot *slot);
+
+bool kvm_page_track_has_external_user(struct kvm *kvm);
+
 #endif
diff --git a/arch/x86/kvm/mmu/page_track.c b/arch/x86/kvm/mmu/page_track.c
index 891e5cc52b45..e6de9638e560 100644
--- a/arch/x86/kvm/mmu/page_track.c
+++ b/arch/x86/kvm/mmu/page_track.c
@@ -303,3 +303,8 @@ void kvm_page_track_flush_slot(struct kvm *kvm, struct kvm_memory_slot *slot)
 			n->track_flush_slot(kvm, slot, n);
 	srcu_read_unlock(&head->track_srcu, idx);
 }
+
+bool kvm_page_track_has_external_user(struct kvm *kvm)
+{
+	return hlist_empty(&kvm->arch.track_notifier_head.track_notifier_list);
+}
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 059571d5abed..4394bb49051f 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -12606,6 +12606,13 @@ int kvm_arch_prepare_memory_region(struct kvm *kvm,
 				   struct kvm_memory_slot *new,
 				   enum kvm_mr_change change)
 {
+	/*
+	 * KVM doesn't support moving memslots when there are external page
+	 * trackers attached to the VM, i.e. if KVMGT is in use.
+	 */
+	if (change == KVM_MR_MOVE && kvm_page_track_has_external_user(kvm))
+		return -EINVAL;
+
 	if (change == KVM_MR_CREATE || change == KVM_MR_MOVE) {
 		if ((new->base_gfn + new->npages - 1) > kvm_mmu_max_gfn())
 			return -EINVAL;
-- 
2.41.0.487.g6d72f3e995-goog