From: Ackerley Tng <[email protected]> In-place conversion of guest_memfd memory to private is allowed with the PRESERVE flag to enable populating guest memory only before CoCo VMs are finalized.
Allowing CoCo VMs to fault memory could mess up memory contents. Hence, as a second layer check, bug CoCo VMs if they try to fault in memory from guest_memfd before the VMs are finalized. Suggested-by: Sean Christopherson <[email protected]> Signed-off-by: Ackerley Tng <[email protected]> --- arch/x86/kvm/mmu/mmu.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c index d3da387340a9d..8c5a3d2a7470b 100644 --- a/arch/x86/kvm/mmu/mmu.c +++ b/arch/x86/kvm/mmu/mmu.c @@ -4599,6 +4599,13 @@ static int kvm_mmu_faultin_pfn_gmem(struct kvm_vcpu *vcpu, return -EFAULT; } + /* Cannot fault from guest_memfd before CoCo VM is finalized. */ + if (KVM_BUG_ON(vcpu->kvm->arch.has_protected_state && + !vcpu->kvm->arch.pre_fault_allowed, + vcpu->kvm)) { + return -EFAULT; + } + r = kvm_gmem_get_pfn(vcpu->kvm, fault->slot, fault->gfn, &fault->pfn, &fault->refcounted_page, &max_order); if (r) { -- 2.54.0.545.g6539524ca2-goog
