From nobody Sat May 4 19:01:32 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=yandex-team.ru ARC-Seal: i=1; a=rsa-sha256; t=1570786998; cv=none; d=zoho.com; s=zohoarc; b=UrFbyPAQgTa+sV635eZEtTvjcljw6aqowEgmRWo0Xu/S5RRuf99MH+eeNWzS0LYapYP5OSfZqpUqs4gJdmWywocyLeTGKShwcHOyv5L8BSbZKDlO+s9bQItR0CMA9+aGTJRpa7XRyOn1URtwZWOBni/lbr7UwzeJQVRNqmkxpBM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1570786998; h=Cc:Date:From:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:Message-ID:Sender:Subject:To; bh=gl4dACh8Ysa9/QQlnDAb4qkbAU/LWiPqFovYBf+OgOE=; b=VKnhDgQJRbaZg05awvx7NqVo97cAOJL4yHFSiKJZwxUEjeocZ2xtXbmEdnG0drW7WR37Xm2BedfMdgLQiYcPh1yzGgeL7NMugoHLhWy4aDpbLuSPRjWnVxzm/3yTiwQ4l8eZ+y8gu/IBJb0liRPR9/0X92yUaK1uc5E72wNew2I= ARC-Authentication-Results: i=1; mx.zoho.com; dkim=pass; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (209.51.188.17 [209.51.188.17]) by mx.zohomail.com with SMTPS id 157078699830057.98183810174578; Fri, 11 Oct 2019 02:43:18 -0700 (PDT) Received: from localhost ([::1]:47944 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1iIrRx-0004xb-Cc for importer@patchew.org; Fri, 11 Oct 2019 05:43:05 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:56762) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1iIrR7-0004WX-Hf for qemu-devel@nongnu.org; Fri, 11 Oct 2019 05:42:15 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1iIrR2-0004bU-Oz for qemu-devel@nongnu.org; Fri, 11 Oct 2019 05:42:10 -0400 Received: from forwardcorp1j.mail.yandex.net ([5.45.199.163]:55702) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1iIrR1-0004XV-DX for qemu-devel@nongnu.org; Fri, 11 Oct 2019 05:42:08 -0400 Received: from mxbackcorp2j.mail.yandex.net (mxbackcorp2j.mail.yandex.net [IPv6:2a02:6b8:0:1619::119]) by forwardcorp1j.mail.yandex.net (Yandex) with ESMTP id CFB452E152C; Fri, 11 Oct 2019 12:42:02 +0300 (MSK) Received: from iva4-c987840161f8.qloud-c.yandex.net (iva4-c987840161f8.qloud-c.yandex.net [2a02:6b8:c0c:3da5:0:640:c987:8401]) by mxbackcorp2j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id k0KrCIfsq3-fxNqNpw6; Fri, 11 Oct 2019 12:42:02 +0300 Received: from dynamic-red.dhcp.yndx.net (dynamic-red.dhcp.yndx.net [2a02:6b8:0:40c:f68c:50ff:fee9:44bd]) by iva4-c987840161f8.qloud-c.yandex.net (nwsmtp/Yandex) with ESMTPSA id pr0gtVuHzw-fxIekYpm; Fri, 11 Oct 2019 12:41:59 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) Precedence: bulk DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex-team.ru; s=default; t=1570786922; bh=gl4dACh8Ysa9/QQlnDAb4qkbAU/LWiPqFovYBf+OgOE=; h=Message-Id:Date:Subject:To:From:Cc; b=CxOYQxpylB0VENqzVXF1kDbdB4VigtgZSY6UFmqFeBVSqgX0Ow8lZxxJIzTph3443 Ksj9HVM3QvcNrR/U7KGTqhXZ5f34wTyGgoczXOuh80LMlir8q349kcAje4fbSw7MgN Q9UcrPBQDUSKTvFTQ7GvDd13BSdOle/XI4m3VKLA= Authentication-Results: mxbackcorp2j.mail.yandex.net; dkim=pass header.i=@yandex-team.ru From: Evgeny Yakovlev To: pbonzini@redhat.com Subject: [RFC PATCH] accel/kvm: respect section RO flag when mapping phys mem Date: Fri, 11 Oct 2019 12:41:42 +0300 Message-Id: <1570786902-28681-1-git-send-email-wrfsh@yandex-team.ru> X-Mailer: git-send-email 2.7.4 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 5.45.199.163 X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: qemu-devel@nongnu.org, yc-core@yandex-team.ru Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: pass (identity @yandex-team.ru) Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Currently kvm_set_phys_mem looks at section's underlying memory region to determine whether mapping is going to be RW or RO. This seems wrong. For example, when x86 firmware attempts to reprogram q35 PAM registers to mark bios shadow copy in RAM as RO. In that case we see section->mr to be writable (pc.ram), but overriding section to be readonly. This change enforces section's RO to be a priority if underlying memory region is writable but specific section is not. But not the other way around, elevating access rights through RW section over RO region should not be allowed. Signed-off-by: Evgeny Yakovlev --- accel/kvm/kvm-all.c | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c index d2d96d7..6f9ed24 100644 --- a/accel/kvm/kvm-all.c +++ b/accel/kvm/kvm-all.c @@ -407,9 +407,16 @@ err: * dirty pages logging control */ =20 -static int kvm_mem_flags(MemoryRegion *mr) +static inline bool kvm_is_mem_readonly(MemoryRegionSection *section) { - bool readonly =3D mr->readonly || memory_region_is_romd(mr); + MemoryRegion *mr =3D section->mr; + return mr->readonly || memory_region_is_romd(mr) || section->readonly; +} + +static int kvm_mem_flags(MemoryRegionSection *section) +{ + MemoryRegion *mr =3D section->mr; + bool readonly =3D kvm_is_mem_readonly(section); int flags =3D 0; =20 if (memory_region_get_dirty_log_mask(mr) !=3D 0) { @@ -423,9 +430,9 @@ static int kvm_mem_flags(MemoryRegion *mr) =20 /* Called with KVMMemoryListener.slots_lock held */ static int kvm_slot_update_flags(KVMMemoryListener *kml, KVMSlot *mem, - MemoryRegion *mr) + MemoryRegionSection *section) { - mem->flags =3D kvm_mem_flags(mr); + mem->flags =3D kvm_mem_flags(section); =20 /* If nothing changed effectively, no need to issue ioctl */ if (mem->flags =3D=3D mem->old_flags) { @@ -457,7 +464,7 @@ static int kvm_section_update_flags(KVMMemoryListener *= kml, goto out; } =20 - ret =3D kvm_slot_update_flags(kml, mem, section->mr); + ret =3D kvm_slot_update_flags(kml, mem, section); start_addr +=3D slot_size; size -=3D slot_size; } @@ -1002,7 +1009,7 @@ static void kvm_set_phys_mem(KVMMemoryListener *kml, KVMSlot *mem; int err; MemoryRegion *mr =3D section->mr; - bool writeable =3D !mr->readonly && !mr->rom_device; + bool writeable =3D !kvm_is_mem_readonly(section); hwaddr start_addr, size, slot_size; void *ram; =20 @@ -1062,7 +1069,7 @@ static void kvm_set_phys_mem(KVMMemoryListener *kml, mem->memory_size =3D slot_size; mem->start_addr =3D start_addr; mem->ram =3D ram; - mem->flags =3D kvm_mem_flags(mr); + mem->flags =3D kvm_mem_flags(section); =20 err =3D kvm_set_user_memory_region(kml, mem, true); if (err) { --=20 2.7.4