KVM: arm64: Take the SRCU lock for page table walks in fault injection and AT emulation

walk_s1() and kvm_walk_nested_s2() expect to be called while holding
kvm->srcu to guard against memslot changes. While this is generally
the case, __kvm_at_s12() and __kvm_find_s1_desc_level() call into the
respective walkers without taking kvm->srcu.

Fix by acquiring kvm->srcu prior to the table walk in both instances.

Cc: stable@vger.kernel.org
Fixes: 50f77dc87f13 ("KVM: arm64: Populate level on S1PTW SEA injection")
Fixes: be04cebf3e78 ("KVM: arm64: nv: Add emulation of AT S12E{0,1}{R,W}")
Suggested-by: Oliver Upton <oupton@kernel.org>
Signed-off-by: Hyunwoo Kim <imv4bel@gmail.com>
Reviewed-by: Oliver Upton <oupton@kernel.org>
Link: https://patch.msgid.link/aiAZfdeyanIvP8SD@v4bel
Signed-off-by: Marc Zyngier <maz@kernel.org>

diff --git a/arch/arm64/kvm/at.c b/arch/arm64/kvm/at.c
index 9f8f0ae8e86e84c3e36f6b77d6b06f7bd3a8d2b6..889c2c15d7bd08f84bb1fc44ea054b35be4e2b9a 100644 (file)
--- a/arch/arm64/kvm/at.c
+++ b/arch/arm64/kvm/at.c
@@ -1569,7 +1569,8 @@ int __kvm_at_s12(struct kvm_vcpu *vcpu, u32 op, u64 vaddr)
        /* Do the stage-2 translation */
        ipa = (par & GENMASK_ULL(47, 12)) | (vaddr & GENMASK_ULL(11, 0));
        out.esr = 0;
-       ret = kvm_walk_nested_s2(vcpu, ipa, &out);
+       scoped_guard(srcu, &vcpu->kvm->srcu)
+               ret = kvm_walk_nested_s2(vcpu, ipa, &out);
        if (ret < 0)
                return ret;
 
@@ -1665,7 +1666,8 @@ int __kvm_find_s1_desc_level(struct kvm_vcpu *vcpu, u64 va, u64 ipa, int *level)
        }
 
        /* Walk the guest's PT, looking for a match along the way */
-       ret = walk_s1(vcpu, &wi, &wr, va);
+       scoped_guard(srcu, &vcpu->kvm->srcu)
+               ret = walk_s1(vcpu, &wi, &wr, va);
        switch (ret) {
        case -EINTR:
                /* We interrupted the walk on a match, return the level */