KVM: arm64: nv: Respect stage-2 write permssion when setting stage-1 AF

Naturally, updating the Access Flag in a stage-1 descriptor requires write permission at stage-2, although this isn't actually enforced in KVM's software PTW. Generate a stage-2 permission fault if the stage-1 walk attempts to update the descriptor and its corresponding stage-2 translation lacks write permission. Fixes: bff8aa213d ("KVM: arm64: Implement HW access flag management in stage-1 SW PTW") Reviewed-by: Marc Zyngier <maz@kernel.org> Link: https://msgid.link/20260108204230.677172-1-oupton@kernel.org Signed-off-by: Oliver Upton <oupton@kernel.org>
2026-06-01 02:53:36 +02:00 · 2026-01-08 12:42:30 -08:00 · 2026-01-08 12:42:30 -08:00 · 9e27085c33
commit 9e27085c33
parent 9cb2c20f06
1 changed files with 6 additions and 2 deletions
--- a/arch/arm64/kvm/at.c
+++ b/arch/arm64/kvm/at.c
@ -403,6 +403,7 @@ static int walk_s1(struct kvm_vcpu *vcpu, struct s1_walk_info *wi,
 		   struct s1_walk_result *wr, u64 va)
 {
 	u64 va_top, va_bottom, baddr, desc, new_desc, ipa;
+	struct kvm_s2_trans s2_trans = {};
 	int level, stride, ret;

 	level = wi->sl;
@ -420,8 +421,6 @@ static int walk_s1(struct kvm_vcpu *vcpu, struct s1_walk_info *wi,
 		ipa = baddr | index;

 		if (wi->s2) {
-			struct kvm_s2_trans s2_trans = {};
-
 			ret = kvm_walk_nested_s2(vcpu, ipa, &s2_trans);
 			if (ret) {
 				fail_s1_walk(wr,
@ -515,6 +514,11 @@ static int walk_s1(struct kvm_vcpu *vcpu, struct s1_walk_info *wi,
 		new_desc |= PTE_AF;

 	if (new_desc != desc) {
+		if (wi->s2 && !kvm_s2_trans_writable(&s2_trans)) {
+			fail_s1_walk(wr, ESR_ELx_FSC_PERM_L(level), true);
+			return -EPERM;
+		}
+
 		ret = kvm_swap_s1_desc(vcpu, ipa, desc, new_desc, wi);
 		if (ret)
 			return ret;