[PATCH v3 08/36] KVM: arm64: Prevent unsupported memslot operations on protected VMs

Wed Mar 11 03:16:51 PDT 2026

On Thu, 5 Mar 2026 at 14:44, Will Deacon <will at kernel.org> wrote:
>
> Protected VMs do not support deleting or moving memslots after first
> run nor do they support read-only or dirty logging.
>
> Return -EPERM to userspace if such an operation is attempted.
>
> Signed-off-by: Will Deacon <will at kernel.org>

Reviewed-by: Fuad Tabba <tabba at google.com>

Cheers,
/fuad

> ---
>  arch/arm64/kvm/mmu.c | 13 +++++++++++++
>  1 file changed, 13 insertions(+)
>
> diff --git a/arch/arm64/kvm/mmu.c b/arch/arm64/kvm/mmu.c
> index 43632c69adaf..9d183df0b0ac 100644
> --- a/arch/arm64/kvm/mmu.c
> +++ b/arch/arm64/kvm/mmu.c
> @@ -2410,6 +2410,19 @@ int kvm_arch_prepare_memory_region(struct kvm *kvm,
>         hva_t hva, reg_end;
>         int ret = 0;
>
> +       if (kvm_vm_is_protected(kvm)) {
> +               /* Cannot modify memslots once a pVM has run. */
> +               if (pkvm_hyp_vm_is_created(kvm) &&
> +                   (change == KVM_MR_DELETE || change == KVM_MR_MOVE)) {
> +                       return -EPERM;
> +               }
> +
> +               if (new &&
> +                   new->flags & (KVM_MEM_LOG_DIRTY_PAGES | KVM_MEM_READONLY)) {
> +                       return -EPERM;
> +               }
> +       }
> +
>         if (change != KVM_MR_CREATE && change != KVM_MR_MOVE &&
>                         change != KVM_MR_FLAGS_ONLY)
>                 return 0;
> --
> 2.53.0.473.g4a7958ca14-goog
>