KVM: guest_memfd: delay folio_mark_uptodate() until after successful preparation

The up-to-date flag as is now is not too useful; it tells guest_memfd not
to overwrite the contents of a folio, but it doesn't say that the page
is ready to be mapped into the guest.  For encrypted guests, mapping
a private page requires that the "preparation" phase has succeeded,
and at the same time the same page cannot be prepared twice.

So, ensure that folio_mark_uptodate() is only called on a prepared page.  If
kvm_gmem_prepare_folio() or the post_populate callback fail, the folio
will not be marked up-to-date; it's not a problem to call clear_highpage()
again on such a page prior to the next preparation attempt.

Reviewed-by: Michael Roth <michael.roth@amd.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

diff --git a/virt/kvm/guest_memfd.c b/virt/kvm/guest_memfd.c
index 522e1b28e7aeae2b3b2d23b0503f024d796e81ff..1ea632dbae57b0f5fec83ec7b1bc891e280cf568 100644 (file)
--- a/virt/kvm/guest_memfd.c
+++ b/virt/kvm/guest_memfd.c
@@ -73,8 +73,6 @@ static struct folio *kvm_gmem_get_folio(struct inode *inode, pgoff_t index, bool
 
                for (i = 0; i < nr_pages; i++)
                        clear_highpage(folio_page(folio, i));
-
-               folio_mark_uptodate(folio);
        }
 
        if (prepare) {
@@ -84,6 +82,8 @@ static struct folio *kvm_gmem_get_folio(struct inode *inode, pgoff_t index, bool
                        folio_put(folio);
                        return ERR_PTR(r);
                }
+
+               folio_mark_uptodate(folio);
        }
 
        /*
@@ -646,6 +646,8 @@ long kvm_gmem_populate(struct kvm *kvm, gfn_t start_gfn, void __user *src, long
 
                p = src ? src + i * PAGE_SIZE : NULL;
                ret = post_populate(kvm, gfn, pfn, p, max_order, opaque);
+               if (!ret)
+                       folio_mark_uptodate(folio);
 
                folio_put(folio);
                if (ret)