From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp-fw-80006.amazon.com (smtp-fw-80006.amazon.com [99.78.197.217]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5A6D23CCF9 for ; Wed, 20 Sep 2023 19:28:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1695238093; x=1726774093; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=dHQ/IkMgpqc/cc830nOBcba0JO3V/dW0PDzOz1fOh1Y=; b=TLWO7Khh8y29RLmDMs+6O7iUGw7I4ejOUjNSP9vL57Lpg7jnKBCvW12h fQVuUW1eG5TorjsHujJYg6cJnCR2WkceN7Ztfkx422OGDJoeWj4d+gDwG jim90IGiY0M+gRgMosHla5NZTwyE94w5mL+pRuJftFcMIHtLco2YooFEA 8=; X-IronPort-AV: E=Sophos;i="6.03,162,1694736000"; d="scan'208";a="239951116" Received: from pdx4-co-svc-p1-lb2-vlan3.amazon.com (HELO email-inbound-relay-iad-1e-m6i4x-9694bb9e.us-east-1.amazon.com) ([10.25.36.214]) by smtp-border-fw-80006.pdx80.corp.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Sep 2023 19:28:11 +0000 Received: from EX19MTAUWC002.ant.amazon.com (iad12-ws-svc-p26-lb9-vlan2.iad.amazon.com [10.40.163.34]) by email-inbound-relay-iad-1e-m6i4x-9694bb9e.us-east-1.amazon.com (Postfix) with ESMTPS id 0FA6681A05; Wed, 20 Sep 2023 19:28:05 +0000 (UTC) Received: from EX19D030UWB002.ant.amazon.com (10.13.139.182) by EX19MTAUWC002.ant.amazon.com (10.250.64.143) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.37; Wed, 20 Sep 2023 19:27:47 +0000 Received: from u1e958862c3245e.ant.amazon.com (10.111.86.147) by EX19D030UWB002.ant.amazon.com (10.13.139.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.37; Wed, 20 Sep 2023 19:27:46 +0000 From: Suraj Jitindar Singh To: CC: , , , , , , , , , , Quentin Perret , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Vincent Donnefort , Will Deacon , Marc Zyngier , Suraj Jitindar Singh Subject: [PATCH stable 6.1.y 1/2] KVM: arm64: Prevent the donation of no-map pages Date: Wed, 20 Sep 2023 12:27:28 -0700 Message-ID: <20230920192729.694309-1-surajjs@amazon.com> X-Mailer: git-send-email 2.34.1 Precedence: bulk X-Mailing-List: kvmarm@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit X-Originating-IP: [10.111.86.147] X-ClientProxiedBy: EX19D041UWB003.ant.amazon.com (10.13.139.176) To EX19D030UWB002.ant.amazon.com (10.13.139.182) From: Quentin Perret commit 43c1ff8b75011bc3e3e923adf31ba815864a2494 upstream. Memory regions marked as "no-map" in the host device-tree routinely include TrustZone carev-outs and DMA pools. Although donating such pages to the hypervisor may not breach confidentiality, it could be used to corrupt its state in uncontrollable ways. To prevent this, let's block host-initiated memory transitions targeting "no-map" pages altogether in nVHE protected mode as there should be no valid reason to do this in current operation. Thankfully, the pKVM EL2 hypervisor has a full copy of the host's list of memblock regions, so we can easily check for the presence of the MEMBLOCK_NOMAP flag on a region containing pages being donated from the host. Reviewed-by: Philippe Mathieu-Daudé Tested-by: Vincent Donnefort Signed-off-by: Quentin Perret Signed-off-by: Will Deacon Signed-off-by: Marc Zyngier Link: https://lore.kernel.org/r/20221110190259.26861-8-will@kernel.org [ bp: clean ] Signed-off-by: Suraj Jitindar Singh --- arch/arm64/kvm/hyp/nvhe/mem_protect.c | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/arch/arm64/kvm/hyp/nvhe/mem_protect.c b/arch/arm64/kvm/hyp/nvhe/mem_protect.c index 07f9dc9848ef..0f6c053686c7 100644 --- a/arch/arm64/kvm/hyp/nvhe/mem_protect.c +++ b/arch/arm64/kvm/hyp/nvhe/mem_protect.c @@ -195,7 +195,7 @@ struct kvm_mem_range { u64 end; }; -static bool find_mem_range(phys_addr_t addr, struct kvm_mem_range *range) +static struct memblock_region *find_mem_range(phys_addr_t addr, struct kvm_mem_range *range) { int cur, left = 0, right = hyp_memblock_nr; struct memblock_region *reg; @@ -218,18 +218,28 @@ static bool find_mem_range(phys_addr_t addr, struct kvm_mem_range *range) } else { range->start = reg->base; range->end = end; - return true; + return reg; } } - return false; + return NULL; } bool addr_is_memory(phys_addr_t phys) { struct kvm_mem_range range; - return find_mem_range(phys, &range); + return !!find_mem_range(phys, &range); +} + +static bool addr_is_allowed_memory(phys_addr_t phys) +{ + struct memblock_region *reg; + struct kvm_mem_range range; + + reg = find_mem_range(phys, &range); + + return reg && !(reg->flags & MEMBLOCK_NOMAP); } static bool is_in_mem_range(u64 addr, struct kvm_mem_range *range) @@ -348,7 +358,7 @@ static bool host_stage2_force_pte_cb(u64 addr, u64 end, enum kvm_pgtable_prot pr static int host_stage2_idmap(u64 addr) { struct kvm_mem_range range; - bool is_memory = find_mem_range(addr, &range); + bool is_memory = !!find_mem_range(addr, &range); enum kvm_pgtable_prot prot; int ret; @@ -425,7 +435,7 @@ static int __check_page_state_visitor(u64 addr, u64 end, u32 level, struct check_walk_data *d = arg; kvm_pte_t pte = *ptep; - if (kvm_pte_valid(pte) && !addr_is_memory(kvm_pte_to_phys(pte))) + if (kvm_pte_valid(pte) && !addr_is_allowed_memory(kvm_pte_to_phys(pte))) return -EINVAL; return d->get_page_state(pte) == d->desired ? 0 : -EPERM; -- 2.34.1 From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 558A5C04FF1 for ; Wed, 20 Sep 2023 19:28:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-ID:Date:Subject:CC :To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=IM14ERFhdiq+o7aJhAJ7t3+xtHMAKjmcUenzVUoewNw=; b=iUbdaEzMoEtOFw 3XlUTUKGIqt5tlHX2GZFdbLl8cmvTeBNu7kNXoD75kJqX7hjhrgAmDtrC3oWUVO0Q8ysElmB1JjwT 7Mczg3vCgcLd1mh9ehFbdQh6u/9EXikEpoNToup9pUQQ67aszd/QuZKN+4P6k4CqQt9U1fF2iDMYD sIxJd/EBbfLOQeiTlkPy2X0KSS3DQmmUcBC0X/znHfDqXj/SWmHwhL1E8YXdB1mgSjBy7pyEaaBW6 dBH1+IOSGqAS8hFf3kS9+HzSRsNy78pa+XLHr/Ux1YDvcQqC7W8NahSnpaXmjjIFsi8E+AQE1SorY nBiQZWqJuuPIfgfMtrJQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1qj2rz-004007-0q; Wed, 20 Sep 2023 19:28:19 +0000 Received: from smtp-fw-80006.amazon.com ([99.78.197.217]) by bombadil.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux)) id 1qj2rw-003zz8-1O for linux-arm-kernel@lists.infradead.org; Wed, 20 Sep 2023 19:28:18 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1695238097; x=1726774097; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=dHQ/IkMgpqc/cc830nOBcba0JO3V/dW0PDzOz1fOh1Y=; b=j1hb97PLRxpIeaMHVYC4uuP0n4lokOraauZjVbA07peojGWLD2B0Ai7f BX2twTqqQkX6THMxcRhXoPzQWPVcvvHrHs9rIfHxKGlYBg5BKp6g7IM69 BxZ0RB5OV3ULtZpfShMEpyyMVbgMTOxpf4HNmMuURplE7QxpGydWXWRGC Y=; X-IronPort-AV: E=Sophos;i="6.03,162,1694736000"; d="scan'208";a="239951116" Received: from pdx4-co-svc-p1-lb2-vlan3.amazon.com (HELO email-inbound-relay-iad-1e-m6i4x-9694bb9e.us-east-1.amazon.com) ([10.25.36.214]) by smtp-border-fw-80006.pdx80.corp.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Sep 2023 19:28:11 +0000 Received: from EX19MTAUWC002.ant.amazon.com (iad12-ws-svc-p26-lb9-vlan2.iad.amazon.com [10.40.163.34]) by email-inbound-relay-iad-1e-m6i4x-9694bb9e.us-east-1.amazon.com (Postfix) with ESMTPS id 0FA6681A05; Wed, 20 Sep 2023 19:28:05 +0000 (UTC) Received: from EX19D030UWB002.ant.amazon.com (10.13.139.182) by EX19MTAUWC002.ant.amazon.com (10.250.64.143) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.37; Wed, 20 Sep 2023 19:27:47 +0000 Received: from u1e958862c3245e.ant.amazon.com (10.111.86.147) by EX19D030UWB002.ant.amazon.com (10.13.139.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.37; Wed, 20 Sep 2023 19:27:46 +0000 From: Suraj Jitindar Singh To: CC: , , , , , , , , , , Quentin Perret , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Vincent Donnefort , Will Deacon , Marc Zyngier , Suraj Jitindar Singh Subject: [PATCH stable 6.1.y 1/2] KVM: arm64: Prevent the donation of no-map pages Date: Wed, 20 Sep 2023 12:27:28 -0700 Message-ID: <20230920192729.694309-1-surajjs@amazon.com> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 X-Originating-IP: [10.111.86.147] X-ClientProxiedBy: EX19D041UWB003.ant.amazon.com (10.13.139.176) To EX19D030UWB002.ant.amazon.com (10.13.139.182) X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20230920_122816_527143_260BF516 X-CRM114-Status: GOOD ( 15.01 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org RnJvbTogUXVlbnRpbiBQZXJyZXQgPHFwZXJyZXRAZ29vZ2xlLmNvbT4KCmNvbW1pdCA0M2MxZmY4 Yjc1MDExYmMzZTNlOTIzYWRmMzFiYTgxNTg2NGEyNDk0IHVwc3RyZWFtLgoKTWVtb3J5IHJlZ2lv bnMgbWFya2VkIGFzICJuby1tYXAiIGluIHRoZSBob3N0IGRldmljZS10cmVlIHJvdXRpbmVseQpp bmNsdWRlIFRydXN0Wm9uZSBjYXJldi1vdXRzIGFuZCBETUEgcG9vbHMuIEFsdGhvdWdoIGRvbmF0 aW5nIHN1Y2ggcGFnZXMKdG8gdGhlIGh5cGVydmlzb3IgbWF5IG5vdCBicmVhY2ggY29uZmlkZW50 aWFsaXR5LCBpdCBjb3VsZCBiZSB1c2VkIHRvCmNvcnJ1cHQgaXRzIHN0YXRlIGluIHVuY29udHJv bGxhYmxlIHdheXMuIFRvIHByZXZlbnQgdGhpcywgbGV0J3MgYmxvY2sKaG9zdC1pbml0aWF0ZWQg bWVtb3J5IHRyYW5zaXRpb25zIHRhcmdldGluZyAibm8tbWFwIiBwYWdlcyBhbHRvZ2V0aGVyIGlu Cm5WSEUgcHJvdGVjdGVkIG1vZGUgYXMgdGhlcmUgc2hvdWxkIGJlIG5vIHZhbGlkIHJlYXNvbiB0 byBkbyB0aGlzIGluCmN1cnJlbnQgb3BlcmF0aW9uLgoKVGhhbmtmdWxseSwgdGhlIHBLVk0gRUwy IGh5cGVydmlzb3IgaGFzIGEgZnVsbCBjb3B5IG9mIHRoZSBob3N0J3MgbGlzdApvZiBtZW1ibG9j ayByZWdpb25zLCBzbyB3ZSBjYW4gZWFzaWx5IGNoZWNrIGZvciB0aGUgcHJlc2VuY2Ugb2YgdGhl Ck1FTUJMT0NLX05PTUFQIGZsYWcgb24gYSByZWdpb24gY29udGFpbmluZyBwYWdlcyBiZWluZyBk b25hdGVkIGZyb20gdGhlCmhvc3QuCgpSZXZpZXdlZC1ieTogUGhpbGlwcGUgTWF0aGlldS1EYXVk w6kgPHBoaWxtZEBsaW5hcm8ub3JnPgpUZXN0ZWQtYnk6IFZpbmNlbnQgRG9ubmVmb3J0IDx2ZG9u bmVmb3J0QGdvb2dsZS5jb20+ClNpZ25lZC1vZmYtYnk6IFF1ZW50aW4gUGVycmV0IDxxcGVycmV0 QGdvb2dsZS5jb20+ClNpZ25lZC1vZmYtYnk6IFdpbGwgRGVhY29uIDx3aWxsQGtlcm5lbC5vcmc+ ClNpZ25lZC1vZmYtYnk6IE1hcmMgWnluZ2llciA8bWF6QGtlcm5lbC5vcmc+Ckxpbms6IGh0dHBz Oi8vbG9yZS5rZXJuZWwub3JnL3IvMjAyMjExMTAxOTAyNTkuMjY4NjEtOC13aWxsQGtlcm5lbC5v cmcKWyBicDogY2xlYW4gXQpTaWduZWQtb2ZmLWJ5OiBTdXJhaiBKaXRpbmRhciBTaW5naCA8c3Vy YWpqc0BhbWF6b24uY29tPgotLS0KIGFyY2gvYXJtNjQva3ZtL2h5cC9udmhlL21lbV9wcm90ZWN0 LmMgfCAyMiArKysrKysrKysrKysrKysrLS0tLS0tCiAxIGZpbGUgY2hhbmdlZCwgMTYgaW5zZXJ0 aW9ucygrKSwgNiBkZWxldGlvbnMoLSkKCmRpZmYgLS1naXQgYS9hcmNoL2FybTY0L2t2bS9oeXAv bnZoZS9tZW1fcHJvdGVjdC5jIGIvYXJjaC9hcm02NC9rdm0vaHlwL252aGUvbWVtX3Byb3RlY3Qu YwppbmRleCAwN2Y5ZGM5ODQ4ZWYuLjBmNmMwNTM2ODZjNyAxMDA2NDQKLS0tIGEvYXJjaC9hcm02 NC9rdm0vaHlwL252aGUvbWVtX3Byb3RlY3QuYworKysgYi9hcmNoL2FybTY0L2t2bS9oeXAvbnZo ZS9tZW1fcHJvdGVjdC5jCkBAIC0xOTUsNyArMTk1LDcgQEAgc3RydWN0IGt2bV9tZW1fcmFuZ2Ug ewogCXU2NCBlbmQ7CiB9OwogCi1zdGF0aWMgYm9vbCBmaW5kX21lbV9yYW5nZShwaHlzX2FkZHJf dCBhZGRyLCBzdHJ1Y3Qga3ZtX21lbV9yYW5nZSAqcmFuZ2UpCitzdGF0aWMgc3RydWN0IG1lbWJs b2NrX3JlZ2lvbiAqZmluZF9tZW1fcmFuZ2UocGh5c19hZGRyX3QgYWRkciwgc3RydWN0IGt2bV9t ZW1fcmFuZ2UgKnJhbmdlKQogewogCWludCBjdXIsIGxlZnQgPSAwLCByaWdodCA9IGh5cF9tZW1i bG9ja19ucjsKIAlzdHJ1Y3QgbWVtYmxvY2tfcmVnaW9uICpyZWc7CkBAIC0yMTgsMTggKzIxOCwy OCBAQCBzdGF0aWMgYm9vbCBmaW5kX21lbV9yYW5nZShwaHlzX2FkZHJfdCBhZGRyLCBzdHJ1Y3Qg a3ZtX21lbV9yYW5nZSAqcmFuZ2UpCiAJCX0gZWxzZSB7CiAJCQlyYW5nZS0+c3RhcnQgPSByZWct PmJhc2U7CiAJCQlyYW5nZS0+ZW5kID0gZW5kOwotCQkJcmV0dXJuIHRydWU7CisJCQlyZXR1cm4g cmVnOwogCQl9CiAJfQogCi0JcmV0dXJuIGZhbHNlOworCXJldHVybiBOVUxMOwogfQogCiBib29s IGFkZHJfaXNfbWVtb3J5KHBoeXNfYWRkcl90IHBoeXMpCiB7CiAJc3RydWN0IGt2bV9tZW1fcmFu Z2UgcmFuZ2U7CiAKLQlyZXR1cm4gZmluZF9tZW1fcmFuZ2UocGh5cywgJnJhbmdlKTsKKwlyZXR1 cm4gISFmaW5kX21lbV9yYW5nZShwaHlzLCAmcmFuZ2UpOworfQorCitzdGF0aWMgYm9vbCBhZGRy X2lzX2FsbG93ZWRfbWVtb3J5KHBoeXNfYWRkcl90IHBoeXMpCit7CisJc3RydWN0IG1lbWJsb2Nr X3JlZ2lvbiAqcmVnOworCXN0cnVjdCBrdm1fbWVtX3JhbmdlIHJhbmdlOworCisJcmVnID0gZmlu ZF9tZW1fcmFuZ2UocGh5cywgJnJhbmdlKTsKKworCXJldHVybiByZWcgJiYgIShyZWctPmZsYWdz ICYgTUVNQkxPQ0tfTk9NQVApOwogfQogCiBzdGF0aWMgYm9vbCBpc19pbl9tZW1fcmFuZ2UodTY0 IGFkZHIsIHN0cnVjdCBrdm1fbWVtX3JhbmdlICpyYW5nZSkKQEAgLTM0OCw3ICszNTgsNyBAQCBz dGF0aWMgYm9vbCBob3N0X3N0YWdlMl9mb3JjZV9wdGVfY2IodTY0IGFkZHIsIHU2NCBlbmQsIGVu dW0ga3ZtX3BndGFibGVfcHJvdCBwcgogc3RhdGljIGludCBob3N0X3N0YWdlMl9pZG1hcCh1NjQg YWRkcikKIHsKIAlzdHJ1Y3Qga3ZtX21lbV9yYW5nZSByYW5nZTsKLQlib29sIGlzX21lbW9yeSA9 IGZpbmRfbWVtX3JhbmdlKGFkZHIsICZyYW5nZSk7CisJYm9vbCBpc19tZW1vcnkgPSAhIWZpbmRf bWVtX3JhbmdlKGFkZHIsICZyYW5nZSk7CiAJZW51bSBrdm1fcGd0YWJsZV9wcm90IHByb3Q7CiAJ aW50IHJldDsKIApAQCAtNDI1LDcgKzQzNSw3IEBAIHN0YXRpYyBpbnQgX19jaGVja19wYWdlX3N0 YXRlX3Zpc2l0b3IodTY0IGFkZHIsIHU2NCBlbmQsIHUzMiBsZXZlbCwKIAlzdHJ1Y3QgY2hlY2tf d2Fsa19kYXRhICpkID0gYXJnOwogCWt2bV9wdGVfdCBwdGUgPSAqcHRlcDsKIAotCWlmIChrdm1f cHRlX3ZhbGlkKHB0ZSkgJiYgIWFkZHJfaXNfbWVtb3J5KGt2bV9wdGVfdG9fcGh5cyhwdGUpKSkK KwlpZiAoa3ZtX3B0ZV92YWxpZChwdGUpICYmICFhZGRyX2lzX2FsbG93ZWRfbWVtb3J5KGt2bV9w dGVfdG9fcGh5cyhwdGUpKSkKIAkJcmV0dXJuIC1FSU5WQUw7CiAKIAlyZXR1cm4gZC0+Z2V0X3Bh Z2Vfc3RhdGUocHRlKSA9PSBkLT5kZXNpcmVkID8gMCA6IC1FUEVSTTsKLS0gCjIuMzQuMQoKCl9f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fCmxpbnV4LWFybS1r ZXJuZWwgbWFpbGluZyBsaXN0CmxpbnV4LWFybS1rZXJuZWxAbGlzdHMuaW5mcmFkZWFkLm9yZwpo dHRwOi8vbGlzdHMuaW5mcmFkZWFkLm9yZy9tYWlsbWFuL2xpc3RpbmZvL2xpbnV4LWFybS1rZXJu ZWwK