From: Suraj Jitindar Singh <surajjs@amazon.com>
To: <stable@vger.kernel.org>
Cc: <james.morse@arm.com>, <alexandru.elisei@arm.com>,
<suzuki.poulose@arm.com>, <oliver.upton@linux.dev>,
<catalin.marinas@arm.com>, <linux-arm-kernel@lists.infradead.org>,
<kvmarm@lists.linux.dev>, <kvmarm@lists.cs.columbia.edu>,
<linux-kernel@vger.kernel.org>, <sjitindarsingh@gmail.com>,
Will Deacon <will@kernel.org>,
Quentin Perret <qperret@google.com>,
Marc Zyngier <maz@kernel.org>,
Suraj Jitindar Singh <surajjs@amazon.com>
Subject: [PATCH stable 6.1.y 2/2] KVM: arm64: Prevent unconditional donation of unmapped regions from the host
Date: Wed, 20 Sep 2023 12:27:29 -0700 [thread overview]
Message-ID: <20230920192729.694309-2-surajjs@amazon.com> (raw)
In-Reply-To: <20230920192729.694309-1-surajjs@amazon.com>
From: Will Deacon <will@kernel.org>
commit 09cce60bddd6461a93a5bf434265a47827d1bc6f upstream.
Since host stage-2 mappings are created lazily, we cannot rely solely on
the pte in order to recover the target physical address when checking a
host-initiated memory transition as this permits donation of unmapped
regions corresponding to MMIO or "no-map" memory.
Instead of inspecting the pte, move the addr_is_allowed_memory() check
into the host callback function where it is passed the physical address
directly from the walker.
Cc: Quentin Perret <qperret@google.com>
Fixes: e82edcc75c4e ("KVM: arm64: Implement do_share() helper for sharing memory")
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20230518095844.1178-1-will@kernel.org
[ bp: s/ctx->addr/addr in __check_page_state_visitor due to missing commit
"KVM: arm64: Combine visitor arguments into a context structure"
in stable.
]
Signed-off-by: Suraj Jitindar Singh <surajjs@amazon.com>
---
arch/arm64/kvm/hyp/nvhe/mem_protect.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/arch/arm64/kvm/hyp/nvhe/mem_protect.c b/arch/arm64/kvm/hyp/nvhe/mem_protect.c
index 0f6c053686c7..0faa330a41ed 100644
--- a/arch/arm64/kvm/hyp/nvhe/mem_protect.c
+++ b/arch/arm64/kvm/hyp/nvhe/mem_protect.c
@@ -424,7 +424,7 @@ struct pkvm_mem_share {
struct check_walk_data {
enum pkvm_page_state desired;
- enum pkvm_page_state (*get_page_state)(kvm_pte_t pte);
+ enum pkvm_page_state (*get_page_state)(kvm_pte_t pte, u64 addr);
};
static int __check_page_state_visitor(u64 addr, u64 end, u32 level,
@@ -435,10 +435,7 @@ static int __check_page_state_visitor(u64 addr, u64 end, u32 level,
struct check_walk_data *d = arg;
kvm_pte_t pte = *ptep;
- if (kvm_pte_valid(pte) && !addr_is_allowed_memory(kvm_pte_to_phys(pte)))
- return -EINVAL;
-
- return d->get_page_state(pte) == d->desired ? 0 : -EPERM;
+ return d->get_page_state(pte, addr) == d->desired ? 0 : -EPERM;
}
static int check_page_state_range(struct kvm_pgtable *pgt, u64 addr, u64 size,
@@ -453,8 +450,11 @@ static int check_page_state_range(struct kvm_pgtable *pgt, u64 addr, u64 size,
return kvm_pgtable_walk(pgt, addr, size, &walker);
}
-static enum pkvm_page_state host_get_page_state(kvm_pte_t pte)
+static enum pkvm_page_state host_get_page_state(kvm_pte_t pte, u64 addr)
{
+ if (!addr_is_allowed_memory(addr))
+ return PKVM_NOPAGE;
+
if (!kvm_pte_valid(pte) && pte)
return PKVM_NOPAGE;
@@ -521,7 +521,7 @@ static int host_initiate_unshare(u64 *completer_addr,
return __host_set_page_state_range(addr, size, PKVM_PAGE_OWNED);
}
-static enum pkvm_page_state hyp_get_page_state(kvm_pte_t pte)
+static enum pkvm_page_state hyp_get_page_state(kvm_pte_t pte, u64 addr)
{
if (!kvm_pte_valid(pte))
return PKVM_NOPAGE;
--
2.34.1
WARNING: multiple messages have this Message-ID (diff)
From: Suraj Jitindar Singh <surajjs@amazon.com>
To: <stable@vger.kernel.org>
Cc: <james.morse@arm.com>, <alexandru.elisei@arm.com>,
<suzuki.poulose@arm.com>, <oliver.upton@linux.dev>,
<catalin.marinas@arm.com>, <linux-arm-kernel@lists.infradead.org>,
<kvmarm@lists.linux.dev>, <kvmarm@lists.cs.columbia.edu>,
<linux-kernel@vger.kernel.org>, <sjitindarsingh@gmail.com>,
Will Deacon <will@kernel.org>,
Quentin Perret <qperret@google.com>,
Marc Zyngier <maz@kernel.org>,
Suraj Jitindar Singh <surajjs@amazon.com>
Subject: [PATCH stable 6.1.y 2/2] KVM: arm64: Prevent unconditional donation of unmapped regions from the host
Date: Wed, 20 Sep 2023 12:27:29 -0700 [thread overview]
Message-ID: <20230920192729.694309-2-surajjs@amazon.com> (raw)
In-Reply-To: <20230920192729.694309-1-surajjs@amazon.com>
From: Will Deacon <will@kernel.org>
commit 09cce60bddd6461a93a5bf434265a47827d1bc6f upstream.
Since host stage-2 mappings are created lazily, we cannot rely solely on
the pte in order to recover the target physical address when checking a
host-initiated memory transition as this permits donation of unmapped
regions corresponding to MMIO or "no-map" memory.
Instead of inspecting the pte, move the addr_is_allowed_memory() check
into the host callback function where it is passed the physical address
directly from the walker.
Cc: Quentin Perret <qperret@google.com>
Fixes: e82edcc75c4e ("KVM: arm64: Implement do_share() helper for sharing memory")
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20230518095844.1178-1-will@kernel.org
[ bp: s/ctx->addr/addr in __check_page_state_visitor due to missing commit
"KVM: arm64: Combine visitor arguments into a context structure"
in stable.
]
Signed-off-by: Suraj Jitindar Singh <surajjs@amazon.com>
---
arch/arm64/kvm/hyp/nvhe/mem_protect.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/arch/arm64/kvm/hyp/nvhe/mem_protect.c b/arch/arm64/kvm/hyp/nvhe/mem_protect.c
index 0f6c053686c7..0faa330a41ed 100644
--- a/arch/arm64/kvm/hyp/nvhe/mem_protect.c
+++ b/arch/arm64/kvm/hyp/nvhe/mem_protect.c
@@ -424,7 +424,7 @@ struct pkvm_mem_share {
struct check_walk_data {
enum pkvm_page_state desired;
- enum pkvm_page_state (*get_page_state)(kvm_pte_t pte);
+ enum pkvm_page_state (*get_page_state)(kvm_pte_t pte, u64 addr);
};
static int __check_page_state_visitor(u64 addr, u64 end, u32 level,
@@ -435,10 +435,7 @@ static int __check_page_state_visitor(u64 addr, u64 end, u32 level,
struct check_walk_data *d = arg;
kvm_pte_t pte = *ptep;
- if (kvm_pte_valid(pte) && !addr_is_allowed_memory(kvm_pte_to_phys(pte)))
- return -EINVAL;
-
- return d->get_page_state(pte) == d->desired ? 0 : -EPERM;
+ return d->get_page_state(pte, addr) == d->desired ? 0 : -EPERM;
}
static int check_page_state_range(struct kvm_pgtable *pgt, u64 addr, u64 size,
@@ -453,8 +450,11 @@ static int check_page_state_range(struct kvm_pgtable *pgt, u64 addr, u64 size,
return kvm_pgtable_walk(pgt, addr, size, &walker);
}
-static enum pkvm_page_state host_get_page_state(kvm_pte_t pte)
+static enum pkvm_page_state host_get_page_state(kvm_pte_t pte, u64 addr)
{
+ if (!addr_is_allowed_memory(addr))
+ return PKVM_NOPAGE;
+
if (!kvm_pte_valid(pte) && pte)
return PKVM_NOPAGE;
@@ -521,7 +521,7 @@ static int host_initiate_unshare(u64 *completer_addr,
return __host_set_page_state_range(addr, size, PKVM_PAGE_OWNED);
}
-static enum pkvm_page_state hyp_get_page_state(kvm_pte_t pte)
+static enum pkvm_page_state hyp_get_page_state(kvm_pte_t pte, u64 addr)
{
if (!kvm_pte_valid(pte))
return PKVM_NOPAGE;
--
2.34.1
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2023-09-20 19:28 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-20 19:27 [PATCH stable 6.1.y 1/2] KVM: arm64: Prevent the donation of no-map pages Suraj Jitindar Singh
2023-09-20 19:27 ` Suraj Jitindar Singh
2023-09-20 19:27 ` Suraj Jitindar Singh [this message]
2023-09-20 19:27 ` [PATCH stable 6.1.y 2/2] KVM: arm64: Prevent unconditional donation of unmapped regions from the host Suraj Jitindar Singh
2023-09-21 7:15 ` Marc Zyngier
2023-09-21 7:15 ` Marc Zyngier
2023-09-21 22:25 ` Suraj Jitindar Singh
2023-09-21 22:25 ` Suraj Jitindar Singh
2023-09-21 7:13 ` [PATCH stable 6.1.y 1/2] KVM: arm64: Prevent the donation of no-map pages Marc Zyngier
2023-09-21 7:13 ` Marc Zyngier
2023-09-21 22:22 ` Jitindar Singh, Suraj
2023-09-21 22:22 ` Jitindar Singh, Suraj
2023-09-22 9:25 ` Greg KH
2023-09-22 9:25 ` Greg KH
2023-09-22 10:08 ` Marc Zyngier
2023-09-22 10:08 ` Marc Zyngier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230920192729.694309-2-surajjs@amazon.com \
--to=surajjs@amazon.com \
--cc=alexandru.elisei@arm.com \
--cc=catalin.marinas@arm.com \
--cc=james.morse@arm.com \
--cc=kvmarm@lists.cs.columbia.edu \
--cc=kvmarm@lists.linux.dev \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=maz@kernel.org \
--cc=oliver.upton@linux.dev \
--cc=qperret@google.com \
--cc=sjitindarsingh@gmail.com \
--cc=stable@vger.kernel.org \
--cc=suzuki.poulose@arm.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.