From: Jason Gunthorpe <jgg@nvidia.com>
To: ankita@nvidia.com
Cc: maz@kernel.org, oliver.upton@linux.dev, joey.gouly@arm.com,
suzuki.poulose@arm.com, yuzenghui@huawei.com,
catalin.marinas@arm.com, will@kernel.org, ryan.roberts@arm.com,
shahuang@redhat.com, lpieralisi@kernel.org, david@redhat.com,
ddutile@redhat.com, seanjc@google.com, aniketa@nvidia.com,
cjia@nvidia.com, kwankhede@nvidia.com, kjaju@nvidia.com,
targupta@nvidia.com, vsethi@nvidia.com, acurrid@nvidia.com,
apopple@nvidia.com, jhubbard@nvidia.com, danw@nvidia.com,
zhiw@nvidia.com, mochs@nvidia.com, udhoke@nvidia.com,
dnigam@nvidia.com, alex.williamson@redhat.com,
sebastianene@google.com, coltonlewis@google.com,
kevin.tian@intel.com, yi.l.liu@intel.com, ardb@kernel.org,
akpm@linux-foundation.org, gshan@redhat.com, linux-mm@kvack.org,
tabba@google.com, qperret@google.com, kvmarm@lists.linux.dev,
linux-kernel@vger.kernel.org,
linux-arm-kernel@lists.infradead.org, maobibo@loongson.cn
Subject: Re: [PATCH v9 3/6] KVM: arm64: Block cacheable PFNMAP mapping
Date: Fri, 4 Jul 2025 10:45:12 -0300 [thread overview]
Message-ID: <20250704134512.GF1410929@nvidia.com> (raw)
In-Reply-To: <20250621042111.3992-4-ankita@nvidia.com>
On Sat, Jun 21, 2025 at 04:21:08AM +0000, ankita@nvidia.com wrote:
> From: Ankit Agrawal <ankita@nvidia.com>
>
> Fixes a security bug due to mismatched attributes between S1 and
> S2 mapping.
>
> Currently, it is possible for a region to be cacheable in the userspace
> VMA, but mapped non cached in S2. This creates a potential issue where
> the VMM may sanitize cacheable memory across VMs using cacheable stores,
> ensuring it is zeroed. However, if KVM subsequently assigns this memory
> to a VM as uncached, the VM could end up accessing stale, non-zeroed data
> from a previous VM, leading to unintended data exposure. This is a security
> risk.
>
> Block such mismatch attributes case by returning EINVAL when userspace
> try to map PFNMAP cacheable. Only allow NORMAL_NC and DEVICE_*.
>
> CC: Oliver Upton <oliver.upton@linux.dev>
> CC: Catalin Marinas <catalin.marinas@arm.com>
> CC: Sean Christopherson <seanjc@google.com>
> Suggested-by: Jason Gunthorpe <jgg@nvidia.com>
> Signed-off-by: Ankit Agrawal <ankita@nvidia.com>
> ---
> arch/arm64/kvm/mmu.c | 34 +++++++++++++++++++++++++++++++++-
> 1 file changed, 33 insertions(+), 1 deletion(-)
Looks straightforward now
Reviewed-by: Jason Gunthorpe <jgg@nvidia.com>
Jason
next prev parent reply other threads:[~2025-07-04 13:45 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-21 4:21 [PATCH v9 0/6] KVM: arm64: Map GPU device memory as cacheable ankita
2025-06-21 4:21 ` [PATCH v9 1/6] KVM: arm64: Rename the device variable to s2_force_noncacheable ankita
2025-07-04 13:41 ` Jason Gunthorpe
2025-07-04 13:57 ` David Hildenbrand
2025-06-21 4:21 ` [PATCH v9 2/6] KVM: arm64: Update the check to detect device memory ankita
2025-07-04 13:43 ` Jason Gunthorpe
2025-07-04 14:02 ` David Hildenbrand
2025-06-21 4:21 ` [PATCH v9 3/6] KVM: arm64: Block cacheable PFNMAP mapping ankita
2025-06-27 13:49 ` Will Deacon
2025-06-30 1:56 ` Ankit Agrawal
2025-06-30 12:25 ` Jason Gunthorpe
2025-07-04 12:21 ` David Hildenbrand
2025-07-04 16:04 ` Will Deacon
2025-07-04 16:47 ` Jason Gunthorpe
2025-07-08 12:47 ` Will Deacon
2025-07-04 13:45 ` Jason Gunthorpe [this message]
2025-07-04 14:09 ` David Hildenbrand
2025-06-21 4:21 ` [PATCH v9 4/6] KVM: arm64: New function to determine hardware cache management support ankita
2025-07-04 13:47 ` Jason Gunthorpe
2025-07-04 14:10 ` David Hildenbrand
2025-06-21 4:21 ` [PATCH v9 5/6] KVM: arm64: Allow cacheable stage 2 mapping using VMA flags ankita
2025-07-04 14:04 ` Jason Gunthorpe
2025-07-04 14:13 ` David Hildenbrand
2025-07-04 16:51 ` Ankit Agrawal
2025-06-21 4:21 ` [PATCH v9 6/6] KVM: arm64: Expose new KVM cap for cacheable PFNMAP ankita
2025-07-04 13:44 ` Jason Gunthorpe
2025-07-04 14:15 ` David Hildenbrand
2025-07-04 15:04 ` Jason Gunthorpe
2025-07-04 16:20 ` Ankit Agrawal
2025-07-04 16:56 ` Jason Gunthorpe
2025-06-27 5:03 ` [PATCH v9 0/6] KVM: arm64: Map GPU device memory as cacheable Ankit Agrawal
2025-07-02 9:33 ` Ankit Agrawal
2025-07-02 16:51 ` Donald Dutile
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250704134512.GF1410929@nvidia.com \
--to=jgg@nvidia.com \
--cc=acurrid@nvidia.com \
--cc=akpm@linux-foundation.org \
--cc=alex.williamson@redhat.com \
--cc=aniketa@nvidia.com \
--cc=ankita@nvidia.com \
--cc=apopple@nvidia.com \
--cc=ardb@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=cjia@nvidia.com \
--cc=coltonlewis@google.com \
--cc=danw@nvidia.com \
--cc=david@redhat.com \
--cc=ddutile@redhat.com \
--cc=dnigam@nvidia.com \
--cc=gshan@redhat.com \
--cc=jhubbard@nvidia.com \
--cc=joey.gouly@arm.com \
--cc=kevin.tian@intel.com \
--cc=kjaju@nvidia.com \
--cc=kvmarm@lists.linux.dev \
--cc=kwankhede@nvidia.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=lpieralisi@kernel.org \
--cc=maobibo@loongson.cn \
--cc=maz@kernel.org \
--cc=mochs@nvidia.com \
--cc=oliver.upton@linux.dev \
--cc=qperret@google.com \
--cc=ryan.roberts@arm.com \
--cc=seanjc@google.com \
--cc=sebastianene@google.com \
--cc=shahuang@redhat.com \
--cc=suzuki.poulose@arm.com \
--cc=tabba@google.com \
--cc=targupta@nvidia.com \
--cc=udhoke@nvidia.com \
--cc=vsethi@nvidia.com \
--cc=will@kernel.org \
--cc=yi.l.liu@intel.com \
--cc=yuzenghui@huawei.com \
--cc=zhiw@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.