[PATCH] KVM: arm64: Fix __pkvm_init_vcpu cptr_el2 error path

[PATCH] KVM: arm64: Fix __pkvm_init_vcpu cptr_el2 error path

[Vincent Donnefort]

On an error, hyp_vcpu will be accessed while this memory has already
been relinquished to the host and unmapped from the hypervisor. Move
the CPTR assignment to prevent that access.

Fixes: b5b9955617bc ("KVM: arm64: Eagerly restore host fpsimd/sve state in pKVM")
Signed-off-by: Vincent Donnefort <vdonnefort@google.com>

diff --git a/arch/arm64/kvm/hyp/nvhe/pkvm.c b/arch/arm64/kvm/hyp/nvhe/pkvm.c
index 187a5f4d56c0..7e7dd5fc66e3 100644
--- a/arch/arm64/kvm/hyp/nvhe/pkvm.c
+++ b/arch/arm64/kvm/hyp/nvhe/pkvm.c
@@ -571,14 +571,15 @@ int __pkvm_init_vcpu(pkvm_handle_t handle, struct kvm_vcpu *host_vcpu,
 
 	hyp_vm->vcpus[idx] = hyp_vcpu;
 	hyp_vm->nr_vcpus++;
+
+	hyp_vcpu->vcpu.arch.cptr_el2 = kvm_get_reset_cptr_el2(&hyp_vcpu->vcpu);
+
 unlock:
 	hyp_spin_unlock(&vm_table_lock);
 
 	if (ret)
 		unmap_donated_memory(hyp_vcpu, sizeof(*hyp_vcpu));
 
-	hyp_vcpu->vcpu.arch.cptr_el2 = kvm_get_reset_cptr_el2(&hyp_vcpu->vcpu);
-
 	return ret;
 }
 

base-commit: 98f7e32f20d28ec452afb208f9cffc08448a2652
-- 
2.46.0.662.g92d0881bb0-goog

Re: [PATCH] KVM: arm64: Fix __pkvm_init_vcpu cptr_el2 error path

[Oliver Upton]

On Wed, Sep 18, 2024 at 06:05:02PM +0100, Vincent Donnefort wrote:
> On an error, hyp_vcpu will be accessed while this memory has already
> been relinquished to the host and unmapped from the hypervisor. Move
> the CPTR assignment to prevent that access.
> 
> Fixes: b5b9955617bc ("KVM: arm64: Eagerly restore host fpsimd/sve state in pKVM")
> Signed-off-by: Vincent Donnefort <vdonnefort@google.com>

It's minor, but I'm guessing the original intent was to initialize
cptr_el2 outside of the vm_table_lock. So you could do an early return
instead:

	if (ret) {
		unmap_donated_memory(...);
		return ret;
	}

But again, minor. So:

Reviewed-by: Oliver Upton <oliver.upton@linux.dev>

-- 
Thanks,
Oliver