From: Catalin Marinas <catalin.marinas@arm.com>
To: ankita@nvidia.com
Cc: jgg@nvidia.com, maz@kernel.org, oliver.upton@linux.dev,
joey.gouly@arm.com, suzuki.poulose@arm.com, yuzenghui@huawei.com,
will@kernel.org, ryan.roberts@arm.com, shahuang@redhat.com,
lpieralisi@kernel.org, david@redhat.com, ddutile@redhat.com,
seanjc@google.com, aniketa@nvidia.com, cjia@nvidia.com,
kwankhede@nvidia.com, kjaju@nvidia.com, targupta@nvidia.com,
vsethi@nvidia.com, acurrid@nvidia.com, apopple@nvidia.com,
jhubbard@nvidia.com, danw@nvidia.com, zhiw@nvidia.com,
mochs@nvidia.com, udhoke@nvidia.com, dnigam@nvidia.com,
alex.williamson@redhat.com, sebastianene@google.com,
coltonlewis@google.com, kevin.tian@intel.com, yi.l.liu@intel.com,
ardb@kernel.org, akpm@linux-foundation.org, gshan@redhat.com,
linux-mm@kvack.org, tabba@google.com, qperret@google.com,
kvmarm@lists.linux.dev, linux-kernel@vger.kernel.org,
linux-arm-kernel@lists.infradead.org, maobibo@loongson.cn
Subject: Re: [PATCH v10 3/6] KVM: arm64: Block cacheable PFNMAP mapping
Date: Sun, 6 Jul 2025 19:54:18 -0500 [thread overview]
Message-ID: <aGsaus5vyv5jZXSl@arm.com> (raw)
In-Reply-To: <20250705071717.5062-4-ankita@nvidia.com>
On Sat, Jul 05, 2025 at 07:17:14AM +0000, ankita@nvidia.com wrote:
> From: Ankit Agrawal <ankita@nvidia.com>
>
> Fixes a security bug due to mismatched attributes between S1 and
> S2 mapping.
>
> Currently, it is possible for a region to be cacheable in the userspace
> VMA, but mapped non cached in S2. This creates a potential issue where
> the VMM may sanitize cacheable memory across VMs using cacheable stores,
> ensuring it is zeroed. However, if KVM subsequently assigns this memory
> to a VM as uncached, the VM could end up accessing stale, non-zeroed data
> from a previous VM, leading to unintended data exposure. This is a security
> risk.
>
> Block such mismatch attributes case by returning EINVAL when userspace
> try to map PFNMAP cacheable. Only allow NORMAL_NC and DEVICE_*.
>
> CC: Oliver Upton <oliver.upton@linux.dev>
> CC: Catalin Marinas <catalin.marinas@arm.com>
> CC: Sean Christopherson <seanjc@google.com>
> Suggested-by: Jason Gunthorpe <jgg@nvidia.com>
> Reviewed-by: Jason Gunthorpe <jgg@nvidia.com>
> Reviewed-by: David Hildenbrand <david@redhat.com>
> Tested-by: Donald Dutile <ddutile@redhat.com>
> Signed-off-by: Ankit Agrawal <ankita@nvidia.com>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
next prev parent reply other threads:[~2025-07-07 0:54 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-05 7:17 [PATCH v10 0/6] KVM: arm64: Map GPU device memory as cacheable ankita
2025-07-05 7:17 ` [PATCH v10 1/6] KVM: arm64: Rename the device variable to s2_force_noncacheable ankita
2025-07-07 0:51 ` Catalin Marinas
2025-07-05 7:17 ` [PATCH v10 2/6] KVM: arm64: Update the check to detect device memory ankita
2025-07-07 0:52 ` Catalin Marinas
2025-07-05 7:17 ` [PATCH v10 3/6] KVM: arm64: Block cacheable PFNMAP mapping ankita
2025-07-07 0:54 ` Catalin Marinas [this message]
2025-07-05 7:17 ` [PATCH v10 4/6] KVM: arm64: New function to determine hardware cache management support ankita
2025-07-05 7:17 ` [PATCH v10 5/6] KVM: arm64: Allow cacheable stage 2 mapping using VMA flags ankita
2025-07-07 1:00 ` Catalin Marinas
2025-07-07 7:32 ` David Hildenbrand
2025-07-07 12:27 ` Jason Gunthorpe
2025-07-05 7:17 ` [PATCH v10 6/6] KVM: arm64: Expose new KVM cap for cacheable PFNMAP ankita
2025-07-07 1:02 ` Catalin Marinas
2025-07-07 16:39 ` [PATCH v10 0/6] KVM: arm64: Map GPU device memory as cacheable Ankit Agrawal
2025-07-07 23:57 ` Oliver Upton
2025-07-09 14:34 ` Ankit Agrawal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aGsaus5vyv5jZXSl@arm.com \
--to=catalin.marinas@arm.com \
--cc=acurrid@nvidia.com \
--cc=akpm@linux-foundation.org \
--cc=alex.williamson@redhat.com \
--cc=aniketa@nvidia.com \
--cc=ankita@nvidia.com \
--cc=apopple@nvidia.com \
--cc=ardb@kernel.org \
--cc=cjia@nvidia.com \
--cc=coltonlewis@google.com \
--cc=danw@nvidia.com \
--cc=david@redhat.com \
--cc=ddutile@redhat.com \
--cc=dnigam@nvidia.com \
--cc=gshan@redhat.com \
--cc=jgg@nvidia.com \
--cc=jhubbard@nvidia.com \
--cc=joey.gouly@arm.com \
--cc=kevin.tian@intel.com \
--cc=kjaju@nvidia.com \
--cc=kvmarm@lists.linux.dev \
--cc=kwankhede@nvidia.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=lpieralisi@kernel.org \
--cc=maobibo@loongson.cn \
--cc=maz@kernel.org \
--cc=mochs@nvidia.com \
--cc=oliver.upton@linux.dev \
--cc=qperret@google.com \
--cc=ryan.roberts@arm.com \
--cc=seanjc@google.com \
--cc=sebastianene@google.com \
--cc=shahuang@redhat.com \
--cc=suzuki.poulose@arm.com \
--cc=tabba@google.com \
--cc=targupta@nvidia.com \
--cc=udhoke@nvidia.com \
--cc=vsethi@nvidia.com \
--cc=will@kernel.org \
--cc=yi.l.liu@intel.com \
--cc=yuzenghui@huawei.com \
--cc=zhiw@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.