[PATCH] KVM: arm64: Fix nVHE/pKVM hyp tracing error on invalid desc

[PATCH] KVM: arm64: Fix nVHE/pKVM hyp tracing error on invalid desc

[Vincent Donnefort]

pKVM must validate the host-provided tracing buffer descriptor.
However, if an error is found, the hypervisor would just return 0 to the
host. Fix the return value on validation failure.

While at it, rename the function to hyp_trace_desc_is_valid() and skip
validation for the nVHE mode as we trust host-provided data in that
case.

Signed-off-by: Vincent Donnefort <vdonnefort@google.com>

diff --git a/arch/arm64/kvm/hyp/nvhe/trace.c b/arch/arm64/kvm/hyp/nvhe/trace.c
index a6ca27b18e15..e7e150ab265f 100644
--- a/arch/arm64/kvm/hyp/nvhe/trace.c
+++ b/arch/arm64/kvm/hyp/nvhe/trace.c
@@ -164,13 +164,16 @@ static int hyp_trace_buffer_load(struct hyp_trace_buffer *trace_buffer,
 	return ret;
 }
 
-static bool hyp_trace_desc_validate(struct hyp_trace_desc *desc, size_t desc_size)
+static bool hyp_trace_desc_is_valid(struct hyp_trace_desc *desc, size_t desc_size)
 {
 	struct ring_buffer_desc *rb_desc;
 	unsigned int cpu;
 	size_t nr_bpages;
 	void *desc_end;
 
+	if (!is_protected_kvm_enabled())
+		return true;
+
 	/*
 	 * Both desc_size and bpages_backing_size are untrusted host-provided
 	 * values. We rely on __pkvm_host_donate_hyp() to enforce their validity.
@@ -212,8 +215,10 @@ int __tracing_load(unsigned long desc_hva, size_t desc_size)
 	if (ret)
 		return ret;
 
-	if (!hyp_trace_desc_validate(desc, desc_size))
+	if (!hyp_trace_desc_is_valid(desc, desc_size)) {
+		ret = -EINVAL;
 		goto err_release_desc;
+	}
 
 	hyp_spin_lock(&trace_buffer.lock);
 

base-commit: 5d6919055dec134de3c40167a490f33c74c12581
-- 
2.54.0.563.g4f69b47b94-goog

Re: [PATCH] KVM: arm64: Fix nVHE/pKVM hyp tracing error on invalid desc

[Marc Zyngier]

On Thu, 14 May 2026 17:26:24 +0100,
Vincent Donnefort <vdonnefort@google.com> wrote:
> 
> pKVM must validate the host-provided tracing buffer descriptor.
> However, if an error is found, the hypervisor would just return 0 to the
> host. Fix the return value on validation failure.
> 
> While at it, rename the function to hyp_trace_desc_is_valid() and skip
> validation for the nVHE mode as we trust host-provided data in that
> case.
> 
> Signed-off-by: Vincent Donnefort <vdonnefort@google.com>

Fixes: tag? Should it be considered as a Cc: to stable?

	M.

-- 
Without deviation from the norm, progress is not possible.

Re: [PATCH] KVM: arm64: Fix nVHE/pKVM hyp tracing error on invalid desc

[Vincent Donnefort]

On Fri, May 15, 2026 at 11:21:15AM +0100, Marc Zyngier wrote:
> On Thu, 14 May 2026 17:26:24 +0100,
> Vincent Donnefort <vdonnefort@google.com> wrote:
> > 
> > pKVM must validate the host-provided tracing buffer descriptor.
> > However, if an error is found, the hypervisor would just return 0 to the
> > host. Fix the return value on validation failure.
> > 
> > While at it, rename the function to hyp_trace_desc_is_valid() and skip
> > validation for the nVHE mode as we trust host-provided data in that
> > case.
> > 
> > Signed-off-by: Vincent Donnefort <vdonnefort@google.com>
> 
> Fixes: tag? Should it be considered as a Cc: to stable?
> 
> 	M.

Fixes: 680a04c333fa ("KVM: arm64: Add tracing capability for the nVHE/pKVM hyp")

It is only from 7.1 so no stable to fix.

> 
> -- 
> Without deviation from the norm, progress is not possible.