From 0e6b940fce4cd07c4b2d3eb28163ab38c067feab Mon Sep 17 00:00:00 2001 From: Fuad Tabba Date: Mon, 14 Feb 2022 10:41:30 +0000 Subject: [PATCH] ANDROID: KVM: arm64: Do not pass host struct pointers to pkvm_vcpu_put() This function only works for loaded vcpus and no more information is needed by hyp. This removes the need to access potentially unsafe host memory. Bug: 220830416 Signed-off-by: Fuad Tabba Change-Id: I09cb49b06e541bba09e91ce5885b963b88a3c315 --- arch/arm64/kvm/arm.c | 2 +- arch/arm64/kvm/hyp/nvhe/hyp-main.c | 8 +++----- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/arch/arm64/kvm/arm.c b/arch/arm64/kvm/arm.c index 2da685bd2292..456fb7e0c179 100644 --- a/arch/arm64/kvm/arm.c +++ b/arch/arm64/kvm/arm.c @@ -567,7 +567,7 @@ void kvm_arch_vcpu_put(struct kvm_vcpu *vcpu) if (is_protected_kvm_enabled()) { kvm_call_hyp(__vgic_v3_save_vmcr_aprs, &vcpu->arch.vgic_cpu.vgic_v3); - kvm_call_hyp_nvhe(__pkvm_vcpu_put, vcpu); + kvm_call_hyp_nvhe(__pkvm_vcpu_put); /* __pkvm_vcpu_put implies a sync of the state */ if (!kvm_vm_is_protected(vcpu->kvm)) diff --git a/arch/arm64/kvm/hyp/nvhe/hyp-main.c b/arch/arm64/kvm/hyp/nvhe/hyp-main.c index b3b8e2d78b91..926a7a9915e7 100644 --- a/arch/arm64/kvm/hyp/nvhe/hyp-main.c +++ b/arch/arm64/kvm/hyp/nvhe/hyp-main.c @@ -665,19 +665,17 @@ static void handle___pkvm_vcpu_load(struct kvm_cpu_context *host_ctxt) static void handle___pkvm_vcpu_put(struct kvm_cpu_context *host_ctxt) { - DECLARE_REG(struct kvm_vcpu *, vcpu, host_ctxt, 1); - if (unlikely(is_protected_kvm_enabled())) { struct pkvm_loaded_state *state = this_cpu_ptr(&loaded_state); - vcpu = kern_hyp_va(vcpu); + if (state->vcpu) { + struct kvm_vcpu *host_vcpu = state->vcpu->arch.pkvm.host_vcpu; - if (state->vcpu && state->vcpu->arch.pkvm.host_vcpu == vcpu) { if (state->vcpu->arch.flags & KVM_ARM64_FP_ENABLED) fpsimd_host_restore(); if (!state->is_protected && - !(READ_ONCE(vcpu->arch.flags) & KVM_ARM64_PKVM_STATE_DIRTY)) + !(READ_ONCE(host_vcpu->arch.flags) & KVM_ARM64_PKVM_STATE_DIRTY)) __sync_vcpu_state(state->vcpu); put_shadow_vcpu(state->vcpu);