From 3c8afbbfa45b9bae1c95688e7e136c20cb601b8f Mon Sep 17 00:00:00 2001 From: Quentin Perret Date: Thu, 17 Nov 2022 17:22:34 +0000 Subject: [PATCH] ANDROID: KVM: arm64: Issue CMOs when tearing down shadow pages On the guest teardown path, pKVM will zero the pages used to back the guest shadow data structures before returning them to the host as they may contain secrets (e.g. in the vCPU registers). However, the zeroing is done using a cacheable alias, and CMOs are missing, hence giving the host a potential opportunity to read the original content of the shadow structs from memory. Fix this by issuing CMOs after zeroing the pages. [ qperret@: moved the CMOs to __unmap_donated_memory() to cover all callers, including the __pkvm_init_vm() error path ] Bug: 259551298 Change-Id: Id696d47d16e4c3fd870cb70b792eeb7f2282fc78 Signed-off-by: Quentin Perret --- arch/arm64/kvm/hyp/nvhe/pkvm.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/arm64/kvm/hyp/nvhe/pkvm.c b/arch/arm64/kvm/hyp/nvhe/pkvm.c index 26db4f6e0a14..0aa6eba48a33 100644 --- a/arch/arm64/kvm/hyp/nvhe/pkvm.c +++ b/arch/arm64/kvm/hyp/nvhe/pkvm.c @@ -626,6 +626,7 @@ static void *map_donated_memory(unsigned long host_va, size_t size) static void __unmap_donated_memory(void *va, size_t size) { + kvm_flush_dcache_to_poc(va, size); WARN_ON(__pkvm_hyp_donate_host(hyp_virt_to_pfn(va), PAGE_ALIGN(size) >> PAGE_SHIFT)); }