From 3de7d142cf6eb4dcbd453743c8b9e02fae73a5d9 Mon Sep 17 00:00:00 2001 From: Ryan Roberts Date: Thu, 27 Oct 2022 13:09:45 +0100 Subject: [PATCH] BACKPORT: KVM: arm64: Fix bad dereference on MTE-enabled systems enter_exception64() performs an MTE check, which involves dereferencing vcpu->kvm. While vcpu has already been fixed up to be a HYP VA pointer, kvm is still a pointer in the kernel VA space. This only affects nVHE configurations with MTE enabled, as in other cases, the pointer is either valid (VHE) or not dereferenced (!MTE). Fix this by first converting kvm to a HYP VA pointer. Fixes: ea7fc1bb1cd1 ("KVM: arm64: Introduce MTE VM feature") Signed-off-by: Ryan Roberts Reviewed-by: Steven Price [maz: commit message tidy-up] Signed-off-by: Marc Zyngier Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/20221027120945.29679-1-ryan.roberts@arm.com (cherry picked from commit b6bcdc9f6b8321e4471ff45413b6410e16762a8d) [willdeacon@: Fixed conflict with aosp/2038249 rework moving MTE feature check into caller] Signed-off-by: Will Deacon Bug: 233587962 Bug: 233588291 Change-Id: Id0aac0fc38dff2569081910af7468ecf97b6eca3 --- arch/arm64/kvm/hyp/exception.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/arch/arm64/kvm/hyp/exception.c b/arch/arm64/kvm/hyp/exception.c index 14a80b0e2f91..ceb6808c2d80 100644 --- a/arch/arm64/kvm/hyp/exception.c +++ b/arch/arm64/kvm/hyp/exception.c @@ -13,6 +13,7 @@ #include #include #include +#include #if !defined (__KVM_NVHE_HYPERVISOR__) && !defined (__KVM_VHE_HYPERVISOR__) #error Hypervisor code only! @@ -165,7 +166,8 @@ static void enter_exception64(struct kvm_vcpu *vcpu, unsigned long target_mode, *vcpu_pc(vcpu) = vbar + offset; old = *vcpu_cpsr(vcpu); - new = get_except64_cpsr(old, kvm_has_mte(vcpu->kvm), sctlr, target_mode); + new = get_except64_cpsr(old, kvm_has_mte(kern_hyp_va(vcpu->kvm)), sctlr, + target_mode); *vcpu_cpsr(vcpu) = new; __vcpu_write_spsr(vcpu, old); }