shinys000114/linux
1
0
Fork 0
mirror of https://github.com/hardkernel/linux.git synced 2026-06-05 02:21:52 +09:00
Code Issues Packages Projects Releases Wiki Activity

ANDROID: KVM: arm64: Always unmap protected regions from the host

Browse Source 
As part of the host deprivilege process, memory regions advertised in
the "pkvm,protected-region" devicetree nodes are unmapped from the
host stage-2 page-table and annotated specially so that the memory can
be used exclusively by hypervisor modules.

Since the state of this memory in the host stage-2 may not be in the
"owned" state (for example, if it corresponds to a "no-map" region),
remove the initial check of the page state and allow unmapping of any
pages from the trusted host.

Bug: 280380533
Cc: Quentin Perret <qperret@google.com>
Fixes: 417e986b54 ("ANDROID: KVM: arm64: Move addr_is_allowed_memory() check into host callback")
Signed-off-by: Will Deacon <willdeacon@google.com>
Change-Id: Ic28a2557d6d515b356645228fd41d3c921826489
This commit is contained in:
Will Deacon
2023-05-11 00:27:04 +01:00
parent e4411db286
commit 3e404f3f97
3 changed files with 3 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
arch/arm64/kvm/hyp/include/nvhe/mem_protect.h
View File

@@ -89,7 +89,6 @@ bool addr_is_memory(phys_addr_t phys);
int host_stage2_idmap_locked(phys_addr_t addr, u64 size, enum kvm_pgtable_prot prot,
bool update_iommu);
int host_stage2_set_owner_locked(phys_addr_t addr, u64 size, enum pkvm_component_id owner_id);
int host_stage2_protect_pages_locked(phys_addr_t addr, u64 size);
int host_stage2_unmap_reg_locked(phys_addr_t start, u64 size);
int kvm_host_prepare_stage2(void *pgt_pool_base);
int kvm_guest_prepare_stage2(struct pkvm_hyp_vm *vm, void *pgd);

13
arch/arm64/kvm/hyp/nvhe/mem_protect.c
View File

@@ -2366,19 +2366,6 @@ bool __pkvm_check_ioguard_page(struct pkvm_hyp_vcpu *hyp_vcpu)
return ret;
}
int host_stage2_protect_pages_locked(phys_addr_t addr, u64 size)
{
int ret;
hyp_assert_lock_held(&host_mmu.lock);
ret = __host_check_page_state_range(addr, size, PKVM_PAGE_OWNED);
if (!ret)
ret = host_stage2_set_owner_locked(addr, size, PKVM_ID_PROTECTED);
return ret;
}
int host_stage2_get_leaf(phys_addr_t phys, kvm_pte_t *ptep, u32 *level)
{
int ret;

4
arch/arm64/kvm/hyp/nvhe/setup.c
View File

@@ -318,7 +318,9 @@ static int unmap_protected_regions(void)
reg = &pkvm_moveable_regs[i];
if (reg->type != PKVM_MREG_PROTECTED_RANGE)
continue;
ret = host_stage2_protect_pages_locked(reg->start, reg->size);
ret = host_stage2_set_owner_locked(reg->start, reg->size,
PKVM_ID_PROTECTED);
if (ret)
return ret;
}