ANDROID: KVM: arm64: Memory donated for shadow state must be aligned

Check that the donated memory for the hyp shadow vm is paged-aligned. Bug: 217683487 Reported-by: David Brazdil <dbrazdil@google.com> Signed-off-by: Fuad Tabba <tabba@google.com> Change-Id: I289cf1704eea9c2036cf26a8d767b101626620ed
2026-06-06 19:08:57 +09:00 · 2022-02-03 11:48:26 +00:00
parent 3edc23316a
commit 50d8a0882d
1 changed files with 16 additions and 0 deletions
--- a/arch/arm64/kvm/hyp/nvhe/pkvm.c
+++ b/arch/arm64/kvm/hyp/nvhe/pkvm.c
@@ -547,6 +547,16 @@ static int check_shadow_size(int nr_vcpus, size_t shadow_size)
 *
 * Unmaps the donated memory from the host at stage 2.
 *
+ * kvm: A pointer to the host's struct kvm (host va).
+ * shadow_va: The host va of the area being donated for the shadow state.
+ * 	      Must be page aligned.
+ * shadow_size: The size of the area being donated for the shadow state.
+ * 		Must be a multiple of the page size.
+ * pgd: The host va of the area being donated for the stage-2 PGD for the VM.
+ * 	Must be page aligned. Its size is implied by the VM's VTCR.
+ * Note: An array to the host KVM VCPUs (host VA) is passed via the pgd, as to
+ * 	 not to be dependent on how the VCPU's are layed out in struct kvm.
+ *
 * Return a unique handle to the protected VM on success,
 * negative error code on failure.
 */
@@ -563,6 +573,12 @@ int __pkvm_init_shadow(struct kvm *kvm,
 	int nr_vcpus = 0;
 	int ret = 0;

+	/* Check that the donated memory is aligned to page boundaries. */
+	if (!PAGE_ALIGNED(shadow_va) ||
+	    !PAGE_ALIGNED(shadow_size) ||
+	    !PAGE_ALIGNED(pgd))
+		return -EINVAL;
+
 	kvm = kern_hyp_va(kvm);
 	pgd = kern_hyp_va(pgd);