From 50d8a0882d2ed63abcb162197d9cc8134255d471 Mon Sep 17 00:00:00 2001 From: Fuad Tabba Date: Thu, 3 Feb 2022 11:48:26 +0000 Subject: [PATCH] ANDROID: KVM: arm64: Memory donated for shadow state must be aligned Check that the donated memory for the hyp shadow vm is paged-aligned. Bug: 217683487 Reported-by: David Brazdil Signed-off-by: Fuad Tabba Change-Id: I289cf1704eea9c2036cf26a8d767b101626620ed --- arch/arm64/kvm/hyp/nvhe/pkvm.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/arch/arm64/kvm/hyp/nvhe/pkvm.c b/arch/arm64/kvm/hyp/nvhe/pkvm.c index 0b1ec45449d5..13c72b1b6b9c 100644 --- a/arch/arm64/kvm/hyp/nvhe/pkvm.c +++ b/arch/arm64/kvm/hyp/nvhe/pkvm.c @@ -547,6 +547,16 @@ static int check_shadow_size(int nr_vcpus, size_t shadow_size) * * Unmaps the donated memory from the host at stage 2. * + * kvm: A pointer to the host's struct kvm (host va). + * shadow_va: The host va of the area being donated for the shadow state. + * Must be page aligned. + * shadow_size: The size of the area being donated for the shadow state. + * Must be a multiple of the page size. + * pgd: The host va of the area being donated for the stage-2 PGD for the VM. + * Must be page aligned. Its size is implied by the VM's VTCR. + * Note: An array to the host KVM VCPUs (host VA) is passed via the pgd, as to + * not to be dependent on how the VCPU's are layed out in struct kvm. + * * Return a unique handle to the protected VM on success, * negative error code on failure. */ @@ -563,6 +573,12 @@ int __pkvm_init_shadow(struct kvm *kvm, int nr_vcpus = 0; int ret = 0; + /* Check that the donated memory is aligned to page boundaries. */ + if (!PAGE_ALIGNED(shadow_va) || + !PAGE_ALIGNED(shadow_size) || + !PAGE_ALIGNED(pgd)) + return -EINVAL; + kvm = kern_hyp_va(kvm); pgd = kern_hyp_va(pgd);