From 5715f9497bab67c72ecc66bf4c0539868fd4bd55 Mon Sep 17 00:00:00 2001 From: Will Deacon Date: Wed, 23 Mar 2022 09:27:26 +0000 Subject: [PATCH] ANDROID: KVM: arm64: Invalidate TLB by VMID when tearing down the shadow VM When a shadow VM is torn down, its VMID can be reallocated as soon as the shadow table entry is cleared to NULL. Since tearing down the stage-2 page-table does not imply TLB invalidation, the TLB could still contain stale entries from the old VM and the new user of the VMID could end up seeing erroneous translations. Invalidate the TLB for the VMID of the VM being torn down prior to clearing its entry in the shadow table. Bug: 226312378 Signed-off-by: Will Deacon Change-Id: Ice44d030bf01a1b7612413ee32440f3f38cb3e4e --- arch/arm64/kvm/hyp/nvhe/pkvm.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/arm64/kvm/hyp/nvhe/pkvm.c b/arch/arm64/kvm/hyp/nvhe/pkvm.c index 6d1eeacc559b..6e32f6d7188d 100644 --- a/arch/arm64/kvm/hyp/nvhe/pkvm.c +++ b/arch/arm64/kvm/hyp/nvhe/pkvm.c @@ -678,6 +678,8 @@ int __pkvm_teardown_shadow(int shadow_handle) goto err_unlock; } + /* Ensure the VMID is clean before it can be reallocated */ + __kvm_tlb_flush_vmid(&vm->arch.mmu); remove_shadow_table(shadow_handle); hyp_spin_unlock(&shadow_lock);