ANDROID: KVM: arm64: Clear pvmfw pages on clean host shutdown

When the host shuts down cleanly under pKVM, it is EL2's responsibility to clear the pvmfw pages before forwarding the PSCI call onto EL3. Wipe the pvmfw pages on SYSTEM_OFF, SYSTEM_RESET and SYSTEM_RESET2 calls from the host, cleaning the zeroed memory to the PoC for good measure. Reported-by: Andrew Scull <ascull@google.com> Bug: 196204410 Signed-off-by: Will Deacon <willdeacon@google.com> Change-Id: I0dd2757e355f384813319034c6eed0fa2c2328c2
2026-06-08 20:07:46 +09:00 · 2022-02-24 14:46:45 +00:00
parent 346987baf5
commit 686d4dd0f9
3 changed files with 14 additions and 1 deletions
--- a/arch/arm64/kvm/hyp/include/nvhe/pkvm.h
+++ b/arch/arm64/kvm/hyp/include/nvhe/pkvm.h
@@ -99,5 +99,6 @@ static inline bool ipa_in_pvmfw_region(struct kvm_shadow_vm *vm, u64 ipa)

 int pkvm_load_pvmfw_pages(struct kvm_shadow_vm *vm, u64 ipa, phys_addr_t phys,
 			  u64 size);
+void pkvm_clear_pvmfw_pages(void);

 #endif /* __ARM64_KVM_NVHE_PKVM_H__ */
--- a/arch/arm64/kvm/hyp/nvhe/pkvm.c
+++ b/arch/arm64/kvm/hyp/nvhe/pkvm.c
@@ -712,6 +712,14 @@ int pkvm_load_pvmfw_pages(struct kvm_shadow_vm *vm, u64 ipa, phys_addr_t phys,
 	return 0;
 }

+void pkvm_clear_pvmfw_pages(void)
+{
+	void *addr = hyp_phys_to_virt(pvmfw_base);
+
+	memset(addr, 0, pvmfw_size);
+	kvm_flush_dcache_to_poc(addr, pvmfw_size);
+}
+
 /*
 * This function sets the registers on the vcpu to their architecturally defined
 * reset values.
--- a/arch/arm64/kvm/hyp/nvhe/psci-relay.c
+++ b/arch/arm64/kvm/hyp/nvhe/psci-relay.c
@@ -12,6 +12,7 @@
 #include <uapi/linux/psci.h>

 #include <nvhe/memory.h>
+#include <nvhe/pkvm.h>
 #include <nvhe/trap_handler.h>

 void kvm_hyp_cpu_entry(unsigned long r0);
@@ -249,6 +250,7 @@ static unsigned long psci_0_2_handler(u64 func_id, struct kvm_cpu_context *host_
 	 */
 	case PSCI_0_2_FN_SYSTEM_OFF:
 	case PSCI_0_2_FN_SYSTEM_RESET:
+		pkvm_clear_pvmfw_pages();
 		return psci_forward(host_ctxt);
 	case PSCI_0_2_FN64_CPU_SUSPEND:
 		return psci_cpu_suspend(func_id, host_ctxt);
@@ -262,9 +264,11 @@ static unsigned long psci_0_2_handler(u64 func_id, struct kvm_cpu_context *host_
 static unsigned long psci_1_0_handler(u64 func_id, struct kvm_cpu_context *host_ctxt)
 {
 	switch (func_id) {
+	case PSCI_1_1_FN64_SYSTEM_RESET2:
+		pkvm_clear_pvmfw_pages();
+		fallthrough;
 	case PSCI_1_0_FN_PSCI_FEATURES:
 	case PSCI_1_0_FN_SET_SUSPEND_MODE:
-	case PSCI_1_1_FN64_SYSTEM_RESET2:
 		return psci_forward(host_ctxt);
 	case PSCI_1_0_FN64_SYSTEM_SUSPEND:
 		return psci_system_suspend(func_id, host_ctxt);