From b03ce007f96c02e531adcc930562cab0b057cbdc Mon Sep 17 00:00:00 2001
From: David Brazdil <dbrazdil@google.com>
Date: Wed, 13 Oct 2021 16:17:09 +0100
Subject: [PATCH] ANDROID: KVM: arm64: Unmap S2MPU MMIO regions in MPT

Host stage-2 is used for bookkeeping of ownership of physical pages, but
only for memory and not MMIO. Page tables covering device memory are
created on demand. That is in contrast to the S2MPU MPTs, which are
never discarded and cover the entire physical address space.

The S2MPU MPT should therefore unmap MMIO regions which the host should
not have access to. Currently those are only the S2MPU MMIO registers
themselves.

Test: builds, boots
Bug: 190463801
Signed-off-by: David Brazdil <dbrazdil@google.com>
Change-Id: I85af31d5337459c4877eb90b1c5a2d94f94ab890
---
 arch/arm64/kvm/hyp/nvhe/iommu/s2mpu.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/arch/arm64/kvm/hyp/nvhe/iommu/s2mpu.c b/arch/arm64/kvm/hyp/nvhe/iommu/s2mpu.c
index 7a735cdca80b..bbe4490b7173 100644
--- a/arch/arm64/kvm/hyp/nvhe/iommu/s2mpu.c
+++ b/arch/arm64/kvm/hyp/nvhe/iommu/s2mpu.c
@@ -14,6 +14,7 @@
 #include <linux/arm-smccc.h>
 
 #include <nvhe/memory.h>
+#include <nvhe/mem_protect.h>
 #include <nvhe/mm.h>
 #include <nvhe/spinlock.h>
 #include <nvhe/trap_handler.h>
@@ -359,6 +360,11 @@ static int s2mpu_init(void)
 	 */
 	for_each_powered_s2mpu(dev)
 		initialize_with_mpt(dev, &kvm_hyp_host_mpt);
+
+	/* Prevent DMA to the S2MPU MMIO regions. */
+	for_each_s2mpu(dev)
+		s2mpu_host_stage2_set_owner(dev->pa, S2MPU_MMIO_SIZE, pkvm_hyp_id);
+
 	return 0;
 }