lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <YhUxhEHNKlqip51u@lakrids>
Date:   Tue, 22 Feb 2022 18:55:00 +0000
From:   Mark Rutland <mark.rutland@....com>
To:     Kalesh Singh <kaleshsingh@...gle.com>
Cc:     will@...nel.org, maz@...nel.org, qperret@...gle.com,
        tabba@...gle.com, surenb@...gle.com, kernel-team@...roid.com,
        Catalin Marinas <catalin.marinas@....com>,
        James Morse <james.morse@....com>,
        Alexandru Elisei <alexandru.elisei@....com>,
        Suzuki K Poulose <suzuki.poulose@....com>,
        Ard Biesheuvel <ardb@...nel.org>,
        Pasha Tatashin <pasha.tatashin@...een.com>,
        Joey Gouly <joey.gouly@....com>,
        Peter Collingbourne <pcc@...gle.com>,
        Andrew Scull <ascull@...gle.com>,
        linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org,
        kvmarm@...ts.cs.columbia.edu
Subject: Re: [PATCH v2 4/9] KVM: arm64: Add guard pages for pKVM (protected
 nVHE) hypervisor stack

On Tue, Feb 22, 2022 at 08:51:05AM -0800, Kalesh Singh wrote:
> Maps the stack pages in the flexible private VA range and allocates
> guard pages below the stack as unbacked VA space. The stack is aligned
> to twice its size to aid overflow detection (implemented in a subsequent
> patch in the series).
> 
> Signed-off-by: Kalesh Singh <kaleshsingh@...gle.com>
> ---
>  arch/arm64/kvm/hyp/nvhe/setup.c | 25 +++++++++++++++++++++----
>  1 file changed, 21 insertions(+), 4 deletions(-)
> 
> diff --git a/arch/arm64/kvm/hyp/nvhe/setup.c b/arch/arm64/kvm/hyp/nvhe/setup.c
> index 27af337f9fea..69df21320b09 100644
> --- a/arch/arm64/kvm/hyp/nvhe/setup.c
> +++ b/arch/arm64/kvm/hyp/nvhe/setup.c
> @@ -105,11 +105,28 @@ static int recreate_hyp_mappings(phys_addr_t phys, unsigned long size,
>  		if (ret)
>  			return ret;
>  
> -		end = (void *)per_cpu_ptr(&kvm_init_params, i)->stack_hyp_va;
> +		/*
> +		 * Private mappings are allocated upwards from __io_map_base
> +		 * so allocate the guard page first then the stack.
> +		 */
> +		start = (void *)pkvm_alloc_private_va_range(PAGE_SIZE, PAGE_SIZE);
> +		if (IS_ERR_OR_NULL(start))
> +			return PTR_ERR(start);

As on a prior patch, this usage of PTR_ERR() pattern is wrong when the
ptr is NULL.

> +		/*
> +		 * The stack is aligned to twice its size to facilitate overflow
> +		 * detection.
> +		 */
> +		end = (void *)per_cpu_ptr(&kvm_init_params, i)->stack_pa;
>  		start = end - PAGE_SIZE;
> -		ret = pkvm_create_mappings(start, end, PAGE_HYP);
> -		if (ret)
> -			return ret;
> +		start = (void *)__pkvm_create_private_mapping((phys_addr_t)start,
> +					PAGE_SIZE, PAGE_SIZE * 2, PAGE_HYP);
> +		if (IS_ERR_OR_NULL(start))
> +			return PTR_ERR(start);

Likewise.

Thanks,
Mark.

> +		end = start + PAGE_SIZE;
> +
> +		/* Update stack_hyp_va to end of the stack's private VA range */
> +		per_cpu_ptr(&kvm_init_params, i)->stack_hyp_va = (unsigned long) end;
>  	}
>  
>  	/*
> -- 
> 2.35.1.473.g83b2b277ed-goog
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ