| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250213161426.102987-32-steven.price@arm.com> Date: Thu, 13 Feb 2025 16:14:11 +0000 From: Steven Price <steven.price@....com> To: kvm@...r.kernel.org, kvmarm@...ts.linux.dev Cc: Steven Price <steven.price@....com>, Catalin Marinas <catalin.marinas@....com>, Marc Zyngier <maz@...nel.org>, Will Deacon <will@...nel.org>, James Morse <james.morse@....com>, Oliver Upton <oliver.upton@...ux.dev>, Suzuki K Poulose <suzuki.poulose@....com>, Zenghui Yu <yuzenghui@...wei.com>, linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org, Joey Gouly <joey.gouly@....com>, Alexandru Elisei <alexandru.elisei@....com>, Christoffer Dall <christoffer.dall@....com>, Fuad Tabba <tabba@...gle.com>, linux-coco@...ts.linux.dev, Ganapatrao Kulkarni <gankulkarni@...amperecomputing.com>, Gavin Shan <gshan@...hat.com>, Shanker Donthineni <sdonthineni@...dia.com>, Alper Gun <alpergun@...gle.com>, "Aneesh Kumar K . V" <aneesh.kumar@...nel.org> Subject: [PATCH v7 31/45] arm64: rme: Prevent Device mappings for Realms Physical device assignment is not yet supported by the RMM, so it doesn't make much sense to allow device mappings within the realm. Prevent them when the guest is a realm. Signed-off-by: Steven Price <steven.price@....com> --- Changes from v6: * Fix the check in user_mem_abort() to prevent all pages that are not guest_memfd() from being mapped into the protected half of the IPA. Changes from v5: * Also prevent accesses in user_mem_abort() --- arch/arm64/kvm/mmu.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/arch/arm64/kvm/mmu.c b/arch/arm64/kvm/mmu.c index 8c656a0ef4e9..a849ff66e584 100644 --- a/arch/arm64/kvm/mmu.c +++ b/arch/arm64/kvm/mmu.c @@ -1173,6 +1173,10 @@ int kvm_phys_addr_ioremap(struct kvm *kvm, phys_addr_t guest_ipa, if (is_protected_kvm_enabled()) return -EPERM; + /* We don't support mapping special pages into a Realm */ + if (kvm_is_realm(kvm)) + return -EPERM; + size += offset_in_page(guest_ipa); guest_ipa &= PAGE_MASK; @@ -1763,6 +1767,15 @@ static int user_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa, if (exec_fault && device) return -ENOEXEC; + /* + * For now we shouldn't be hitting protected addresses because they are + * handled in private_memslot_fault(). In the future this check may be + * relaxed to support e.g. protected devices. + */ + if (vcpu_is_rec(vcpu) && + kvm_gpa_from_fault(kvm, fault_ipa) == fault_ipa) + return -EINVAL; + /* * Potentially reduce shadow S2 permissions to match the guest's own * S2. For exec faults, we'd only reach this point if the guest -- 2.43.0
Powered by blists - more mailing lists