From patchwork Mon Jul 19 10:47:35 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Quentin Perret X-Patchwork-Id: 12385449 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.2 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_ADSP_CUSTOM_MED,DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 45FB4C07E9B for ; Mon, 19 Jul 2021 11:00:42 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 1196C600EF for ; Mon, 19 Jul 2021 11:00:42 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 1196C600EF Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:References: Mime-Version:Message-Id:In-Reply-To:Date:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=Xx9UIsbFUTITBWpVDGhqgwUYMQLAuDaswC/EJ3Az6po=; b=Oy+JlAgSaAB+GnW+eyoXtoHegq nT/yGC0IUw8sG9F3+QeQdRctyQfzh7QB+LHEski08Ddpu6o8zBZkHB5RjI5gXZTtzwct1mYOxjg70 uD5rXUsLKCfFAkS20YjeUYsfuAqlx0q7NJG23g+wQQmLgAD2r1pJkClSi2DRJT9fK63OCjD5ttLnT tF6nPfsa0lBaP3QqPh4llj9gLl+X1fa2GVPwUhvqPI/c+jBuk5rXg3TN3v+q7Tdq79vUfOoMRsBmT bEV+LekJ4H0PooDh01yXHjO4+0Zs9i2w3di/awgRHxztSy0x4VZv4nGYnrGdb4cmSJZvbXpl5hD4c INyv2B/w==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1m5Qxv-009OQg-Ti; Mon, 19 Jul 2021 10:57:40 +0000 Received: from mail-wr1-x449.google.com ([2a00:1450:4864:20::449]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1m5Qoo-009Ke8-TK for linux-arm-kernel@lists.infradead.org; Mon, 19 Jul 2021 10:48:16 +0000 Received: by mail-wr1-x449.google.com with SMTP id y15-20020a5d614f0000b029013cd60e9baaso8580607wrt.7 for ; Mon, 19 Jul 2021 03:48:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=xCrkHvgx5Vjp7sEk2L8Nl84wrwMoF/axMUKdY9pah24=; b=pDxR+oOIO361IE8JTpjXvK01glJPoXIl5CKZaNz+ZEfkmqJ2xvk3unbPd+7kb+OWda trEZrnZ3NzpP8uHCTZzYftalFdx/5wIdaoBQhrxNPVxgdiIghwpg+2wP8M3OPqfirjTd xnwKYQbjP84kmxrLM9ZxQ2L+sfZUek62Dy3owBDZGm0aQ2qax8dWHJG04y1UCCQkOeuM PcvsBY4gP2Eu0tIv5EGGfrTI+RlXVojwsHLkOMz6yutWmR06OxR8yq1klADXa4P0bQwV ool2uXbjJpW+F45cx8urCBsHAnKEob82EgvPFM7Eq5WwW85p/LaSm12Ccfkyebt5WyL7 ovvg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=xCrkHvgx5Vjp7sEk2L8Nl84wrwMoF/axMUKdY9pah24=; b=E38LnR47gG3sNS1JS+AzeHDUP5Cbj+k+cb7MzjGm5NTDQckFBaolMN4EhBl31dxWXZ YAsf+2kYEI/FIhCUDwnZyQ8JO6OHTQEPPPa07FObJtv8jKcE9r8olf8eyZEpwVzucdrq qKseq/QJdSsCB4P/uK3/qXw7bBUxP0/0MGGkUgSyPWnvaZnyi6YD0pj4/RgNupKNGlF3 a/zds61j73tjlG7WboTsZ1xSZrOqY/TBBZGrRGTfEH7wIvfKJ+6/98ofgZ6Az1GO+s4S yvbkYwioir5LdkEDOpgFVEKKaZzLo/JLKOEYxFjpuJUQ8XiLJK/Csx8PFbWw51AKa4WO +0rQ== X-Gm-Message-State: AOAM530fr85j8JL+gfOTctcznF7wbico1NYMmqJbbUquSayjBYLCKKT7 XSCMIlxUuY4GYMUws/JdalA0V8FNBNXY X-Google-Smtp-Source: ABdhPJyIruRnm597DeIoz+H4lQk2XaV0lp7fhRFMVmFaiZHZyDX1vs7MSEJSK9DYDl49AjGViAobxaMPEAN7 X-Received: from luke.lon.corp.google.com ([2a00:79e0:d:210:1a96:a43f:6c2e:bb5a]) (user=qperret job=sendgmr) by 2002:a1c:4c18:: with SMTP id z24mr32007850wmf.168.1626691692999; Mon, 19 Jul 2021 03:48:12 -0700 (PDT) Date: Mon, 19 Jul 2021 11:47:35 +0100 In-Reply-To: <20210719104735.3681732-1-qperret@google.com> Message-Id: <20210719104735.3681732-15-qperret@google.com> Mime-Version: 1.0 References: <20210719104735.3681732-1-qperret@google.com> X-Mailer: git-send-email 2.32.0.402.g57bb445576-goog Subject: [PATCH 14/14] KVM: arm64: Prevent late calls to __pkvm_create_private_mapping() From: Quentin Perret To: maz@kernel.org, james.morse@arm.com, alexandru.elisei@arm.com, suzuki.poulose@arm.com, catalin.marinas@arm.com, will@kernel.org Cc: linux-arm-kernel@lists.infradead.org, kvmarm@lists.cs.columbia.edu, linux-kernel@vger.kernel.org, ardb@kernel.org, qwandor@google.com, tabba@google.com, dbrazdil@google.com, kernel-team@android.com, Quentin Perret X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210719_034815_047629_361491FC X-CRM114-Status: GOOD ( 14.26 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org __pkvm_create_private_mapping() allows the host kernel to create arbitrary mappings the hypervisor's "private" range. However, this is only needed early on, and there should be no good reason for the host to need this past the point where the pkvm static is set. Make sure to stub the hypercall past this point to ensure it can't be used by a malicious host. Signed-off-by: Quentin Perret --- arch/arm64/kvm/hyp/nvhe/hyp-main.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/arch/arm64/kvm/hyp/nvhe/hyp-main.c b/arch/arm64/kvm/hyp/nvhe/hyp-main.c index f05ecbd382d0..e1d12f8122a7 100644 --- a/arch/arm64/kvm/hyp/nvhe/hyp-main.c +++ b/arch/arm64/kvm/hyp/nvhe/hyp-main.c @@ -154,7 +154,10 @@ static void handle___pkvm_create_private_mapping(struct kvm_cpu_context *host_ct DECLARE_REG(size_t, size, host_ctxt, 2); DECLARE_REG(enum kvm_pgtable_prot, prot, host_ctxt, 3); - cpu_reg(host_ctxt, 1) = __pkvm_create_private_mapping(phys, size, prot); + if (static_branch_unlikely(&kvm_protected_mode_initialized)) + cpu_reg(host_ctxt, 1) = -EPERM; + else + cpu_reg(host_ctxt, 1) = __pkvm_create_private_mapping(phys, size, prot); } static void handle___pkvm_prot_finalize(struct kvm_cpu_context *host_ctxt)