From patchwork Fri Jul 8 21:21:05 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Collingbourne X-Patchwork-Id: 12911896 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 12704C433EF for ; Fri, 8 Jul 2022 21:22:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:References: Mime-Version:Message-Id:In-Reply-To:Date:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=bSOmj04/TyEm5P8/gOy/z0pJkx2hPIGS5acD0G8nnyI=; b=b81IIxcPjT7tp/U2ogt67a54SS Y+xpOWwzbhXeR5a5UpaOxyJ0o01/N6VXZcOPhpbEtKDYkaC/ql/z1cX8DFf+shRCsuBHcj/Lq/6ua EoGIQzGA3HYPFX8CVEW73JlBthuOaeEYI/qHAQqFUiRUZBX3ebKQWs8Tp6Lhmr9tUak/fyXgQFk48 t2XlszhI7iRXiILadmD3DczM7FfvW3OacmOP4U8gRQ/7roG+AYx6cu4zxSxFdFm2cbIRnrLj8jjrG ETomGWLdLhMKywk3jFJ97r43OHBAlaIqKYIF4NMSoShpuW+KEKFvPRHKVc2u1eJn4Ya2Q/MVvzMRc wqOYekkQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1o9vPw-0060kG-1c; Fri, 08 Jul 2022 21:21:40 +0000 Received: from mail-yb1-xb4a.google.com ([2607:f8b0:4864:20::b4a]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1o9vPe-0060fh-LN for linux-arm-kernel@lists.infradead.org; Fri, 08 Jul 2022 21:21:24 +0000 Received: by mail-yb1-xb4a.google.com with SMTP id k18-20020a25fe12000000b0066e21b72767so13819817ybe.5 for ; Fri, 08 Jul 2022 14:21:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=d06KtJGM9Urh+hEma1oe+1DCWv79kZEo+4GAAOkgM9k=; b=oQDT6Wq7kEbhP3BM0f12sQqelVDyuIBAdNcbuWk1GGVjjUSN1gd5aAKSBazbYqFS4K +arOzs7jC2zDxprNY10dM8KLjkEYfomASm4epKLHtGTSor91ZAwLYfV5t0WmZjdt/Z4O vACDN7b5l6kICT11HPPKfdfBk2O8d9ITJsAyLdFuTFiEQLLoDPCM58N3u6CiOZzQvKSH s3gAaUaVxHr/Co94+2LthvqvFUXhIY9DH6eoOuoA2qViPNkh72I32WcBfGyOYgoqiBMM 80/uUyzDRSTU4pwtkVhUeJAn3GLyj0tD++8Zd2IcqMvG6kcz0FDO8avyiv4s16nl/HHr wu9A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=d06KtJGM9Urh+hEma1oe+1DCWv79kZEo+4GAAOkgM9k=; b=ycZIRY7oEw+Kt3OziT2x5h3rs4ekCKdyXQa7oU8+lFu8PddQcqlkk5ff+GCJPGTLNG qwVqRi+pibkKN7vcgVmU5mtssYQmgKmT+pta232ur4HVBfEIhDtZRPx06eeN8cK5oChR H4Klu8O5kFmHvmIkJpiOCg6GwZM6buAC0k0OIMXZO4zlaxck2z1PMcokZR/ztJEDaByr ySa+tuNtTIg3n9cd18LqUEnhw07CRIL3bsaZ/hqkhn5Axnkn84BxEYsjaDltA27EOH5+ f1/a4RjSFcEe/WpIb2ymeh5122AGhy3A4VBZYthF8Ns5jUpf7y4NkL0m4/5eJSzCL8x9 LKYw== X-Gm-Message-State: AJIora9QvjGP9qoQTUFqWf32NHUsByi+542sgOpvWN7bH8yPljOVZTms +b1Ap4SmVWoa9OnFZGkmEJu5oZ8= X-Google-Smtp-Source: AGRyM1vfmvu7rG+koN3KOKJWw2zBTYS3L0eEAox4rXFwqECYm1TTG82R1SDiGf/lpsF8NErbOex4Qe4= X-Received: from pcc-desktop.svl.corp.google.com ([2620:15c:2ce:200:ff27:d65:6bb8:b084]) (user=pcc job=sendgmr) by 2002:a25:6b0b:0:b0:66e:445a:17bb with SMTP id g11-20020a256b0b000000b0066e445a17bbmr5638981ybc.147.1657315278964; Fri, 08 Jul 2022 14:21:18 -0700 (PDT) Date: Fri, 8 Jul 2022 14:21:05 -0700 In-Reply-To: <20220708212106.325260-1-pcc@google.com> Message-Id: <20220708212106.325260-3-pcc@google.com> Mime-Version: 1.0 References: <20220708212106.325260-1-pcc@google.com> X-Mailer: git-send-email 2.37.0.144.g8ac04bfd2-goog Subject: [PATCH v2 2/3] KVM: arm64: disown unused reserved-memory regions From: Peter Collingbourne To: kvmarm@lists.cs.columbia.edu Cc: Peter Collingbourne , Marc Zyngier , kvm@vger.kernel.org, Andy Lutomirski , linux-arm-kernel@lists.infradead.org, Michael Roth , Catalin Marinas , Chao Peng , Will Deacon , Evgenii Stepanov X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220708_142122_725247_90364871 X-CRM114-Status: GOOD ( 15.78 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org The meaning of no-map on a reserved-memory node is as follows: Indicates the operating system must not create a virtual mapping of the region as part of its standard mapping of system memory, nor permit speculative access to it under any circumstances other than under the control of the device driver using the region. If there is no compatible property, there is no device driver, so the host kernel has no business accessing the reserved-memory region. Since these regions may represent a route through which the host kernel can gain additional privileges, disown any such memory regions before deprivileging ourselves. Signed-off-by: Peter Collingbourne --- arch/arm64/kvm/arm.c | 46 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) diff --git a/arch/arm64/kvm/arm.c b/arch/arm64/kvm/arm.c index c1fc4ef82f93..91ca128e7daa 100644 --- a/arch/arm64/kvm/arm.c +++ b/arch/arm64/kvm/arm.c @@ -4,6 +4,7 @@ * Author: Christoffer Dall */ +#include #include #include #include @@ -12,6 +13,7 @@ #include #include #include +#include #include #include #include @@ -1913,6 +1915,48 @@ static bool init_psci_relay(void) return true; } +static void disown_reserved_memory(struct device_node *node) +{ + int addr_cells = of_n_addr_cells(node); + int size_cells = of_n_size_cells(node); + const __be32 *reg, *end; + int len; + + reg = of_get_property(node, "reg", &len); + if (len % (4 * (addr_cells + size_cells))) + return; + + end = reg + (len / 4); + while (reg != end) { + u64 addr, size; + + addr = of_read_number(reg, addr_cells); + reg += addr_cells; + size = of_read_number(reg, size_cells); + reg += size_cells; + + kvm_call_hyp_nvhe(__pkvm_disown_pages, addr, size); + } +} + +static void kvm_reserved_memory_init(void) +{ + struct device_node *parent, *node; + + if (!acpi_disabled || !is_protected_kvm_enabled()) + return; + + parent = of_find_node_by_path("/reserved-memory"); + if (!parent) + return; + + for_each_child_of_node(parent, node) { + if (!of_get_property(node, "compatible", NULL) && + of_get_property(node, "no-map", NULL)) + disown_reserved_memory(node); + } +} + static int init_subsystems(void) { int err = 0; @@ -1953,6 +1997,8 @@ static int init_subsystems(void) kvm_register_perf_callbacks(NULL); + kvm_reserved_memory_init(); + out: if (err || !is_protected_kvm_enabled()) on_each_cpu(_kvm_arch_hardware_disable, NULL, 1);