ANDROID: KVM: arm64: Force CMOs with FWB when reclaiming guest pages
__clean_dcache_guest_page() is optimized to elide cache maintenance operations on CPUs with FWB. The underlying assumption is that FWB is always used by KVM when available. Although correct in the normal KVM world, pKVM actively disables FWB for the host stage-2. As such, omitting CMOs when guest memory is being reclaimed may provide a malicious host with the ability to read the content of the recently reclaimed pages. Fix this by using the lower level kvm_flush_dcache_to_poc() helper directly from the reclaim path. Bug: 243501419 Reported-by:Will Deacon <willdeacon@google.com> Signed-off-by:
Quentin Perret <qperret@google.com> Change-Id: I8e96ef7a8ccab2a59d3df46cd4d1a73190a2f457
Loading
Please sign in to comment