FROMLIST: KVM: arm64: Prevent the donation of no-map pages
Memory regions marked as "no-map" in the host device-tree routinely include TrustZone carev-outs and DMA pools. Although donating such pages to the hypervisor may not breach confidentiality, it could be used to corrupt its state in uncontrollable ways. To prevent this, let's block host-initiated memory transitions targeting "no-map" pages altogether in nVHE protected mode as there should be no valid reason to do this in current operation. Thankfully, the pKVM EL2 hypervisor has a full copy of the host's list of memblock regions, so we can easily check for the presence of the MEMBLOCK_NOMAP flag on a region containing pages being donated from the host. Reviewed-by:Philippe Mathieu-Daudé <philmd@linaro.org> Tested-by:
Vincent Donnefort <vdonnefort@google.com> Signed-off-by:
Quentin Perret <qperret@google.com> Signed-off-by:
Will Deacon <will@kernel.org> Link: https://lore.kernel.org/r/20221020133827.5541-8-will@kernel.org Signed-off-by:
Will Deacon <willdeacon@google.com> Bug: 233587962 Change-Id: I21198f93a6d9c727b70c504ddd31345329eabb8f Signed-off-by:
Loading
Please sign in to comment