]> www.infradead.org Git - users/jedix/linux-maple.git/commit
projects / users / jedix / linux-maple.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: 3390b3c) | patch
KVM: arm64: Defer EL2 stage-1 mapping on share
authorQuentin Perret <qperret@google.com>
Wed, 16 Apr 2025 15:26:46 +0000 (15:26 +0000)
committerMarc Zyngier <maz@kernel.org>
Mon, 28 Apr 2025 08:23:46 +0000 (09:23 +0100)
commit48d848882395a6a42ff1bb685082c79791d4e753
treef2046a22327aead24e47ba3ff468dc0a4b23ecf7tree
parent3390b3cbb613bc0822854f5754437cd1d1b3d5d0commit | diff
KVM: arm64: Defer EL2 stage-1 mapping on share

We currently blindly map into EL2 stage-1 *any* page passed to the
__pkvm_host_share_hyp() HVC. This is less than ideal from a security
perspective as it makes exploitation of potential hypervisor gadgets
easier than it should be. But interestingly, pKVM should never need to
access SHARED_BORROWED pages that it hasn't previously pinned, so there
is no need to map the page before that.

Reviewed-by: Marc Zyngier <maz@kernel.org>
Signed-off-by: Quentin Perret <qperret@google.com>
Link: https://lore.kernel.org/r/20250416152648.2982950-7-qperret@google.com
Signed-off-by: Marc Zyngier <maz@kernel.org>
arch/arm64/kvm/hyp/nvhe/mem_protect.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.