[PATCH 5.15 251/917] KVM: arm64: Propagate errors from __pkvm_prot_finalize hypercall

From: Greg Kroah-Hartman
Date: Mon Nov 15 2021 - 20:02:04 EST

Next message: Greg Kroah-Hartman: "[PATCH 5.15 250/917] ath: dfs_pattern_detector: Fix possible null-pointer dereference in channel_detector_create()"
Previous message: Greg Kroah-Hartman: "[PATCH 5.15 253/917] iov_iter: Fix iov_iter_get_pages{,_alloc} page fault return value"
In reply to: Greg Kroah-Hartman: "[PATCH 5.15 253/917] iov_iter: Fix iov_iter_get_pages{,_alloc} page fault return value"
Next in thread: Greg Kroah-Hartman: "[PATCH 5.15 250/917] ath: dfs_pattern_detector: Fix possible null-pointer dereference in channel_detector_create()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Will Deacon <will@xxxxxxxxxx>

[ Upstream commit 2f2e1a5069679491d18cf9021da19b40c56a17f3 ]

If the __pkvm_prot_finalize hypercall returns an error, we WARN but fail
to propagate the failure code back to kvm_arch_init().

Pass a pointer to a zero-initialised return variable so that failure
to finalise the pKVM protections on a host CPU can be reported back to
KVM.

Cc: Marc Zyngier <maz@xxxxxxxxxx>
Cc: Quentin Perret <qperret@xxxxxxxxxx>
Signed-off-by: Will Deacon <will@xxxxxxxxxx>
Signed-off-by: Marc Zyngier <maz@xxxxxxxxxx>
Link: https://lore.kernel.org/r/20211008135839.1193-5-will@xxxxxxxxxx
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
---
arch/arm64/kvm/arm.c | 30 +++++++++++++++++++-----------
1 file changed, 19 insertions(+), 11 deletions(-)

diff --git a/arch/arm64/kvm/arm.c b/arch/arm64/kvm/arm.c
index fe102cd2e5183..9b328bb05596a 100644
--- a/arch/arm64/kvm/arm.c
+++ b/arch/arm64/kvm/arm.c
@@ -1971,9 +1971,25 @@ out_err:
return err;
}

-static void _kvm_host_prot_finalize(void *discard)
+static void _kvm_host_prot_finalize(void *arg)
{
- WARN_ON(kvm_call_hyp_nvhe(__pkvm_prot_finalize));
+ int *err = arg;
+
+ if (WARN_ON(kvm_call_hyp_nvhe(__pkvm_prot_finalize)))
+ WRITE_ONCE(*err, -EINVAL);
+}
+
+static int pkvm_drop_host_privileges(void)
+{
+ int ret = 0;
+
+ /*
+ * Flip the static key upfront as that may no longer be possible
+ * once the host stage 2 is installed.
+ */
+ static_branch_enable(&kvm_protected_mode_initialized);
+ on_each_cpu(_kvm_host_prot_finalize, &ret, 1);
+ return ret;
}

static int finalize_hyp_mode(void)
@@ -1987,15 +2003,7 @@ static int finalize_hyp_mode(void)
* None of other sections should ever be introspected.
*/
kmemleak_free_part(__hyp_bss_start, __hyp_bss_end - __hyp_bss_start);
-
- /*
- * Flip the static key upfront as that may no longer be possible
- * once the host stage 2 is installed.
- */
- static_branch_enable(&kvm_protected_mode_initialized);
- on_each_cpu(_kvm_host_prot_finalize, NULL, 1);
-
- return 0;
+ return pkvm_drop_host_privileges();
}

struct kvm_vcpu *kvm_mpidr_to_vcpu(struct kvm *kvm, unsigned long mpidr)
--
2.33.0

Next message: Greg Kroah-Hartman: "[PATCH 5.15 250/917] ath: dfs_pattern_detector: Fix possible null-pointer dereference in channel_detector_create()"
Previous message: Greg Kroah-Hartman: "[PATCH 5.15 253/917] iov_iter: Fix iov_iter_get_pages{,_alloc} page fault return value"
In reply to: Greg Kroah-Hartman: "[PATCH 5.15 253/917] iov_iter: Fix iov_iter_get_pages{,_alloc} page fault return value"
Next in thread: Greg Kroah-Hartman: "[PATCH 5.15 250/917] ath: dfs_pattern_detector: Fix possible null-pointer dereference in channel_detector_create()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]