git.proxmox.com Git - mirror_ubuntu-kernels.git/commit

author	Fuad Tabba <tabba@google.com>
	Mon, 22 May 2023 10:32:58 +0000 (11:32 +0100)
committer	Stefan Bader <stefan.bader@canonical.com>
	Mon, 4 Sep 2023 09:10:34 +0000 (11:10 +0200)
commit	0a42be5927e776fd875d94add19b5e125bac9071
tree	8bf24ea6b57b1d37eae49f205d5076a49619a912	tree
parent	b30d03573109253b53d298696770c4e66444e0ea	commit \| diff

KVM: arm64: Reload PTE after invoking walker callback on preorder traversal

BugLink: https://bugs.launchpad.net/bugs/2029808
[ Upstream commit a9f0e3d5a089d0844abb679a5e99f15010d53e25 ]

The preorder callback on the kvm_pgtable_stage2_map() path can replace
a table with a block, then recursively free the detached table. The
higher-level walking logic stashes the old page table entry and
then walks the freed table, invoking the leaf callback and
potentially freeing pgtable pages prematurely.

In normal operation, the call to tear down the detached stage-2
is indirected and uses an RCU callback to trigger the freeing.
RCU is not available to pKVM, which is where this bug is
triggered.

Change the behavior of the walker to reload the page table entry
after invoking the walker callback on preorder traversal, as it
does for leaf entries.

Tested on Pixel 6.

Fixes: 5c359cca1faf ("KVM: arm64: Tear down unlinked stage-2 subtree after break-before-make")
Suggested-by: Oliver Upton <oliver.upton@linux.dev>
Signed-off-by: Fuad Tabba <tabba@google.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20230522103258.402272-1-tabba@google.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

arch/arm64/include/asm/kvm_pgtable.h		diff \| blob \| blame \| history
arch/arm64/kvm/hyp/pgtable.c		diff \| blob \| blame \| history