Re: [PATCH v9 3/6] KVM: arm64: Block cacheable PFNMAP mapping

From: David Hildenbrand
Date: Fri Jul 04 2025 - 10:11:09 EST

Next message: Breno Leitao: "Re: [PATCH net-next v2 6/7] netpoll: move Ethernet setup to push_eth() helper"
Previous message: David Hildenbrand: "Re: [PATCH v9 4/6] KVM: arm64: New function to determine hardware cache management support"
In reply to: Jason Gunthorpe: "Re: [PATCH v9 3/6] KVM: arm64: Block cacheable PFNMAP mapping"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 21.06.25 06:21, ankita@xxxxxxxxxx wrote:

From: Ankit Agrawal <ankita@xxxxxxxxxx>

Fixes a security bug due to mismatched attributes between S1 and
S2 mapping.

Currently, it is possible for a region to be cacheable in the userspace
VMA, but mapped non cached in S2. This creates a potential issue where
the VMM may sanitize cacheable memory across VMs using cacheable stores,
ensuring it is zeroed. However, if KVM subsequently assigns this memory
to a VM as uncached, the VM could end up accessing stale, non-zeroed data
from a previous VM, leading to unintended data exposure. This is a security
risk.

Block such mismatch attributes case by returning EINVAL when userspace
try to map PFNMAP cacheable. Only allow NORMAL_NC and DEVICE_*.

CC: Oliver Upton <oliver.upton@xxxxxxxxx>
CC: Catalin Marinas <catalin.marinas@xxxxxxx>
CC: Sean Christopherson <seanjc@xxxxxxxxxx>
Suggested-by: Jason Gunthorpe <jgg@xxxxxxxxxx>
Signed-off-by: Ankit Agrawal <ankita@xxxxxxxxxx>
---

Reviewed-by: David Hildenbrand <david@xxxxxxxxxx>

--
Cheers,

David / dhildenb

Next message: Breno Leitao: "Re: [PATCH net-next v2 6/7] netpoll: move Ethernet setup to push_eth() helper"
Previous message: David Hildenbrand: "Re: [PATCH v9 4/6] KVM: arm64: New function to determine hardware cache management support"
In reply to: Jason Gunthorpe: "Re: [PATCH v9 3/6] KVM: arm64: Block cacheable PFNMAP mapping"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]