KVM/arm64 fixes for 7.1, take #3

- Fix ITS EventID sanitisation when restoring an interrupt translation table. - Fix PPI memory leak when failing to initialise a vcpu. - Correctly return an error when the validation of a hypervisor trace descriptor fails, and limit this validation to protected mode only. -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEn9UcU+C1Yxj9lZw9I9DQutE9ekMFAmoNX+sACgkQI9DQutE9 ekMvcg//aWuZZ8eCJ/52EX8/R8dkHXmVgqff1rVFDJPG4TiqCT7NUkFqnAv9Wvf1 DdQnUukMclLcbtNDVqv0AWNYDaXZFG5AQOEOyKjy3Ulk3ItykUzmnTvaIFBZkmMS YCPsfYRHIIVg84GHKf4a2o0IneOjO6zJQyR0P1NbUIHC+wWtWgLb7ttRtlWO22PC vNiJVyOak7Y332TghKWdrrXMRvcoh6gqkzERSTorq848H9O3q3SfO9gqX0dg+vFH gqK6J0TEVFsRo3y0q507CDkpFOBDwvAtuiAUAr8/kb8Jjj6XWP1Farh3Bh1/6lwu tMjWO9jTQnp5NHZbcjSMqD8OVDIwvnuw8SxnMHz+67qusRLOMBpNQPtVcltr65xG vte6X5GbEmrzt6Du0j+dudb+RNIZ05fNU3jDVHJ/h7XVuq9iEV7frdJFjDMUDq5U Vtp70SkhhbjcqiaYKJwCvgi1GlfPGj2NUkVwAptV7mDc5PFRnjOWaKkgg59wWi+z 1fBQfR2Pr5yOsqS0Dl+3rOotnvg/R5XqdNjPoV14fHeymEH7Pwx69NW29Y42IHw9 eh8kicQTaCBH1ih8L+aSLksIqov4kpoHecnP4Qk5jkKjXTL04TeV84yt72ZOYOuc hkeSBjZXlVxoELYM4zf0HkQdD9e/YFVoWShqqxq1PRkWaWlHEfU= =ZZ/v -----END PGP SIGNATURE----- Merge tag 'kvmarm-fixes-7.1-3' of git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm into HEAD KVM/arm64 fixes for 7.1, take #3 - Fix ITS EventID sanitisation when restoring an interrupt translation table. - Fix PPI memory leak when failing to initialise a vcpu. - Correctly return an error when the validation of a hypervisor trace descriptor fails, and limit this validation to protected mode only.
2026-05-27 00:22:00 +02:00 · 2026-05-23 10:03:10 +02:00 · 2026-05-23 10:03:10 +02:00 · e23844b2dd
commit e23844b2dd
parent 5200f5f493 1702da76e0
3 changed files with 14 additions and 3 deletions
--- a/arch/arm64/kvm/arm.c
+++ b/arch/arm64/kvm/arm.c
@ -555,8 +555,10 @@ int kvm_arch_vcpu_create(struct kvm_vcpu *vcpu)
 	kvm_destroy_mpidr_data(vcpu->kvm);

 	err = kvm_vgic_vcpu_init(vcpu);
-	if (err)
+	if (err) {
+		kvm_vgic_vcpu_destroy(vcpu);
 		return err;
+	}

 	err = kvm_share_hyp(vcpu, vcpu + 1);
 	if (err)
--- a/arch/arm64/kvm/hyp/nvhe/trace.c
+++ b/arch/arm64/kvm/hyp/nvhe/trace.c
@ -164,13 +164,16 @@ static int hyp_trace_buffer_load(struct hyp_trace_buffer *trace_buffer,
 	return ret;
 }

-static bool hyp_trace_desc_validate(struct hyp_trace_desc *desc, size_t desc_size)
+static bool hyp_trace_desc_is_valid(struct hyp_trace_desc *desc, size_t desc_size)
 {
 	struct ring_buffer_desc *rb_desc;
 	unsigned int cpu;
 	size_t nr_bpages;
 	void *desc_end;

+	if (!is_protected_kvm_enabled())
+		return true;
+
 	/*
 	 * Both desc_size and bpages_backing_size are untrusted host-provided
 	 * values. We rely on __pkvm_host_donate_hyp() to enforce their validity.
@ -212,8 +215,10 @@ int __tracing_load(unsigned long desc_hva, size_t desc_size)
 	if (ret)
 		return ret;

-	if (!hyp_trace_desc_validate(desc, desc_size))
+	if (!hyp_trace_desc_is_valid(desc, desc_size)) {
+		ret = -EINVAL;
 		goto err_release_desc;
+	}

 	hyp_spin_lock(&trace_buffer.lock);

--- a/arch/arm64/kvm/vgic/vgic-its.c
+++ b/arch/arm64/kvm/vgic/vgic-its.c
@ -2307,6 +2307,10 @@ static int vgic_its_restore_dte(struct vgic_its *its, u32 id,
 	/* dte entry is valid */
 	offset = (entry & KVM_ITS_DTE_NEXT_MASK) >> KVM_ITS_DTE_NEXT_SHIFT;

+	/* Mimic the MAPD behaviour and reject invalid EID bits. */
+	if (num_eventid_bits > VITS_TYPER_IDBITS)
+		return -EINVAL;
+
 	if (!vgic_its_check_id(its, baser, id, NULL))
 		return -EINVAL;