Commit d6c7f865 authored Jul 17, 2016 by Marc Zyngier

KVM: arm64: vgic-its: Fix L2 entry validation for indirect tables



When checking that the storage address of a device entry is valid,
it is critical to compute the actual address of the entry, rather
than relying on the beginning of the page to match a CPU page of
the same size: for example, if the guest places the table at the
last 64kB boundary of RAM, but RAM size isn't a multiple of 64kB...

Fix this by computing the actual offset of the device ID in the
L2 page, and check the corresponding GFN.

Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>

parent 333a53ff

virt/kvm/arm/vgic/vgic-its.c

+6 −1

Original line number	Diff line number	Diff line
		@@ -727,7 +727,12 @@ static bool vgic_its_check_device_id(struct kvm kvm, struct vgic_its its,
		* Any address beyond our supported 48 bits of PA will be caught
		* by the actual check in the final step.
		*/
		gfn = (indirect_ptr & GENMASK_ULL(51, 16)) >> PAGE_SHIFT;
		indirect_ptr &= GENMASK_ULL(51, 16);

		/* Find the address of the actual entry */
		index = device_id % (SZ_64K / GITS_BASER_ENTRY_SIZE(r));
		indirect_ptr += index * GITS_BASER_ENTRY_SIZE(r);
		gfn = indirect_ptr >> PAGE_SHIFT;

		return kvm_is_visible_gfn(kvm, gfn);
		}