Received: by 2002:a05:6a11:4021:0:0:0:0 with SMTP id ky33csp223982pxb; Mon, 13 Sep 2021 17:36:44 -0700 (PDT) X-Google-Smtp-Source: ABdhPJy22pTtIjg8XY2hgbQBq7RO9Ipvu/j0vt4OJ3vWBYKn5W2NaCrPJaZg2NNe0K0FkCYzwp/7 X-Received: by 2002:a17:906:c1da:: with SMTP id bw26mr15907535ejb.253.1631579804597; Mon, 13 Sep 2021 17:36:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1631579804; cv=none; d=google.com; s=arc-20160816; b=z6kZzWoBLb1g6d3bABrqbT3PRGyGGeLefOELg7vhsNPWqrMbfksmTJ9CpoLHxvxK+I eoYqWaq6l2Qxq8zVfGUksmpquCGPwTBzx5Xp4P0kW6VAIGSG4ooJh7c2BD4k63OZ5CVI gOIwg7kr7zM/4lNITAc7JMubaRM7okAtE2VDXJZjG57LF6H0/wYmnhxD30HeM1YGZyNm OZ96wDQAlyT75DHaiW2ztTB7dUuJEQTBfIMcGEQe9ob45nzKbkk2ROGJwMvO+iSKfmHO ULyBcTXY1ADxU4C24qDdnGYQN53NChyg+b8ynkIiLYtXC971h+ujrI8DUtWgZd0qnvUT HfPA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=rnAYdUePhaTFoPpalkJJ+Z+AatwrQBLdr1fnkwbp9LE=; b=int8MGU8pDoXzpeF2S8F8RnStoJJLV9nMmmeBn0Cq5mJfzLvC/hnEtDCHd1EBbaLr8 Hu8IVv4ZDQEHUgGFm8lPmPVDZqCr6dxjOfzlwzw0+CRTY1pi73kD9ZG5l4iA3jTpC5SU bIcyrlcLgXhfDm3Lod3HOHZ4psKEB5KQZaFbsw88NqwmMPXPWH4Mc6lLWq4SXfTlEI7+ tKxYeQibAAMz3o84M9FF8Jl2E4AI8IT7lN6CMc1eTQCAgfoDiRZP5WiJlWXF1WB0DVJP 9SF/uHljXTXgdD+Zo70oEB63F9z0m5B/+W05kJrUKbnQLxr/HOtunLS1tQzp96iLg89D lr/Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=uK+izeUq; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id b25si9326896edn.132.2021.09.13.17.36.20; Mon, 13 Sep 2021 17:36:44 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=uK+izeUq; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344852AbhIMOu3 (ORCPT + 99 others); Mon, 13 Sep 2021 10:50:29 -0400 Received: from mail.kernel.org ([198.145.29.99]:60444 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344647AbhIMOpQ (ORCPT ); Mon, 13 Sep 2021 10:45:16 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 0BB7663225; Mon, 13 Sep 2021 13:58:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1631541486; bh=LutDRff0aD9e1FFhOZ0SBAGlxCTHiB/d0aPEr85B8jk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=uK+izeUq45NhgbBTAVgaoxM2TyZ5lSsVKH/eet5Ztp5Hom4rJ0LuPGOaiyHp+0oxE LqKqJ9fxmjSozB1SaCkNJPggpOjjIPwS93nXdtaR8DpYkzaDz4Rktwp7jwoGxXWlEh c2rIOtxFlfij/UH77JmjNVMK2Tusuz9cn550C2o4= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Quentin Perret , Catalin Marinas , Marc Zyngier Subject: [PATCH 5.14 317/334] KVM: arm64: Unregister HYP sections from kmemleak in protected mode Date: Mon, 13 Sep 2021 15:16:11 +0200 Message-Id: <20210913131124.149730853@linuxfoundation.org> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20210913131113.390368911@linuxfoundation.org> References: <20210913131113.390368911@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Marc Zyngier commit 47e6223c841e029bfc23c3ce594dac5525cebaf8 upstream. Booting a KVM host in protected mode with kmemleak quickly results in a pretty bad crash, as kmemleak doesn't know that the HYP sections have been taken away. This is specially true for the BSS section, which is part of the kernel BSS section and registered at boot time by kmemleak itself. Unregister the HYP part of the BSS before making that section HYP-private. The rest of the HYP-specific data is obtained via the page allocator or lives in other sections, none of which is subjected to kmemleak. Fixes: 90134ac9cabb ("KVM: arm64: Protect the .hyp sections from the host") Reviewed-by: Quentin Perret Reviewed-by: Catalin Marinas Signed-off-by: Marc Zyngier Cc: stable@vger.kernel.org # 5.13 Link: https://lore.kernel.org/r/20210802123830.2195174-3-maz@kernel.org Signed-off-by: Greg Kroah-Hartman --- arch/arm64/kvm/arm.c | 7 +++++++ 1 file changed, 7 insertions(+) --- a/arch/arm64/kvm/arm.c +++ b/arch/arm64/kvm/arm.c @@ -15,6 +15,7 @@ #include #include #include +#include #include #include #include @@ -1986,6 +1987,12 @@ static int finalize_hyp_mode(void) if (ret) return ret; + /* + * Exclude HYP BSS from kmemleak so that it doesn't get peeked + * at, which would end badly once the section is inaccessible. + * None of other sections should ever be introspected. + */ + kmemleak_free_part(__hyp_bss_start, __hyp_bss_end - __hyp_bss_start); ret = pkvm_mark_hyp_section(__hyp_bss); if (ret) return ret;