ANDROID: arm64: Call fixup_exception() within do_sea()

path_lookupat() is capable of safely reading unampped VAs. If an unmapped VA is read whilst the function is being called, the resulting page fault will get re-directed to __do_page_fault(), which will call fixup_exception() to handle the aforementioned unmapped VA read. Now, for an OS running in a VM, let's say that memory was still mapped at S1 but lent to another VM (i.e. unmapped at S2 for the given VM). The reading of an unmapped VA in path_lookupat() still needs to be handled. For hypervisors that inject an abort leading to a do_sea() call, call fixup_exception() from do_sea() if trace_android_vh_try_fixup_sea() indicates that we can do so. Bug: 320358381 Change-Id: I0aedcd954f08e3011b27524f9a7b038debbb246d Signed-off-by: Chris Goldsworthy <quic_cgoldswo@quicinc.com> (cherry picked from commit 752d489d16943abea0ca8213f85fb4b536efd7bc)
2024-02-05 20:55:12 -08:00
parent 333c956f8d
commit 57fa6d9435
3 changed files with 11 additions and 0 deletions
--- a/arch/arm64/mm/fault.c
+++ b/arch/arm64/mm/fault.c
@@ -790,6 +790,11 @@ static int do_sea(unsigned long far, unsigned long esr, struct pt_regs *regs)
 {
 	const struct fault_info *inf;
 	unsigned long siaddr;
+	bool can_fixup = false;
+
+	trace_android_vh_try_fixup_sea(far, esr, regs, &can_fixup);
+	if (can_fixup && fixup_exception(regs))
+		return 0;

 	inf = esr_to_fault_info(esr);

--- a/drivers/android/vendor_hooks.c
+++ b/drivers/android/vendor_hooks.c
@@ -168,6 +168,7 @@ EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_aes_expandkey);
 EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_aes_encrypt);
 EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_aes_decrypt);
 EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_should_fault_around);
+EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_try_fixup_sea);
 EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_mem_cgroup_free);
 EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_mem_cgroup_alloc);
 EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_cma_alloc_bypass);
--- a/include/trace/hooks/fault.h
+++ b/include/trace/hooks/fault.h
@@ -22,6 +22,11 @@ DECLARE_RESTRICTED_HOOK(android_rvh_do_sp_pc_abort,
 	TP_ARGS(addr, esr, regs),
 	TP_CONDITION(!user_mode(regs)));

+DECLARE_HOOK(android_vh_try_fixup_sea,
+	TP_PROTO(unsigned long addr, unsigned long esr, struct pt_regs *regs,
+		 bool *can_fixup),
+	TP_ARGS(addr, esr, regs, can_fixup));
+
 #endif /* _TRACE_HOOK_FAULT_H */
 /* This part must be outside protection */
 #include <trace/define_trace.h>