ANDROID: KVM: Enforce hyp requests alignment

Prevent the host from sharing an unaligned hypervisor request buffer to avoid spilling into the adjacent page. Bug: 436580278 Change-Id: I62283dba1d5907718dbf6d549817a94cc18fca19 Signed-off-by: Sebastian Ene <sebastianene@google.com>
2025-08-07 10:25:50 +00:00
parent 05c9d94160
commit e76cff4952
1 changed files with 8 additions and 1 deletions
@@ -670,11 +670,18 @@ static int init_pkvm_hyp_vcpu(struct pkvm_hyp_vcpu *hyp_vcpu,
 {
 	int ret = 0;
 	u32 mp_state;
+	struct kvm_hyp_req *hyp_reqs;

 	if (hyp_pin_shared_mem(host_vcpu, host_vcpu + 1))
 		return -EBUSY;

-	hyp_vcpu->vcpu.arch.hyp_reqs = kern_hyp_va(host_vcpu->arch.hyp_reqs);
+	hyp_reqs = READ_ONCE(host_vcpu->arch.hyp_reqs);
+	if (!PAGE_ALIGNED(hyp_reqs)) {
+		hyp_unpin_shared_mem(host_vcpu, host_vcpu + 1);
+		return -EINVAL;
+	}
+
+	hyp_vcpu->vcpu.arch.hyp_reqs = kern_hyp_va(hyp_reqs);
 	if (hyp_pin_shared_mem(hyp_vcpu->vcpu.arch.hyp_reqs,
 			       hyp_vcpu->vcpu.arch.hyp_reqs + 1)) {
 		hyp_unpin_shared_mem(host_vcpu, host_vcpu + 1);