ANDROID: KVM: arm64: Addr sanity check for pKVM HVC registration

Use the assert_in_mod_range() to validate the registered callback is
part of a module VA space. This feature requires CONFIG_NVHE_EL2_DEBUG.

Bug: 278749606
Bug: 269245057
Change-Id: I4c4d60ac77882fc2d36c3c73b096f4ba9afb83e5
Signed-off-by: Vincent Donnefort <[email protected]>

Author: vdonnefort

arch/arm64/kvm/hyp/include/nvhe/mm.h

@@ -35,4 +35,9 @@ void pkvm_remove_mappings(void *from, void *to);
 int __pkvm_map_module_page(u64 pfn, void *va, enum kvm_pgtable_prot prot);
 void __pkvm_unmap_module_page(u64 pfn, void *va);
 void *__pkvm_alloc_module_va(u64 nr_pages);
+#ifdef CONFIG_NVHE_EL2_DEBUG
+void assert_in_mod_range(unsigned long addr);
+#else
+static inline void assert_in_mod_range(unsigned long addr) { }
+#endif /* CONFIG_NVHE_EL2_DEBUG */
 #endif /* __KVM_HYP_MM_H */

arch/arm64/kvm/hyp/nvhe/mm.c

@@ -124,7 +124,7 @@ static void update_mod_range(unsigned long addr, size_t size)
 	hyp_spin_unlock(&mod_range_lock);
 }
 
-static void assert_in_mod_range(unsigned long addr)
+void assert_in_mod_range(unsigned long addr)
 {
 	/*
 	 * This is not entirely watertight if there are private range
@@ -137,7 +137,6 @@ static void assert_in_mod_range(unsigned long addr)
 }
 #else
 static inline void update_mod_range(unsigned long addr, size_t size) { }
-static inline void assert_in_mod_range(unsigned long addr) { }
 #endif
 
 void *__pkvm_alloc_module_va(u64 nr_pages)

arch/arm64/kvm/hyp/nvhe/modules.c

@@ -171,6 +171,8 @@ int __pkvm_register_hcall(unsigned long hvn_hyp_va)
 	dyn_hcall_t hfn = (void *)hvn_hyp_va;
 	int reserved_id, ret;
 
+	assert_in_mod_range(hvn_hyp_va);
+
 	hyp_spin_lock(&dyn_hcall_lock);
 
 	reserved_id = atomic_read(&num_dynamic_hcalls);