pvmfw: Detect pvmfw overlap before REQUEST_MMIO
As pKVM maps (stage-2) any MMIO region that pvmfw passes in the
REQUEST_MMIO HVC, a malicious host could set up VFIO+KVM to map physical
pages of MMIO in pvmfw's address space. As long as pvmfw hasn't (yet)
touched those pages, they will be mapped by the hyp and then accessed
unintentionally by pvmfw in place of the expected memory pages (e.g. for
.text, .rodata, the appended config data, the stack, the payload, ...).
Bug: 316862665
Test: atest libpvmfw.device_assignment.test
Change-Id: I1dd2c16f3e5e407b14bfbf8b8481b43fbb059d1f
diff --git a/pvmfw/Android.bp b/pvmfw/Android.bp
index 6a6d199..cce0e73 100644
--- a/pvmfw/Android.bp
+++ b/pvmfw/Android.bp
@@ -83,6 +83,7 @@
":test_pvmfw_devices_vm_dtbo",
":test_pvmfw_devices_vm_dtbo_without_symbols",
":test_pvmfw_devices_vm_dtbo_with_duplicated_iommus",
+ ":test_pvmfw_devices_overlapping_pvmfw",
":test_pvmfw_devices_with_rng",
":test_pvmfw_devices_with_multiple_devices_iommus",
":test_pvmfw_devices_with_iommu_sharing",
@@ -142,6 +143,13 @@
}
genrule {
+ name: "test_pvmfw_devices_overlapping_pvmfw",
+ defaults: ["test_device_assignment_dts_to_dtb"],
+ srcs: ["testdata/test_pvmfw_devices_overlapping_pvmfw.dts"],
+ out: ["test_pvmfw_devices_overlapping_pvmfw.dtb"],
+}
+
+genrule {
name: "test_pvmfw_devices_with_rng",
defaults: ["test_device_assignment_dts_to_dtb"],
srcs: ["testdata/test_pvmfw_devices_with_rng.dts"],