From: Quentin Perret <qperret@google.com>
Date: Tue, 5 Oct 2021 09:01:42 +0000 (+0100)
Subject: KVM: arm64: Report corrupted refcount at EL2
X-Git-Tag: v5.15~2^2~6^2~1
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7615c2a514788559c6684234b8fc27f3a843c2c6;p=thirdparty%2Flinux.git

KVM: arm64: Report corrupted refcount at EL2

Some of the refcount manipulation helpers used at EL2 are instrumented
to catch a corrupted state, but not all of them are treated equally. Let's
make things more consistent by instrumenting hyp_page_ref_dec_and_test()
as well.

Acked-by: Will Deacon <will@kernel.org>
Suggested-by: Will Deacon <will@kernel.org>
Signed-off-by: Quentin Perret <qperret@google.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20211005090155.734578-6-qperret@google.com
---

diff --git a/arch/arm64/kvm/hyp/nvhe/page_alloc.c b/arch/arm64/kvm/hyp/nvhe/page_alloc.c
index a6e874e61a40e..0bd7701ad1df5 100644
--- a/arch/arm64/kvm/hyp/nvhe/page_alloc.c
+++ b/arch/arm64/kvm/hyp/nvhe/page_alloc.c
@@ -152,6 +152,7 @@ static inline void hyp_page_ref_inc(struct hyp_page *p)
 
 static inline int hyp_page_ref_dec_and_test(struct hyp_page *p)
 {
+	BUG_ON(!p->refcount);
 	p->refcount--;
 	return (p->refcount == 0);
 }