KVM: arm64: Fix nVHE/pKVM hyp tracing error on invalid desc

pKVM must validate the host-provided tracing buffer descriptor.
However, if an error is found, the hypervisor would just return 0 to the
host. Fix the return value on validation failure.

While at it, rename the function to hyp_trace_desc_is_valid() and skip
validation for the nVHE mode as we trust host-provided data in that
case.

Signed-off-by: Vincent Donnefort <vdonnefort@google.com>
Fixes: 680a04c333fa ("KVM: arm64: Add tracing capability for the nVHE/pKVM hyp")
Link: https://lore.kernel.org/r/20260514162624.3477857-1-vdonnefort@google.com
Signed-off-by: Marc Zyngier <maz@kernel.org>

diff --git a/arch/arm64/kvm/hyp/nvhe/trace.c b/arch/arm64/kvm/hyp/nvhe/trace.c
index a6ca27b18e154879c0a4573a1b0fd6784a593ec9..e7e150ab265ff09e2fff1c1846dd5ffc7753c7f1 100644 (file)
--- a/arch/arm64/kvm/hyp/nvhe/trace.c
+++ b/arch/arm64/kvm/hyp/nvhe/trace.c
@@ -164,13 +164,16 @@ static int hyp_trace_buffer_load(struct hyp_trace_buffer *trace_buffer,
        return ret;
 }
 
-static bool hyp_trace_desc_validate(struct hyp_trace_desc *desc, size_t desc_size)
+static bool hyp_trace_desc_is_valid(struct hyp_trace_desc *desc, size_t desc_size)
 {
        struct ring_buffer_desc *rb_desc;
        unsigned int cpu;
        size_t nr_bpages;
        void *desc_end;
 
+       if (!is_protected_kvm_enabled())
+               return true;
+
        /*
         * Both desc_size and bpages_backing_size are untrusted host-provided
         * values. We rely on __pkvm_host_donate_hyp() to enforce their validity.
@@ -212,8 +215,10 @@ int __tracing_load(unsigned long desc_hva, size_t desc_size)
        if (ret)
                return ret;
 
-       if (!hyp_trace_desc_validate(desc, desc_size))
+       if (!hyp_trace_desc_is_valid(desc, desc_size)) {
+               ret = -EINVAL;
                goto err_release_desc;
+       }
 
        hyp_spin_lock(&trace_buffer.lock);