KVM: arm64: Fix rollback in hyp_trace_buffer_share_hyp()

When sharing the trace buffer with the hypervisor, if sharing a page
fails, the rollback path in hyp_trace_buffer_share_hyp() misses
unsharing the metadata page (meta_va) which was successfully shared
before entering the page sharing loop.

Additionally, if a failure occurs, the cleanup calls
hyp_trace_buffer_unshare_hyp() with an incorrect CPU index.  Since that
CPU's pages were already rolled back locally in the loop, this leads to
duplicate unsharing attempts.

Fix both issues affecting the rollback.

Fixes: 3aed038aac8d ("KVM: arm64: Add trace remote for the nVHE/pKVM hyp")
Reported-by: Sashiko <sashiko-bot@kernel.org>
Signed-off-by: Vincent Donnefort <vdonnefort@google.com>
Link: https://patch.msgid.link/20260521124613.911067-3-vdonnefort@google.com
Signed-off-by: Marc Zyngier <maz@kernel.org>

diff --git a/arch/arm64/kvm/hyp_trace.c b/arch/arm64/kvm/hyp_trace.c
index 06805b4261015ae88bf61de3362771572b000494..8595f9bdb3dcb9e30b6825f34e20559e25297a84 100644 (file)
--- a/arch/arm64/kvm/hyp_trace.c
+++ b/arch/arm64/kvm/hyp_trace.c
@@ -212,14 +212,15 @@ static int hyp_trace_buffer_share_hyp(struct hyp_trace_buffer *trace_buffer)
                }
 
                if (ret) {
-                       for (p--; p >= 0; p--)
+                       while (--p >= 0)
                                __unshare_page(rb_desc->page_va[p]);
+                       __unshare_page(rb_desc->meta_va);
                        break;
                }
        }
 
        if (ret)
-               hyp_trace_buffer_unshare_hyp(trace_buffer, cpu--);
+               hyp_trace_buffer_unshare_hyp(trace_buffer, --cpu);
 
        return ret;
 }