[PATCH] KVM: arm64: Harden clock for nvhe/pKVM
Vincent Donnefort
vdonnefort at google.com
Wed May 6 08:03:43 PDT 2026
On Thu, Apr 30, 2026 at 10:37:24AM +0000, Mostafa Saleh wrote:
> Sashiko(locally) reports possiblity of division by zero and
> out-of-bounds bitwise shift in trace_clock_update().
>
> Although the clock update is untrusted, we should at least have some
> basic checks to avoid the clock value getting out of sync if the host
> is buggy.
I am not sure about the gain here. The host can still write values that will
make it out of sync anyway.
The timestamp is ultimately fed and read by the host.
>
> Signed-off-by: Mostafa Saleh <smostafa at google.com>
> ---
> arch/arm64/kvm/hyp/nvhe/clock.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/arch/arm64/kvm/hyp/nvhe/clock.c b/arch/arm64/kvm/hyp/nvhe/clock.c
> index 32fc4313fe43..a7fc61976fd0 100644
> --- a/arch/arm64/kvm/hyp/nvhe/clock.c
> +++ b/arch/arm64/kvm/hyp/nvhe/clock.c
> @@ -35,6 +35,9 @@ void trace_clock_update(u32 mult, u32 shift, u64 epoch_ns, u64 epoch_cyc)
> struct clock_data *clock = &trace_clock_data;
> u64 bank = clock->cur ^ 1;
>
> + if (!mult || shift >= 64)
> + return;
> +
> clock->data[bank].mult = mult;
> clock->data[bank].shift = shift;
> clock->data[bank].epoch_ns = epoch_ns;
> --
> 2.54.0.545.g6539524ca2-goog
>
More information about the linux-arm-kernel
mailing list