From: Marc Zyngier <maz@kernel.org>
To: linux-arm-kernel@lists.infradead.org,
kvmarm@lists.cs.columbia.edu, kvm@vger.kernel.org
Subject: [PATCH 2/2] KVM: arm64: PSCI: Forbid 64bit functions for 32bit guests
Date: Wed, 1 Apr 2020 17:58:16 +0100 [thread overview]
Message-ID: <20200401165816.530281-3-maz@kernel.org> (raw)
In-Reply-To: <20200401165816.530281-1-maz@kernel.org>
Implementing (and even advertising) 64bit PSCI functions to 32bit
guests is at least a bit odd, if not altogether violating the
spec which says ("5.2.1 Register usage in arguments and return values"):
"Adherence to the SMC Calling Conventions implies that any AArch32
caller of an SMC64 function will get a return code of 0xFFFFFFFF(int32).
This matches the NOT_SUPPORTED error code used in PSCI"
Tighten the implementation by pretending these functions are not
there for 32bit guests.
Signed-off-by: Marc Zyngier <maz@kernel.org>
---
virt/kvm/arm/psci.c | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/virt/kvm/arm/psci.c b/virt/kvm/arm/psci.c
index 69ff4a51ceb5..122795cdd984 100644
--- a/virt/kvm/arm/psci.c
+++ b/virt/kvm/arm/psci.c
@@ -199,6 +199,21 @@ static void kvm_psci_narrow_to_32bit(struct kvm_vcpu *vcpu)
vcpu_set_reg(vcpu, i, (u32)vcpu_get_reg(vcpu, i));
}
+static unsigned long kvm_psci_check_allowed_function(struct kvm_vcpu *vcpu, u32 fn)
+{
+ switch(fn) {
+ case PSCI_0_2_FN64_CPU_SUSPEND:
+ case PSCI_0_2_FN64_CPU_ON:
+ case PSCI_0_2_FN64_AFFINITY_INFO:
+ /* Disallow these functions for 32bit guests */
+ if (vcpu_mode_is_32bit(vcpu))
+ return PSCI_RET_NOT_SUPPORTED;
+ break;
+ }
+
+ return 0;
+}
+
static int kvm_psci_0_2_call(struct kvm_vcpu *vcpu)
{
struct kvm *kvm = vcpu->kvm;
@@ -206,6 +221,10 @@ static int kvm_psci_0_2_call(struct kvm_vcpu *vcpu)
unsigned long val;
int ret = 1;
+ val = kvm_psci_check_allowed_function(vcpu, psci_fn);
+ if (val)
+ goto out;
+
switch (psci_fn) {
case PSCI_0_2_FN_PSCI_VERSION:
/*
@@ -273,6 +292,7 @@ static int kvm_psci_0_2_call(struct kvm_vcpu *vcpu)
break;
}
+out:
smccc_set_retval(vcpu, val, 0, 0, 0);
return ret;
}
@@ -290,6 +310,10 @@ static int kvm_psci_1_0_call(struct kvm_vcpu *vcpu)
break;
case PSCI_1_0_FN_PSCI_FEATURES:
feature = smccc_get_arg1(vcpu);
+ val = kvm_psci_check_allowed_function(vcpu, feature);
+ if (val)
+ break;
+
switch(feature) {
case PSCI_0_2_FN_PSCI_VERSION:
case PSCI_0_2_FN_CPU_SUSPEND:
--
2.25.0
_______________________________________________
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
WARNING: multiple messages have this Message-ID (diff)
From: Marc Zyngier <maz@kernel.org>
To: linux-arm-kernel@lists.infradead.org,
kvmarm@lists.cs.columbia.edu, kvm@vger.kernel.org
Cc: James Morse <james.morse@arm.com>,
Christoffer Dall <Christoffer.Dall@arm.com>,
Julien Thierry <julien.thierry.kdev@gmail.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>
Subject: [PATCH 2/2] KVM: arm64: PSCI: Forbid 64bit functions for 32bit guests
Date: Wed, 1 Apr 2020 17:58:16 +0100 [thread overview]
Message-ID: <20200401165816.530281-3-maz@kernel.org> (raw)
In-Reply-To: <20200401165816.530281-1-maz@kernel.org>
Implementing (and even advertising) 64bit PSCI functions to 32bit
guests is at least a bit odd, if not altogether violating the
spec which says ("5.2.1 Register usage in arguments and return values"):
"Adherence to the SMC Calling Conventions implies that any AArch32
caller of an SMC64 function will get a return code of 0xFFFFFFFF(int32).
This matches the NOT_SUPPORTED error code used in PSCI"
Tighten the implementation by pretending these functions are not
there for 32bit guests.
Signed-off-by: Marc Zyngier <maz@kernel.org>
---
virt/kvm/arm/psci.c | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/virt/kvm/arm/psci.c b/virt/kvm/arm/psci.c
index 69ff4a51ceb5..122795cdd984 100644
--- a/virt/kvm/arm/psci.c
+++ b/virt/kvm/arm/psci.c
@@ -199,6 +199,21 @@ static void kvm_psci_narrow_to_32bit(struct kvm_vcpu *vcpu)
vcpu_set_reg(vcpu, i, (u32)vcpu_get_reg(vcpu, i));
}
+static unsigned long kvm_psci_check_allowed_function(struct kvm_vcpu *vcpu, u32 fn)
+{
+ switch(fn) {
+ case PSCI_0_2_FN64_CPU_SUSPEND:
+ case PSCI_0_2_FN64_CPU_ON:
+ case PSCI_0_2_FN64_AFFINITY_INFO:
+ /* Disallow these functions for 32bit guests */
+ if (vcpu_mode_is_32bit(vcpu))
+ return PSCI_RET_NOT_SUPPORTED;
+ break;
+ }
+
+ return 0;
+}
+
static int kvm_psci_0_2_call(struct kvm_vcpu *vcpu)
{
struct kvm *kvm = vcpu->kvm;
@@ -206,6 +221,10 @@ static int kvm_psci_0_2_call(struct kvm_vcpu *vcpu)
unsigned long val;
int ret = 1;
+ val = kvm_psci_check_allowed_function(vcpu, psci_fn);
+ if (val)
+ goto out;
+
switch (psci_fn) {
case PSCI_0_2_FN_PSCI_VERSION:
/*
@@ -273,6 +292,7 @@ static int kvm_psci_0_2_call(struct kvm_vcpu *vcpu)
break;
}
+out:
smccc_set_retval(vcpu, val, 0, 0, 0);
return ret;
}
@@ -290,6 +310,10 @@ static int kvm_psci_1_0_call(struct kvm_vcpu *vcpu)
break;
case PSCI_1_0_FN_PSCI_FEATURES:
feature = smccc_get_arg1(vcpu);
+ val = kvm_psci_check_allowed_function(vcpu, feature);
+ if (val)
+ break;
+
switch(feature) {
case PSCI_0_2_FN_PSCI_VERSION:
case PSCI_0_2_FN_CPU_SUSPEND:
--
2.25.0
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
WARNING: multiple messages have this Message-ID (diff)
From: Marc Zyngier <maz@kernel.org>
To: linux-arm-kernel@lists.infradead.org,
kvmarm@lists.cs.columbia.edu, kvm@vger.kernel.org
Cc: Christoffer Dall <Christoffer.Dall@arm.com>,
James Morse <james.morse@arm.com>,
Julien Thierry <julien.thierry.kdev@gmail.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>
Subject: [PATCH 2/2] KVM: arm64: PSCI: Forbid 64bit functions for 32bit guests
Date: Wed, 1 Apr 2020 17:58:16 +0100 [thread overview]
Message-ID: <20200401165816.530281-3-maz@kernel.org> (raw)
In-Reply-To: <20200401165816.530281-1-maz@kernel.org>
Implementing (and even advertising) 64bit PSCI functions to 32bit
guests is at least a bit odd, if not altogether violating the
spec which says ("5.2.1 Register usage in arguments and return values"):
"Adherence to the SMC Calling Conventions implies that any AArch32
caller of an SMC64 function will get a return code of 0xFFFFFFFF(int32).
This matches the NOT_SUPPORTED error code used in PSCI"
Tighten the implementation by pretending these functions are not
there for 32bit guests.
Signed-off-by: Marc Zyngier <maz@kernel.org>
---
virt/kvm/arm/psci.c | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/virt/kvm/arm/psci.c b/virt/kvm/arm/psci.c
index 69ff4a51ceb5..122795cdd984 100644
--- a/virt/kvm/arm/psci.c
+++ b/virt/kvm/arm/psci.c
@@ -199,6 +199,21 @@ static void kvm_psci_narrow_to_32bit(struct kvm_vcpu *vcpu)
vcpu_set_reg(vcpu, i, (u32)vcpu_get_reg(vcpu, i));
}
+static unsigned long kvm_psci_check_allowed_function(struct kvm_vcpu *vcpu, u32 fn)
+{
+ switch(fn) {
+ case PSCI_0_2_FN64_CPU_SUSPEND:
+ case PSCI_0_2_FN64_CPU_ON:
+ case PSCI_0_2_FN64_AFFINITY_INFO:
+ /* Disallow these functions for 32bit guests */
+ if (vcpu_mode_is_32bit(vcpu))
+ return PSCI_RET_NOT_SUPPORTED;
+ break;
+ }
+
+ return 0;
+}
+
static int kvm_psci_0_2_call(struct kvm_vcpu *vcpu)
{
struct kvm *kvm = vcpu->kvm;
@@ -206,6 +221,10 @@ static int kvm_psci_0_2_call(struct kvm_vcpu *vcpu)
unsigned long val;
int ret = 1;
+ val = kvm_psci_check_allowed_function(vcpu, psci_fn);
+ if (val)
+ goto out;
+
switch (psci_fn) {
case PSCI_0_2_FN_PSCI_VERSION:
/*
@@ -273,6 +292,7 @@ static int kvm_psci_0_2_call(struct kvm_vcpu *vcpu)
break;
}
+out:
smccc_set_retval(vcpu, val, 0, 0, 0);
return ret;
}
@@ -290,6 +310,10 @@ static int kvm_psci_1_0_call(struct kvm_vcpu *vcpu)
break;
case PSCI_1_0_FN_PSCI_FEATURES:
feature = smccc_get_arg1(vcpu);
+ val = kvm_psci_check_allowed_function(vcpu, feature);
+ if (val)
+ break;
+
switch(feature) {
case PSCI_0_2_FN_PSCI_VERSION:
case PSCI_0_2_FN_CPU_SUSPEND:
--
2.25.0
next prev parent reply other threads:[~2020-04-01 16:58 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-01 16:58 [PATCH 0/2] KVM: arm64: PSCI fixes Marc Zyngier
2020-04-01 16:58 ` Marc Zyngier
2020-04-01 16:58 ` Marc Zyngier
2020-04-01 16:58 ` [PATCH 1/2] KVM: arm64: PSCI: Narrow input registers when using 32bit functions Marc Zyngier
2020-04-01 16:58 ` Marc Zyngier
2020-04-01 16:58 ` Marc Zyngier
2020-04-02 13:47 ` Christoffer Dall
2020-04-02 13:47 ` Christoffer Dall
2020-04-02 13:47 ` Christoffer Dall
2020-04-03 14:02 ` Alexandru Elisei
2020-04-03 14:02 ` Alexandru Elisei
2020-04-03 14:02 ` Alexandru Elisei
2020-04-01 16:58 ` Marc Zyngier [this message]
2020-04-01 16:58 ` [PATCH 2/2] KVM: arm64: PSCI: Forbid 64bit functions for 32bit guests Marc Zyngier
2020-04-01 16:58 ` Marc Zyngier
2020-04-02 13:48 ` Christoffer Dall
2020-04-02 13:48 ` Christoffer Dall
2020-04-02 13:48 ` Christoffer Dall
2020-04-03 14:02 ` Alexandru Elisei
2020-04-03 14:02 ` Alexandru Elisei
2020-04-03 14:02 ` Alexandru Elisei
2020-04-03 10:35 ` [PATCH 0/2] KVM: arm64: PSCI fixes Alexandru Elisei
2020-04-03 10:35 ` Alexandru Elisei
2020-04-03 10:35 ` Alexandru Elisei
2020-04-03 11:20 ` Marc Zyngier
2020-04-03 11:20 ` Marc Zyngier
2020-04-03 11:20 ` Marc Zyngier
2020-04-03 14:01 ` Alexandru Elisei
2020-04-03 14:01 ` Alexandru Elisei
2020-04-03 14:01 ` Alexandru Elisei
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200401165816.530281-3-maz@kernel.org \
--to=maz@kernel.org \
--cc=kvm@vger.kernel.org \
--cc=kvmarm@lists.cs.columbia.edu \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.