From: David Brazdil <dbrazdil@google.com>
To: kvmarm@lists.cs.columbia.edu
Cc: kernel-team@android.com, Marc Zyngier <maz@kernel.org>,
linux-kernel@vger.kernel.org,
linux-arm-kernel@lists.infradead.org,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will@kernel.org>, Ard Biesheuvel <ardb@kernel.org>
Subject: [RFC PATCH 2/6] kvm: arm64: Fix up RELA relocations in hyp code/data
Date: Thu, 19 Nov 2020 16:25:39 +0000 [thread overview]
Message-ID: <20201119162543.78001-3-dbrazdil@google.com> (raw)
In-Reply-To: <20201119162543.78001-1-dbrazdil@google.com>
KVM nVHE code runs under a different VA mapping than the kernel, hence
so far it relied only on PC-relative addressing to avoid accidentally
using a relocated kernel VA from a constant pool (see hyp_symbol_addr).
So as to reduce the possibility of a programmer error, fixup the
relocated addresses instead. Let the kernel relocate them to kernel VA
first, but then iterate over them again, filter those that point to hyp
code/data and convert the kernel VA to hyp VA.
This is done after kvm_compute_layout and before apply_alternatives.
Signed-off-by: David Brazdil <dbrazdil@google.com>
---
arch/arm64/include/asm/kvm_mmu.h | 1 +
arch/arm64/kernel/smp.c | 4 +-
arch/arm64/kvm/va_layout.c | 76 ++++++++++++++++++++++++++++++++
3 files changed, 80 insertions(+), 1 deletion(-)
diff --git a/arch/arm64/include/asm/kvm_mmu.h b/arch/arm64/include/asm/kvm_mmu.h
index 5168a0c516ae..e5226f7e4732 100644
--- a/arch/arm64/include/asm/kvm_mmu.h
+++ b/arch/arm64/include/asm/kvm_mmu.h
@@ -105,6 +105,7 @@ alternative_cb_end
void kvm_update_va_mask(struct alt_instr *alt,
__le32 *origptr, __le32 *updptr, int nr_inst);
void kvm_compute_layout(void);
+void kvm_fixup_hyp_relocations(void);
static __always_inline unsigned long __kern_hyp_va(unsigned long v)
{
diff --git a/arch/arm64/kernel/smp.c b/arch/arm64/kernel/smp.c
index 18e9727d3f64..30241afc2c93 100644
--- a/arch/arm64/kernel/smp.c
+++ b/arch/arm64/kernel/smp.c
@@ -434,8 +434,10 @@ static void __init hyp_mode_check(void)
"CPU: CPUs started in inconsistent modes");
else
pr_info("CPU: All CPU(s) started at EL1\n");
- if (IS_ENABLED(CONFIG_KVM))
+ if (IS_ENABLED(CONFIG_KVM)) {
kvm_compute_layout();
+ kvm_fixup_hyp_relocations();
+ }
}
void __init smp_cpus_done(unsigned int max_cpus)
diff --git a/arch/arm64/kvm/va_layout.c b/arch/arm64/kvm/va_layout.c
index d8cc51bd60bf..b80fab974896 100644
--- a/arch/arm64/kvm/va_layout.c
+++ b/arch/arm64/kvm/va_layout.c
@@ -10,6 +10,7 @@
#include <asm/alternative.h>
#include <asm/debug-monitors.h>
#include <asm/insn.h>
+#include <asm/kvm_asm.h>
#include <asm/kvm_mmu.h>
#include <asm/memory.h>
@@ -82,6 +83,81 @@ __init void kvm_compute_layout(void)
init_hyp_physvirt_offset();
}
+#define __load_elf_u64(s) \
+ ({ \
+ extern u64 s; \
+ u64 val; \
+ \
+ asm ("ldr %0, =%1" : "=r"(val) : "S"(&s)); \
+ val; \
+ })
+
+static bool __is_within_bounds(u64 addr, char *start, char *end)
+{
+ return start <= (char*)addr && (char*)addr < end;
+}
+
+static bool __is_in_hyp_section(u64 addr)
+{
+ return __is_within_bounds(addr, __hyp_text_start, __hyp_text_end) ||
+ __is_within_bounds(addr, __hyp_rodata_start, __hyp_rodata_end) ||
+ __is_within_bounds(addr,
+ CHOOSE_NVHE_SYM(__per_cpu_start),
+ CHOOSE_NVHE_SYM(__per_cpu_end));
+}
+
+static void __fixup_hyp_rel(u64 addr)
+{
+ u64 *ptr, kern_va, hyp_va;
+
+ /* Adjust the relocation address taken from ELF for KASLR. */
+ addr += kaslr_offset();
+
+ /* Skip addresses not in any of the hyp sections. */
+ if (!__is_in_hyp_section(addr))
+ return;
+
+ /* Get the LM alias of the relocation address. */
+ ptr = (u64*)kvm_ksym_ref((void*)addr);
+
+ /*
+ * Read the value at the relocation address. It has already been
+ * relocated to the actual kernel kimg VA.
+ */
+ kern_va = (u64)kvm_ksym_ref((void*)*ptr);
+
+ /* Convert to hyp VA. */
+ hyp_va = __early_kern_hyp_va(kern_va);
+
+ /* Store hyp VA at the relocation address. */
+ *ptr = __early_kern_hyp_va(kern_va);
+}
+
+static void __fixup_hyp_rela(void)
+{
+ Elf64_Rela *rel;
+ size_t i, n;
+
+ rel = (Elf64_Rela*)(kimage_vaddr + __load_elf_u64(__rela_offset));
+ n = __load_elf_u64(__rela_size) / sizeof(*rel);
+
+ for (i = 0; i < n; ++i)
+ __fixup_hyp_rel(rel[i].r_offset);
+}
+
+/*
+ * The kernel relocated pointers to kernel VA. Iterate over relocations in
+ * the hypervisor ELF sections and convert them to hyp VA. This avoids the
+ * need to only use PC-relative addressing in hyp.
+ */
+__init void kvm_fixup_hyp_relocations(void)
+{
+ if (!IS_ENABLED(CONFIG_RELOCATABLE) || has_vhe())
+ return;
+
+ __fixup_hyp_rela();
+}
+
static u32 compute_instruction(int n, u32 rd, u32 rn)
{
u32 insn = AARCH64_BREAK_FAULT;
--
2.29.2.299.gdc1121823c-goog
_______________________________________________
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
WARNING: multiple messages have this Message-ID (diff)
From: David Brazdil <dbrazdil@google.com>
To: kvmarm@lists.cs.columbia.edu
Cc: Mark Rutland <mark.rutland@arm.com>,
kernel-team@android.com,
Suzuki K Poulose <suzuki.poulose@arm.com>,
Marc Zyngier <maz@kernel.org>,
linux-kernel@vger.kernel.org, James Morse <james.morse@arm.com>,
linux-arm-kernel@lists.infradead.org,
Catalin Marinas <catalin.marinas@arm.com>,
David Brazdil <dbrazdil@google.com>,
Will Deacon <will@kernel.org>, Ard Biesheuvel <ardb@kernel.org>,
Julien Thierry <julien.thierry.kdev@gmail.com>,
Andrew Scull <ascull@google.com>
Subject: [RFC PATCH 2/6] kvm: arm64: Fix up RELA relocations in hyp code/data
Date: Thu, 19 Nov 2020 16:25:39 +0000 [thread overview]
Message-ID: <20201119162543.78001-3-dbrazdil@google.com> (raw)
In-Reply-To: <20201119162543.78001-1-dbrazdil@google.com>
KVM nVHE code runs under a different VA mapping than the kernel, hence
so far it relied only on PC-relative addressing to avoid accidentally
using a relocated kernel VA from a constant pool (see hyp_symbol_addr).
So as to reduce the possibility of a programmer error, fixup the
relocated addresses instead. Let the kernel relocate them to kernel VA
first, but then iterate over them again, filter those that point to hyp
code/data and convert the kernel VA to hyp VA.
This is done after kvm_compute_layout and before apply_alternatives.
Signed-off-by: David Brazdil <dbrazdil@google.com>
---
arch/arm64/include/asm/kvm_mmu.h | 1 +
arch/arm64/kernel/smp.c | 4 +-
arch/arm64/kvm/va_layout.c | 76 ++++++++++++++++++++++++++++++++
3 files changed, 80 insertions(+), 1 deletion(-)
diff --git a/arch/arm64/include/asm/kvm_mmu.h b/arch/arm64/include/asm/kvm_mmu.h
index 5168a0c516ae..e5226f7e4732 100644
--- a/arch/arm64/include/asm/kvm_mmu.h
+++ b/arch/arm64/include/asm/kvm_mmu.h
@@ -105,6 +105,7 @@ alternative_cb_end
void kvm_update_va_mask(struct alt_instr *alt,
__le32 *origptr, __le32 *updptr, int nr_inst);
void kvm_compute_layout(void);
+void kvm_fixup_hyp_relocations(void);
static __always_inline unsigned long __kern_hyp_va(unsigned long v)
{
diff --git a/arch/arm64/kernel/smp.c b/arch/arm64/kernel/smp.c
index 18e9727d3f64..30241afc2c93 100644
--- a/arch/arm64/kernel/smp.c
+++ b/arch/arm64/kernel/smp.c
@@ -434,8 +434,10 @@ static void __init hyp_mode_check(void)
"CPU: CPUs started in inconsistent modes");
else
pr_info("CPU: All CPU(s) started at EL1\n");
- if (IS_ENABLED(CONFIG_KVM))
+ if (IS_ENABLED(CONFIG_KVM)) {
kvm_compute_layout();
+ kvm_fixup_hyp_relocations();
+ }
}
void __init smp_cpus_done(unsigned int max_cpus)
diff --git a/arch/arm64/kvm/va_layout.c b/arch/arm64/kvm/va_layout.c
index d8cc51bd60bf..b80fab974896 100644
--- a/arch/arm64/kvm/va_layout.c
+++ b/arch/arm64/kvm/va_layout.c
@@ -10,6 +10,7 @@
#include <asm/alternative.h>
#include <asm/debug-monitors.h>
#include <asm/insn.h>
+#include <asm/kvm_asm.h>
#include <asm/kvm_mmu.h>
#include <asm/memory.h>
@@ -82,6 +83,81 @@ __init void kvm_compute_layout(void)
init_hyp_physvirt_offset();
}
+#define __load_elf_u64(s) \
+ ({ \
+ extern u64 s; \
+ u64 val; \
+ \
+ asm ("ldr %0, =%1" : "=r"(val) : "S"(&s)); \
+ val; \
+ })
+
+static bool __is_within_bounds(u64 addr, char *start, char *end)
+{
+ return start <= (char*)addr && (char*)addr < end;
+}
+
+static bool __is_in_hyp_section(u64 addr)
+{
+ return __is_within_bounds(addr, __hyp_text_start, __hyp_text_end) ||
+ __is_within_bounds(addr, __hyp_rodata_start, __hyp_rodata_end) ||
+ __is_within_bounds(addr,
+ CHOOSE_NVHE_SYM(__per_cpu_start),
+ CHOOSE_NVHE_SYM(__per_cpu_end));
+}
+
+static void __fixup_hyp_rel(u64 addr)
+{
+ u64 *ptr, kern_va, hyp_va;
+
+ /* Adjust the relocation address taken from ELF for KASLR. */
+ addr += kaslr_offset();
+
+ /* Skip addresses not in any of the hyp sections. */
+ if (!__is_in_hyp_section(addr))
+ return;
+
+ /* Get the LM alias of the relocation address. */
+ ptr = (u64*)kvm_ksym_ref((void*)addr);
+
+ /*
+ * Read the value at the relocation address. It has already been
+ * relocated to the actual kernel kimg VA.
+ */
+ kern_va = (u64)kvm_ksym_ref((void*)*ptr);
+
+ /* Convert to hyp VA. */
+ hyp_va = __early_kern_hyp_va(kern_va);
+
+ /* Store hyp VA at the relocation address. */
+ *ptr = __early_kern_hyp_va(kern_va);
+}
+
+static void __fixup_hyp_rela(void)
+{
+ Elf64_Rela *rel;
+ size_t i, n;
+
+ rel = (Elf64_Rela*)(kimage_vaddr + __load_elf_u64(__rela_offset));
+ n = __load_elf_u64(__rela_size) / sizeof(*rel);
+
+ for (i = 0; i < n; ++i)
+ __fixup_hyp_rel(rel[i].r_offset);
+}
+
+/*
+ * The kernel relocated pointers to kernel VA. Iterate over relocations in
+ * the hypervisor ELF sections and convert them to hyp VA. This avoids the
+ * need to only use PC-relative addressing in hyp.
+ */
+__init void kvm_fixup_hyp_relocations(void)
+{
+ if (!IS_ENABLED(CONFIG_RELOCATABLE) || has_vhe())
+ return;
+
+ __fixup_hyp_rela();
+}
+
static u32 compute_instruction(int n, u32 rd, u32 rn)
{
u32 insn = AARCH64_BREAK_FAULT;
--
2.29.2.299.gdc1121823c-goog
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
WARNING: multiple messages have this Message-ID (diff)
From: David Brazdil <dbrazdil@google.com>
To: kvmarm@lists.cs.columbia.edu
Cc: linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org, Marc Zyngier <maz@kernel.org>,
James Morse <james.morse@arm.com>,
Julien Thierry <julien.thierry.kdev@gmail.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will@kernel.org>,
Mark Rutland <mark.rutland@arm.com>,
Andrew Scull <ascull@google.com>,
Ard Biesheuvel <ardb@kernel.org>,
kernel-team@android.com, David Brazdil <dbrazdil@google.com>
Subject: [RFC PATCH 2/6] kvm: arm64: Fix up RELA relocations in hyp code/data
Date: Thu, 19 Nov 2020 16:25:39 +0000 [thread overview]
Message-ID: <20201119162543.78001-3-dbrazdil@google.com> (raw)
In-Reply-To: <20201119162543.78001-1-dbrazdil@google.com>
KVM nVHE code runs under a different VA mapping than the kernel, hence
so far it relied only on PC-relative addressing to avoid accidentally
using a relocated kernel VA from a constant pool (see hyp_symbol_addr).
So as to reduce the possibility of a programmer error, fixup the
relocated addresses instead. Let the kernel relocate them to kernel VA
first, but then iterate over them again, filter those that point to hyp
code/data and convert the kernel VA to hyp VA.
This is done after kvm_compute_layout and before apply_alternatives.
Signed-off-by: David Brazdil <dbrazdil@google.com>
---
arch/arm64/include/asm/kvm_mmu.h | 1 +
arch/arm64/kernel/smp.c | 4 +-
arch/arm64/kvm/va_layout.c | 76 ++++++++++++++++++++++++++++++++
3 files changed, 80 insertions(+), 1 deletion(-)
diff --git a/arch/arm64/include/asm/kvm_mmu.h b/arch/arm64/include/asm/kvm_mmu.h
index 5168a0c516ae..e5226f7e4732 100644
--- a/arch/arm64/include/asm/kvm_mmu.h
+++ b/arch/arm64/include/asm/kvm_mmu.h
@@ -105,6 +105,7 @@ alternative_cb_end
void kvm_update_va_mask(struct alt_instr *alt,
__le32 *origptr, __le32 *updptr, int nr_inst);
void kvm_compute_layout(void);
+void kvm_fixup_hyp_relocations(void);
static __always_inline unsigned long __kern_hyp_va(unsigned long v)
{
diff --git a/arch/arm64/kernel/smp.c b/arch/arm64/kernel/smp.c
index 18e9727d3f64..30241afc2c93 100644
--- a/arch/arm64/kernel/smp.c
+++ b/arch/arm64/kernel/smp.c
@@ -434,8 +434,10 @@ static void __init hyp_mode_check(void)
"CPU: CPUs started in inconsistent modes");
else
pr_info("CPU: All CPU(s) started at EL1\n");
- if (IS_ENABLED(CONFIG_KVM))
+ if (IS_ENABLED(CONFIG_KVM)) {
kvm_compute_layout();
+ kvm_fixup_hyp_relocations();
+ }
}
void __init smp_cpus_done(unsigned int max_cpus)
diff --git a/arch/arm64/kvm/va_layout.c b/arch/arm64/kvm/va_layout.c
index d8cc51bd60bf..b80fab974896 100644
--- a/arch/arm64/kvm/va_layout.c
+++ b/arch/arm64/kvm/va_layout.c
@@ -10,6 +10,7 @@
#include <asm/alternative.h>
#include <asm/debug-monitors.h>
#include <asm/insn.h>
+#include <asm/kvm_asm.h>
#include <asm/kvm_mmu.h>
#include <asm/memory.h>
@@ -82,6 +83,81 @@ __init void kvm_compute_layout(void)
init_hyp_physvirt_offset();
}
+#define __load_elf_u64(s) \
+ ({ \
+ extern u64 s; \
+ u64 val; \
+ \
+ asm ("ldr %0, =%1" : "=r"(val) : "S"(&s)); \
+ val; \
+ })
+
+static bool __is_within_bounds(u64 addr, char *start, char *end)
+{
+ return start <= (char*)addr && (char*)addr < end;
+}
+
+static bool __is_in_hyp_section(u64 addr)
+{
+ return __is_within_bounds(addr, __hyp_text_start, __hyp_text_end) ||
+ __is_within_bounds(addr, __hyp_rodata_start, __hyp_rodata_end) ||
+ __is_within_bounds(addr,
+ CHOOSE_NVHE_SYM(__per_cpu_start),
+ CHOOSE_NVHE_SYM(__per_cpu_end));
+}
+
+static void __fixup_hyp_rel(u64 addr)
+{
+ u64 *ptr, kern_va, hyp_va;
+
+ /* Adjust the relocation address taken from ELF for KASLR. */
+ addr += kaslr_offset();
+
+ /* Skip addresses not in any of the hyp sections. */
+ if (!__is_in_hyp_section(addr))
+ return;
+
+ /* Get the LM alias of the relocation address. */
+ ptr = (u64*)kvm_ksym_ref((void*)addr);
+
+ /*
+ * Read the value at the relocation address. It has already been
+ * relocated to the actual kernel kimg VA.
+ */
+ kern_va = (u64)kvm_ksym_ref((void*)*ptr);
+
+ /* Convert to hyp VA. */
+ hyp_va = __early_kern_hyp_va(kern_va);
+
+ /* Store hyp VA at the relocation address. */
+ *ptr = __early_kern_hyp_va(kern_va);
+}
+
+static void __fixup_hyp_rela(void)
+{
+ Elf64_Rela *rel;
+ size_t i, n;
+
+ rel = (Elf64_Rela*)(kimage_vaddr + __load_elf_u64(__rela_offset));
+ n = __load_elf_u64(__rela_size) / sizeof(*rel);
+
+ for (i = 0; i < n; ++i)
+ __fixup_hyp_rel(rel[i].r_offset);
+}
+
+/*
+ * The kernel relocated pointers to kernel VA. Iterate over relocations in
+ * the hypervisor ELF sections and convert them to hyp VA. This avoids the
+ * need to only use PC-relative addressing in hyp.
+ */
+__init void kvm_fixup_hyp_relocations(void)
+{
+ if (!IS_ENABLED(CONFIG_RELOCATABLE) || has_vhe())
+ return;
+
+ __fixup_hyp_rela();
+}
+
static u32 compute_instruction(int n, u32 rd, u32 rn)
{
u32 insn = AARCH64_BREAK_FAULT;
--
2.29.2.299.gdc1121823c-goog
next prev parent reply other threads:[~2020-11-19 16:25 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-19 16:25 [RFC PATCH 0/6] kvm: arm64: Fix up hyp relocations David Brazdil
2020-11-19 16:25 ` David Brazdil
2020-11-19 16:25 ` David Brazdil
2020-11-19 16:25 ` [RFC PATCH 1/6] kvm: arm64: Set up .hyp.rodata ELF section David Brazdil
2020-11-19 16:25 ` David Brazdil
2020-11-19 16:25 ` David Brazdil
2020-11-24 13:35 ` Ard Biesheuvel
2020-11-24 13:35 ` Ard Biesheuvel
2020-11-24 13:35 ` Ard Biesheuvel
2020-11-19 16:25 ` David Brazdil [this message]
2020-11-19 16:25 ` [RFC PATCH 2/6] kvm: arm64: Fix up RELA relocations in hyp code/data David Brazdil
2020-11-19 16:25 ` David Brazdil
2020-11-24 13:09 ` Marc Zyngier
2020-11-24 13:09 ` Marc Zyngier
2020-11-24 13:09 ` Marc Zyngier
2020-11-24 13:45 ` Ard Biesheuvel
2020-11-24 13:45 ` Ard Biesheuvel
2020-11-24 13:45 ` Ard Biesheuvel
2020-11-19 16:25 ` [RFC PATCH 3/6] kvm: arm64: Fix up RELR relocation " David Brazdil
2020-11-19 16:25 ` David Brazdil
2020-11-19 16:25 ` David Brazdil
2020-11-24 13:24 ` Marc Zyngier
2020-11-24 13:24 ` Marc Zyngier
2020-11-24 13:24 ` Marc Zyngier
2020-11-24 14:02 ` Ard Biesheuvel
2020-11-24 14:02 ` Ard Biesheuvel
2020-11-24 14:02 ` Ard Biesheuvel
2020-11-19 16:25 ` [RFC PATCH 4/6] kvm: arm64: Remove patching of fn pointers in hyp David Brazdil
2020-11-19 16:25 ` David Brazdil
2020-11-19 16:25 ` David Brazdil
2020-11-24 14:03 ` Ard Biesheuvel
2020-11-24 14:03 ` Ard Biesheuvel
2020-11-24 14:03 ` Ard Biesheuvel
2020-11-19 16:25 ` [RFC PATCH 5/6] kvm: arm64: Fix constant-pool users " David Brazdil
2020-11-19 16:25 ` David Brazdil
2020-11-19 16:25 ` David Brazdil
2020-11-24 14:08 ` Ard Biesheuvel
2020-11-24 14:08 ` Ard Biesheuvel
2020-11-24 14:08 ` Ard Biesheuvel
2020-12-09 13:01 ` David Brazdil
2020-12-09 13:01 ` David Brazdil
2020-12-09 13:01 ` David Brazdil
2020-11-19 16:25 ` [RFC PATCH 6/6] kvm: arm64: Remove hyp_symbol_addr David Brazdil
2020-11-19 16:25 ` David Brazdil
2020-11-19 16:25 ` David Brazdil
2020-11-24 14:08 ` Ard Biesheuvel
2020-11-24 14:08 ` Ard Biesheuvel
2020-11-24 14:08 ` Ard Biesheuvel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201119162543.78001-3-dbrazdil@google.com \
--to=dbrazdil@google.com \
--cc=ardb@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=kernel-team@android.com \
--cc=kvmarm@lists.cs.columbia.edu \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=maz@kernel.org \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.