From: Mostafa Saleh <smostafa@google.com>
To: kvmarm@lists.linux.dev, kasan-dev@googlegroups.com,
linux-hardening@vger.kernel.org, linux-kbuild@vger.kernel.org,
linux-kernel@vger.kernel.org,
linux-arm-kernel@lists.infradead.org
Cc: will@kernel.org, maz@kernel.org, oliver.upton@linux.dev,
broonie@kernel.org, catalin.marinas@arm.com, tglx@linutronix.de,
mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com,
x86@kernel.org, hpa@zytor.com, kees@kernel.org,
elver@google.com, andreyknvl@gmail.com, ryabinin.a.a@gmail.com,
akpm@linux-foundation.org, yuzenghui@huawei.com,
suzuki.poulose@arm.com, joey.gouly@arm.com,
masahiroy@kernel.org, nathan@kernel.org,
nicolas.schier@linux.dev, Mostafa Saleh <smostafa@google.com>
Subject: [PATCH v2 3/4] KVM: arm64: Introduce CONFIG_UBSAN_KVM_EL2
Date: Wed, 30 Apr 2025 16:27:10 +0000 [thread overview]
Message-ID: <20250430162713.1997569-4-smostafa@google.com> (raw)
In-Reply-To: <20250430162713.1997569-1-smostafa@google.com>
Add a new Kconfig CONFIG_UBSAN_KVM_EL2 for KVM which enables
UBSAN for EL2 code (in protected/nvhe/hvhe) modes.
This will re-use the same checks enabled for the kernel for
the hypervisor. The only difference is that for EL2 it always
emits a "brk" instead of implementing hooks as the hypervisor
can't print reports.
The KVM code will re-use the same code for the kernel
"report_ubsan_failure()" so #ifdefs are changed to also have this
code for CONFIG_UBSAN_KVM_EL2
Signed-off-by: Mostafa Saleh <smostafa@google.com>
---
arch/arm64/kvm/hyp/nvhe/Makefile | 6 ++++++
include/linux/ubsan.h | 2 +-
lib/Kconfig.ubsan | 9 +++++++++
lib/ubsan.c | 6 ++++--
scripts/Makefile.ubsan | 5 ++++-
5 files changed, 24 insertions(+), 4 deletions(-)
diff --git a/arch/arm64/kvm/hyp/nvhe/Makefile b/arch/arm64/kvm/hyp/nvhe/Makefile
index b43426a493df..a76522d63c3e 100644
--- a/arch/arm64/kvm/hyp/nvhe/Makefile
+++ b/arch/arm64/kvm/hyp/nvhe/Makefile
@@ -99,3 +99,9 @@ KBUILD_CFLAGS := $(filter-out $(CC_FLAGS_FTRACE) $(CC_FLAGS_SCS), $(KBUILD_CFLAG
# causes a build failure. Remove profile optimization flags.
KBUILD_CFLAGS := $(filter-out -fprofile-sample-use=% -fprofile-use=%, $(KBUILD_CFLAGS))
KBUILD_CFLAGS += -fno-asynchronous-unwind-tables -fno-unwind-tables
+
+ifeq ($(CONFIG_UBSAN_KVM_EL2),y)
+UBSAN_SANITIZE := y
+# Always use brk and not hooks
+ccflags-y += $(CFLAGS_UBSAN_TRAP)
+endif
diff --git a/include/linux/ubsan.h b/include/linux/ubsan.h
index c843816f5f68..3ab8d38aedb8 100644
--- a/include/linux/ubsan.h
+++ b/include/linux/ubsan.h
@@ -2,7 +2,7 @@
#ifndef _LINUX_UBSAN_H
#define _LINUX_UBSAN_H
-#ifdef CONFIG_UBSAN_TRAP
+#if defined(CONFIG_UBSAN_TRAP) || defined(CONFIG_UBSAN_KVM_EL2)
const char *report_ubsan_failure(u32 check_type);
#else
static inline const char *report_ubsan_failure(u32 check_type)
diff --git a/lib/Kconfig.ubsan b/lib/Kconfig.ubsan
index f6ea0c5b5da3..42ed41804644 100644
--- a/lib/Kconfig.ubsan
+++ b/lib/Kconfig.ubsan
@@ -165,4 +165,13 @@ config TEST_UBSAN
This is a test module for UBSAN.
It triggers various undefined behavior, and detect it.
+config UBSAN_KVM_EL2
+ bool "UBSAN for KVM code at EL2"
+ depends on ARM64
+ help
+ Enable UBSAN when running on ARM64 with KVM in a split mode
+ (nvhe/hvhe/protected) for the hypervisor code running in EL2.
+ In this mode, any UBSAN violation in EL2 would panic the kernel
+ and information similar to UBSAN_TRAP would be printed.
+
endif # if UBSAN
diff --git a/lib/ubsan.c b/lib/ubsan.c
index 17993727fc96..a6ca235dd714 100644
--- a/lib/ubsan.c
+++ b/lib/ubsan.c
@@ -19,7 +19,7 @@
#include "ubsan.h"
-#ifdef CONFIG_UBSAN_TRAP
+#if defined(CONFIG_UBSAN_TRAP) || defined(CONFIG_UBSAN_KVM_EL2)
/*
* Only include matches for UBSAN checks that are actually compiled in.
* The mappings of struct SanitizerKind (the -fsanitize=xxx args) to
@@ -97,7 +97,9 @@ const char *report_ubsan_failure(u32 check_type)
}
}
-#else
+#endif
+
+#ifndef CONFIG_UBSAN_TRAP
static const char * const type_check_kinds[] = {
"load of",
"store to",
diff --git a/scripts/Makefile.ubsan b/scripts/Makefile.ubsan
index 9e35198edbf0..73c7a9be0796 100644
--- a/scripts/Makefile.ubsan
+++ b/scripts/Makefile.ubsan
@@ -1,5 +1,8 @@
# SPDX-License-Identifier: GPL-2.0
+# Shared with KVM/arm64.
+export CFLAGS_UBSAN_TRAP := $(call cc-option,-fsanitize-trap=undefined,-fsanitize-undefined-trap-on-error)
+
# Enable available and selected UBSAN features.
ubsan-cflags-$(CONFIG_UBSAN_ALIGNMENT) += -fsanitize=alignment
ubsan-cflags-$(CONFIG_UBSAN_BOUNDS_STRICT) += -fsanitize=bounds-strict
@@ -10,7 +13,7 @@ ubsan-cflags-$(CONFIG_UBSAN_DIV_ZERO) += -fsanitize=integer-divide-by-zero
ubsan-cflags-$(CONFIG_UBSAN_UNREACHABLE) += -fsanitize=unreachable
ubsan-cflags-$(CONFIG_UBSAN_BOOL) += -fsanitize=bool
ubsan-cflags-$(CONFIG_UBSAN_ENUM) += -fsanitize=enum
-ubsan-cflags-$(CONFIG_UBSAN_TRAP) += $(call cc-option,-fsanitize-trap=undefined,-fsanitize-undefined-trap-on-error)
+ubsan-cflags-$(CONFIG_UBSAN_TRAP) += $(CFLAGS_UBSAN_TRAP)
export CFLAGS_UBSAN := $(ubsan-cflags-y)
--
2.49.0.967.g6a0df3ecc3-goog
next prev parent reply other threads:[~2025-04-30 16:27 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-30 16:27 [PATCH v2 0/4] KVM: arm64: UBSAN at EL2 Mostafa Saleh
2025-04-30 16:27 ` [PATCH v2 1/4] arm64: Introduce esr_is_ubsan_brk() Mostafa Saleh
2025-04-30 18:30 ` Kees Cook
2025-04-30 16:27 ` [PATCH v2 2/4] ubsan: Remove regs from report_ubsan_failure() Mostafa Saleh
2025-04-30 16:27 ` Mostafa Saleh [this message]
2025-04-30 18:30 ` [PATCH v2 3/4] KVM: arm64: Introduce CONFIG_UBSAN_KVM_EL2 Kees Cook
2025-04-30 16:27 ` [PATCH v2 4/4] KVM: arm64: Handle UBSAN faults Mostafa Saleh
2025-04-30 18:31 ` Kees Cook
2025-04-30 18:32 ` [PATCH v2 0/4] KVM: arm64: UBSAN at EL2 Kees Cook
2025-05-06 8:36 ` Marc Zyngier
2025-05-07 10:35 ` Marc Zyngier
2025-05-08 16:29 ` Kees Cook
2025-05-07 10:35 ` Marc Zyngier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250430162713.1997569-4-smostafa@google.com \
--to=smostafa@google.com \
--cc=akpm@linux-foundation.org \
--cc=andreyknvl@gmail.com \
--cc=bp@alien8.de \
--cc=broonie@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=dave.hansen@linux.intel.com \
--cc=elver@google.com \
--cc=hpa@zytor.com \
--cc=joey.gouly@arm.com \
--cc=kasan-dev@googlegroups.com \
--cc=kees@kernel.org \
--cc=kvmarm@lists.linux.dev \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kbuild@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=masahiroy@kernel.org \
--cc=maz@kernel.org \
--cc=mingo@redhat.com \
--cc=nathan@kernel.org \
--cc=nicolas.schier@linux.dev \
--cc=oliver.upton@linux.dev \
--cc=ryabinin.a.a@gmail.com \
--cc=suzuki.poulose@arm.com \
--cc=tglx@linutronix.de \
--cc=will@kernel.org \
--cc=x86@kernel.org \
--cc=yuzenghui@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.