From: sashiko-bot@kernel.org
To: "Oliver Upton" <oupton@kernel.org>
Cc: "Marc Zyngier" <maz@kernel.org>, kvmarm@lists.linux.dev
Subject: Re: [PATCH 14/22] KVM: arm64: Grant write permission when DBM is set at S1
Date: Tue, 23 Jun 2026 18:57:28 +0000 [thread overview]
Message-ID: <20260623185729.1DED21F00A3A@smtp.kernel.org> (raw)
In-Reply-To: <20260623184201.1518871-15-oupton@kernel.org>
Thank you for your contribution! Sashiko AI review found 2 potential issue(s) to consider:
- [High] The patch incorrectly grants write permissions based on DBM when hardware dirty state management is architecturally disabled due to HA=0.
- [High] Hardware dirty state management (FEAT_HAFDBS) is incorrectly emulated when the Permission Indirection Extension (FEAT_S1PIE) is enabled, leading to spurious permission faults and incorrect descriptor updates.
--
commit 7f44240a7dbcb830d02ca9b76f878070fdff7b00
Author: Oliver Upton <oupton@kernel.org>
KVM: arm64: Grant write permission when DBM is set at S1
The DBM bit effectively behaves as a permission bit when using direct
permissions, especially so in the context of accesses that do not update
the dirty state (like AT).
> diff --git a/arch/arm64/kvm/at.c b/arch/arm64/kvm/at.c
> index bfba31b270a95..faffb69c2eef5 100644
> --- a/arch/arm64/kvm/at.c
> +++ b/arch/arm64/kvm/at.c
> @@ -1077,11 +1077,23 @@ static void compute_s1_direct_permissions(struct kvm_vcpu *vcpu,
> struct s1_walk_info *wi,
> struct s1_walk_result *wr)
> {
> + u8 ap = FIELD_GET(PTE_USER | PTE_RDONLY, wr->desc);
> bool wxn;
>
> + /*
> + * Descriptors with the DBM bit set while hardware dirty state are
> + * considered writable, even though certain accesses (like AT instructions)
> + * don't actually update the dirty state.
> + *
> + * Assume that walk_s1() made the necessary descriptor updates for the
> + * access and just treat DBM as writable here.
> + */
> + if (wi->hd && (wr->desc & PTE_DBM))
> + ap &= ~BIT(1);
[Severity: High]
Does this incorrectly grant write permissions when hardware management of the
Access Flag is disabled?
According to the ARM Architecture Reference Manual, hardware management of the
dirty state (TCR_ELx.HD = 1) is ignored if hardware management of the Access
Flag is disabled (TCR_ELx.HA = 0).
In setup_s1_walk(), we compute wi->hd directly from TCR.HD without enforcing
this requirement:
arch/arm64/kvm/at.c:setup_s1_walk() {
...
wi->hd = kvm_has_feat(vcpu->kvm, ID_AA64MMFR1_EL1, HAFDBS, DBM);
wi->hd &= (wi->regime == TR_EL2 ?
FIELD_GET(TCR_EL2_HD, tcr) :
FIELD_GET(TCR_HD, tcr));
...
}
If a guest OS configures TCR_ELx.HA = 0 and TCR_ELx.HD = 1, and creates a
stage-1 descriptor with RDONLY=1 and DBM=1, it should remain strictly
read-only and generate a Permission Fault on a write. By relying on the
ungated wi->hd here, does KVM bypass the Permission Fault and allow a
guest-visible privilege escalation?
[Severity: High]
Is hardware dirty state management incorrectly emulated when the Permission
Indirection Extension (FEAT_S1PIE) is enabled?
When FEAT_S1PIE is enabled, the DBM bit (bit 51) acts as Index[1] in the PI
index. If a write occurs to a "clean" page (DBM=1) and HD=1, the hardware
checks if clearing bit 51 would grant write access.
It looks like compute_s1_indirect_permissions() evaluates permissions using
the current PI index without simulating this dirty bit transition, which could
cause a spurious permission fault instead of updating the dirty state:
arch/arm64/kvm/at.c:compute_s1_indirect_permissions() {
...
idx = pte_pi_index(wr->desc);
...
set_perms(priv, wr, pp);
...
}
Additionally, if the dirty state needs to be updated, it appears we
unconditionally clear bit 7 (PTE_RDONLY) instead of bit 51 (PTE_DBM):
arch/arm64/kvm/at.c:handle_desc_update() {
...
if (should_set_dirty_state(wi, ws, wr, access))
new &= ~PTE_RDONLY;
...
}
For PIE, bit 7 is unrelated to the dirty state. Could this corrupt the
guest's PIE descriptor?
>
> /* Non-hierarchical part of AArch64.S1DirectBasePermissions() */
> if (wi->regime != TR_EL2) {
> - switch (FIELD_GET(PTE_USER | PTE_RDONLY, wr->desc)) {
> + switch (ap) {
> case 0b00:
> wr->pr = wr->pw = true;
> wr->ur = wr->uw = false;
--
Sashiko AI review · https://sashiko.dev/#/patchset/20260623184201.1518871-1-oupton@kernel.org?part=14
next prev parent reply other threads:[~2026-06-23 18:57 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-23 18:41 [PATCH 00/22] KVM: arm64: nv: Implement FEAT_HAFDBS, FEAT_HAFT Oliver Upton
2026-06-23 18:41 ` [PATCH 01/22] KVM: arm64: nv: Introduce struct for stage-2 walk step Oliver Upton
2026-06-23 18:41 ` [PATCH 02/22] KVM: arm64: nv: Consolidate computation of stage-2 permissions Oliver Upton
2026-06-23 18:57 ` sashiko-bot
2026-06-23 18:41 ` [PATCH 03/22] KVM: arm64: nv: Get rid of kvm_s2_trans*() accessors Oliver Upton
2026-06-23 18:41 ` [PATCH 04/22] KVM: arm64: nv: Only shadow writable-dirty guest descs as writable Oliver Upton
2026-06-23 18:58 ` sashiko-bot
2026-06-23 20:05 ` Oliver Upton
2026-06-23 18:41 ` [PATCH 05/22] KVM: arm64: nv: Pass an access descriptor for stage-2 walks Oliver Upton
2026-06-23 19:06 ` sashiko-bot
2026-06-23 18:41 ` [PATCH 06/22] KVM: arm64: nv: Use a helper for stage-2 descriptor updates Oliver Upton
2026-06-23 18:41 ` [PATCH 07/22] KVM: arm64: nv: Set dirty state at stage-2 Oliver Upton
2026-06-23 19:03 ` sashiko-bot
2026-06-23 18:41 ` [PATCH 08/22] KVM: arm64: nv: Treat DBM as writable " Oliver Upton
2026-06-23 18:55 ` sashiko-bot
2026-06-23 20:08 ` Oliver Upton
2026-06-23 18:41 ` [PATCH 09/22] KVM: arm64: Compute S1 permissions as part of s1_walk() Oliver Upton
2026-06-23 18:41 ` [PATCH 10/22] KVM: arm64: Plumb through access descriptor for stage-1 Oliver Upton
2026-06-23 18:41 ` [PATCH 11/22] KVM: arm64: Use a struct for stage-1 walk context Oliver Upton
2026-06-23 18:41 ` [PATCH 12/22] KVM: arm64: Create helper for stage-1 descriptor updates Oliver Upton
2026-06-23 18:55 ` sashiko-bot
2026-06-23 18:41 ` [PATCH 13/22] KVM: arm64: Set dirty state at stage-1 Oliver Upton
2026-06-23 18:54 ` sashiko-bot
2026-06-23 18:41 ` [PATCH 14/22] KVM: arm64: Grant write permission when DBM is set at S1 Oliver Upton
2026-06-23 18:57 ` sashiko-bot [this message]
2026-06-23 18:41 ` [PATCH 15/22] KVM: arm64: Don't update descriptors for "non-arch" access Oliver Upton
2026-06-23 18:41 ` [PATCH 16/22] KVM: arm64: nv: Expose FEAT_HAFDBS Oliver Upton
2026-06-23 19:01 ` sashiko-bot
2026-06-23 18:41 ` [PATCH 17/22] KVM: arm64: Set Access flag on table descriptors at stage-1 Oliver Upton
2026-06-23 20:56 ` sashiko-bot
2026-06-23 18:41 ` [PATCH 18/22] KVM: arm64: nv: Set access flag on table descriptors at stage-2 Oliver Upton
2026-06-23 19:05 ` sashiko-bot
2026-06-23 20:14 ` Oliver Upton
2026-06-23 18:41 ` [PATCH 19/22] KVM: arm64: nv: Expose FEAT_HAFT Oliver Upton
2026-06-23 19:05 ` sashiko-bot
2026-06-23 18:41 ` [PATCH 20/22] KVM: arm64: selftests: Only test AF behavior for emulated AT insns Oliver Upton
2026-06-23 18:42 ` [PATCH 21/22] KVM: arm64: selftests: Test AT emulation for FEAT_HAFT Oliver Upton
2026-06-23 19:05 ` sashiko-bot
2026-06-23 20:17 ` Oliver Upton
2026-06-23 18:42 ` [PATCH 22/22] HACK: KVM: arm64: nv: Set the dirty state for CMOs that fetch for write Oliver Upton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260623185729.1DED21F00A3A@smtp.kernel.org \
--to=sashiko-bot@kernel.org \
--cc=kvmarm@lists.linux.dev \
--cc=maz@kernel.org \
--cc=oupton@kernel.org \
--cc=sashiko-reviews@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.