Re: [PATCH 1/2] KVM: arm64: fix config.hcr used uninitialized in __kvm_at_s1e01_fast

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Marc Zyngier <maz@kernel.org>
To: D Scott Phillips <scott@os.amperecomputing.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>,
	Joey Gouly <joey.gouly@arm.com>,
	Oliver Upton <oliver.upton@linux.dev>,
	Suzuki K Poulose <suzuki.poulose@arm.com>,
	Will Deacon <will@kernel.org>, Zenghui Yu <yuzenghui@huawei.com>,
	kvmarm@lists.linux.dev, linux-arm-kernel@lists.infradead.org,
	linux-kernel@vger.kernel.org
Subject: Re: [PATCH 1/2] KVM: arm64: fix config.hcr used uninitialized in __kvm_at_s1e01_fast
Date: Tue, 15 Apr 2025 19:22:23 +0100	[thread overview]
Message-ID: <8634e9l1y8.wl-maz@kernel.org> (raw)
In-Reply-To: <20250415154656.1698522-1-scott@os.amperecomputing.com>

On Tue, 15 Apr 2025 16:46:55 +0100,
D Scott Phillips <scott@os.amperecomputing.com> wrote:
> 
> In the skip_mmu_switch case, config.hcr was used uninitialized. On my
> machine that caused garbage to be written to HCR_EL2 and then the CPU
> got stuck at the synchronous exception handler. Also, the restore of
> HCR_EL2 was missing at the end of the function in the same case.

Huh, how embarrassing. Thanks for spotting this one.

> 
> In skip_mmu_switch case, initialize config.hcr with HCR_HOST_VHE_FLAGS.
> 
> Signed-off-by: D Scott Phillips <scott@os.amperecomputing.com>
> ---
>  arch/arm64/kvm/at.c | 8 ++++++--
>  1 file changed, 6 insertions(+), 2 deletions(-)
> 
> diff --git a/arch/arm64/kvm/at.c b/arch/arm64/kvm/at.c
> index f74a66ce3064b..ff4b06ce661af 100644
> --- a/arch/arm64/kvm/at.c
> +++ b/arch/arm64/kvm/at.c
> @@ -1233,8 +1233,10 @@ static u64 __kvm_at_s1e01_fast(struct kvm_vcpu *vcpu, u32 op, u64 vaddr)
>  	 * the right one (as we trapped from vEL2). If not, save the
>  	 * full MMU context.
>  	 */
> -	if (vcpu_el2_e2h_is_set(vcpu) && vcpu_el2_tge_is_set(vcpu))
> +	if (vcpu_el2_e2h_is_set(vcpu) && vcpu_el2_tge_is_set(vcpu)) {
> +		config.hcr = read_sysreg(hcr_el2);
>  		goto skip_mmu_switch;
> +	}
>  
>  	/*
>  	 * Obtaining the S2 MMU for a L2 is horribly racy, and we may not
> @@ -1299,7 +1301,9 @@ static u64 __kvm_at_s1e01_fast(struct kvm_vcpu *vcpu, u32 op, u64 vaddr)
>  	if (!fail)
>  		par = read_sysreg_par();
>  
> -	if (!(vcpu_el2_e2h_is_set(vcpu) && vcpu_el2_tge_is_set(vcpu)))
> +	if (vcpu_el2_e2h_is_set(vcpu) && vcpu_el2_tge_is_set(vcpu))
> +		write_sysreg(config.hcr, hcr_el2);
> +	else
>  		__mmu_config_restore(&config);
>  
>  	return par;

I think the diff below should do the trick (and incidently matches
your commit message).

Thanks,

	M.

diff --git a/arch/arm64/kvm/at.c b/arch/arm64/kvm/at.c
index f74a66ce3064b..773e3b4d5c7e5 100644
--- a/arch/arm64/kvm/at.c
+++ b/arch/arm64/kvm/at.c
@@ -1214,7 +1214,7 @@ static u64 handle_at_slow(struct kvm_vcpu *vcpu, u32 op, u64 vaddr)
  */
 static u64 __kvm_at_s1e01_fast(struct kvm_vcpu *vcpu, u32 op, u64 vaddr)
 {
-	struct mmu_config config;
+	struct mmu_config config = { .hcr = HCR_HOST_VHE_FLAGS, };
 	struct kvm_s2_mmu *mmu;
 	bool fail;
 	u64 par;
@@ -1301,6 +1301,8 @@ static u64 __kvm_at_s1e01_fast(struct kvm_vcpu *vcpu, u32 op, u64 vaddr)
 
 	if (!(vcpu_el2_e2h_is_set(vcpu) && vcpu_el2_tge_is_set(vcpu)))
 		__mmu_config_restore(&config);
+	else
+		write_sysreg(config.hcr, hcr_el2);
 
 	return par;
 }

-- 
Without deviation from the norm, progress is not possible.

next prev parent reply	other threads:[~2025-04-15 18:22 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-04-15 15:46 [PATCH 1/2] KVM: arm64: fix config.hcr used uninitialized in __kvm_at_s1e01_fast D Scott Phillips
2025-04-15 15:46 ` [PATCH 2/2] KVM: arm64: Avoid blocking irqs when tlb flushing/ATing with HCR.TGE=0 D Scott Phillips
2025-04-15 18:33   ` Marc Zyngier
2025-04-16 22:59     ` D Scott Phillips
2025-04-15 18:22 ` Marc Zyngier [this message]
2025-04-16 23:00   ` [PATCH 1/2] KVM: arm64: fix config.hcr used uninitialized in __kvm_at_s1e01_fast D Scott Phillips
2025-04-17 16:13     ` Marc Zyngier

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:f74a66ce3064 dfblob:773e3b4d5c7e )
 OR (
bs:"Re: [PATCH 1/2] KVM: arm64: fix config.hcr used uninitialized in __kvm_at_s1e01_fast" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=8634e9l1y8.wl-maz@kernel.org \
    --to=maz@kernel.org \
    --cc=catalin.marinas@arm.com \
    --cc=joey.gouly@arm.com \
    --cc=kvmarm@lists.linux.dev \
    --cc=linux-arm-kernel@lists.infradead.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=oliver.upton@linux.dev \
    --cc=scott@os.amperecomputing.com \
    --cc=suzuki.poulose@arm.com \
    --cc=will@kernel.org \
    --cc=yuzenghui@huawei.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.