From: Marc Zyngier <maz@kernel.org>
To: Ricardo Koller <ricarkol@google.com>
Cc: kvm@vger.kernel.org, shuah@kernel.org, pshier@google.com,
Paolo Bonzini <pbonzini@redhat.com>,
kvmarm@lists.cs.columbia.edu
Subject: Re: [PATCH v2 1/2] KVM: arm64: vgic: check redist region is not above the VM IPA size
Date: Mon, 20 Sep 2021 13:30:40 +0100 [thread overview]
Message-ID: <87sfxzv37z.wl-maz@kernel.org> (raw)
In-Reply-To: <20210910004919.1610709-2-ricarkol@google.com>
Hi Ricardo,
On Fri, 10 Sep 2021 01:49:18 +0100,
Ricardo Koller <ricarkol@google.com> wrote:
>
> Verify that the redistributor regions do not extend beyond the
> VM-specified IPA size (phys_size). This can happen when using
> KVM_VGIC_V3_ADDR_TYPE_REDIST or KVM_VGIC_V3_ADDR_TYPE_REDIST_REGIONS
> with:
>
> base + size > phys_size AND base < phys_size
>
> Add the missing check into vgic_v3_alloc_redist_region() which is called
> when setting the regions, and into vgic_v3_check_base() which is called
> when attempting the first vcpu-run. The vcpu-run check does not apply to
> KVM_VGIC_V3_ADDR_TYPE_REDIST_REGIONS because the regions size is known
> before the first vcpu-run. Finally, this patch also enables some extra
> tests in vgic_v3_alloc_redist_region() by calculating "size" early for
> the legacy redist api.
>
> Signed-off-by: Ricardo Koller <ricarkol@google.com>
> ---
> arch/arm64/kvm/vgic/vgic-mmio-v3.c | 7 ++++++-
> arch/arm64/kvm/vgic/vgic-v3.c | 4 ++++
> 2 files changed, 10 insertions(+), 1 deletion(-)
>
> diff --git a/arch/arm64/kvm/vgic/vgic-mmio-v3.c b/arch/arm64/kvm/vgic/vgic-mmio-v3.c
> index a09cdc0b953c..055671bede85 100644
> --- a/arch/arm64/kvm/vgic/vgic-mmio-v3.c
> +++ b/arch/arm64/kvm/vgic/vgic-mmio-v3.c
> @@ -796,7 +796,9 @@ static int vgic_v3_alloc_redist_region(struct kvm *kvm, uint32_t index,
> struct vgic_dist *d = &kvm->arch.vgic;
> struct vgic_redist_region *rdreg;
> struct list_head *rd_regions = &d->rd_regions;
> - size_t size = count * KVM_VGIC_V3_REDIST_SIZE;
> + int nr_vcpus = atomic_read(&kvm->online_vcpus);
> + size_t size = count ? count * KVM_VGIC_V3_REDIST_SIZE :
> + nr_vcpus * KVM_VGIC_V3_REDIST_SIZE;
> int ret;
>
> /* cross the end of memory ? */
> @@ -834,6 +836,9 @@ static int vgic_v3_alloc_redist_region(struct kvm *kvm, uint32_t index,
> if (vgic_v3_rdist_overlap(kvm, base, size))
> return -EINVAL;
>
> + if (base + size > kvm_phys_size(kvm))
> + return -E2BIG;
> +
> rdreg = kzalloc(sizeof(*rdreg), GFP_KERNEL);
> if (!rdreg)
> return -ENOMEM;
> diff --git a/arch/arm64/kvm/vgic/vgic-v3.c b/arch/arm64/kvm/vgic/vgic-v3.c
> index 66004f61cd83..5afd9f6f68f6 100644
> --- a/arch/arm64/kvm/vgic/vgic-v3.c
> +++ b/arch/arm64/kvm/vgic/vgic-v3.c
> @@ -512,6 +512,10 @@ bool vgic_v3_check_base(struct kvm *kvm)
> if (rdreg->base + vgic_v3_rd_region_size(kvm, rdreg) <
> rdreg->base)
> return false;
> +
> + if (rdreg->base + vgic_v3_rd_region_size(kvm, rdreg) >
> + kvm_phys_size(kvm))
> + return false;
> }
>
> if (IS_VGIC_ADDR_UNDEF(d->vgic_dist_base))
How about vgic-v2? From what I can see, the placement of the
distributor and CPU interface should be subjected to the same checks
(see vgic_v2_check_base()).
Thanks,
M.
--
Without deviation from the norm, progress is not possible.
_______________________________________________
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
WARNING: multiple messages have this Message-ID (diff)
From: Marc Zyngier <maz@kernel.org>
To: Ricardo Koller <ricarkol@google.com>
Cc: kvm@vger.kernel.org, kvmarm@lists.cs.columbia.edu,
drjones@redhat.com, eric.auger@redhat.com,
alexandru.elisei@arm.com, Paolo Bonzini <pbonzini@redhat.com>,
oupton@google.com, james.morse@arm.com, suzuki.poulose@arm.com,
shuah@kernel.org, jingzhangos@google.com, pshier@google.com,
rananta@google.com, reijiw@google.com
Subject: Re: [PATCH v2 1/2] KVM: arm64: vgic: check redist region is not above the VM IPA size
Date: Mon, 20 Sep 2021 13:30:40 +0100 [thread overview]
Message-ID: <87sfxzv37z.wl-maz@kernel.org> (raw)
In-Reply-To: <20210910004919.1610709-2-ricarkol@google.com>
Hi Ricardo,
On Fri, 10 Sep 2021 01:49:18 +0100,
Ricardo Koller <ricarkol@google.com> wrote:
>
> Verify that the redistributor regions do not extend beyond the
> VM-specified IPA size (phys_size). This can happen when using
> KVM_VGIC_V3_ADDR_TYPE_REDIST or KVM_VGIC_V3_ADDR_TYPE_REDIST_REGIONS
> with:
>
> base + size > phys_size AND base < phys_size
>
> Add the missing check into vgic_v3_alloc_redist_region() which is called
> when setting the regions, and into vgic_v3_check_base() which is called
> when attempting the first vcpu-run. The vcpu-run check does not apply to
> KVM_VGIC_V3_ADDR_TYPE_REDIST_REGIONS because the regions size is known
> before the first vcpu-run. Finally, this patch also enables some extra
> tests in vgic_v3_alloc_redist_region() by calculating "size" early for
> the legacy redist api.
>
> Signed-off-by: Ricardo Koller <ricarkol@google.com>
> ---
> arch/arm64/kvm/vgic/vgic-mmio-v3.c | 7 ++++++-
> arch/arm64/kvm/vgic/vgic-v3.c | 4 ++++
> 2 files changed, 10 insertions(+), 1 deletion(-)
>
> diff --git a/arch/arm64/kvm/vgic/vgic-mmio-v3.c b/arch/arm64/kvm/vgic/vgic-mmio-v3.c
> index a09cdc0b953c..055671bede85 100644
> --- a/arch/arm64/kvm/vgic/vgic-mmio-v3.c
> +++ b/arch/arm64/kvm/vgic/vgic-mmio-v3.c
> @@ -796,7 +796,9 @@ static int vgic_v3_alloc_redist_region(struct kvm *kvm, uint32_t index,
> struct vgic_dist *d = &kvm->arch.vgic;
> struct vgic_redist_region *rdreg;
> struct list_head *rd_regions = &d->rd_regions;
> - size_t size = count * KVM_VGIC_V3_REDIST_SIZE;
> + int nr_vcpus = atomic_read(&kvm->online_vcpus);
> + size_t size = count ? count * KVM_VGIC_V3_REDIST_SIZE :
> + nr_vcpus * KVM_VGIC_V3_REDIST_SIZE;
> int ret;
>
> /* cross the end of memory ? */
> @@ -834,6 +836,9 @@ static int vgic_v3_alloc_redist_region(struct kvm *kvm, uint32_t index,
> if (vgic_v3_rdist_overlap(kvm, base, size))
> return -EINVAL;
>
> + if (base + size > kvm_phys_size(kvm))
> + return -E2BIG;
> +
> rdreg = kzalloc(sizeof(*rdreg), GFP_KERNEL);
> if (!rdreg)
> return -ENOMEM;
> diff --git a/arch/arm64/kvm/vgic/vgic-v3.c b/arch/arm64/kvm/vgic/vgic-v3.c
> index 66004f61cd83..5afd9f6f68f6 100644
> --- a/arch/arm64/kvm/vgic/vgic-v3.c
> +++ b/arch/arm64/kvm/vgic/vgic-v3.c
> @@ -512,6 +512,10 @@ bool vgic_v3_check_base(struct kvm *kvm)
> if (rdreg->base + vgic_v3_rd_region_size(kvm, rdreg) <
> rdreg->base)
> return false;
> +
> + if (rdreg->base + vgic_v3_rd_region_size(kvm, rdreg) >
> + kvm_phys_size(kvm))
> + return false;
> }
>
> if (IS_VGIC_ADDR_UNDEF(d->vgic_dist_base))
How about vgic-v2? From what I can see, the placement of the
distributor and CPU interface should be subjected to the same checks
(see vgic_v2_check_base()).
Thanks,
M.
--
Without deviation from the norm, progress is not possible.
next prev parent reply other threads:[~2021-09-20 12:30 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-10 0:49 [PATCH v2 0/2] KVM: arm64: vgic-v3: Missing check for redist region above the VM IPA size Ricardo Koller
2021-09-10 0:49 ` Ricardo Koller
2021-09-10 0:49 ` [PATCH v2 1/2] KVM: arm64: vgic: check redist region is not " Ricardo Koller
2021-09-10 0:49 ` Ricardo Koller
2021-09-20 12:30 ` Marc Zyngier [this message]
2021-09-20 12:30 ` Marc Zyngier
2021-09-20 21:06 ` Ricardo Koller
2021-09-20 21:06 ` Ricardo Koller
2021-09-10 0:49 ` [PATCH v2 2/2] KVM: arm64: selftests: tests for vgic redist regions " Ricardo Koller
2021-09-10 0:49 ` Ricardo Koller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87sfxzv37z.wl-maz@kernel.org \
--to=maz@kernel.org \
--cc=kvm@vger.kernel.org \
--cc=kvmarm@lists.cs.columbia.edu \
--cc=pbonzini@redhat.com \
--cc=pshier@google.com \
--cc=ricarkol@google.com \
--cc=shuah@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.