From: Ricardo Koller <ricarkol@google.com>
To: Oliver Upton <oupton@google.com>
Cc: kvm@vger.kernel.org, maz@kernel.org, shuah@kernel.org,
pshier@google.com, Paolo Bonzini <pbonzini@redhat.com>,
kvmarm@lists.cs.columbia.edu
Subject: Re: [PATCH 1/2] KVM: arm64: vgic: check redist region is not above the VM IPA size
Date: Wed, 8 Sep 2021 14:50:16 -0700 [thread overview]
Message-ID: <YTkwGHdBcy7v/mSA@google.com> (raw)
In-Reply-To: <YTkr1c7S0wPRv6hH@google.com>
On Wed, Sep 08, 2021 at 09:32:05PM +0000, Oliver Upton wrote:
> Hi Ricardo,
>
> On Wed, Sep 08, 2021 at 02:03:19PM -0700, Ricardo Koller wrote:
> > Extend vgic_v3_check_base() to verify that the redistributor regions
> > don't go above the VM-specified IPA size (phys_size). This can happen
> > when using the legacy KVM_VGIC_V3_ADDR_TYPE_REDIST attribute with:
> >
> > base + size > phys_size AND base < phys_size
> >
> > vgic_v3_check_base() is used to check the redist regions bases when
> > setting them (with the vcpus added so far) and when attempting the first
> > vcpu-run.
> >
> > Signed-off-by: Ricardo Koller <ricarkol@google.com>
> > ---
> > arch/arm64/kvm/vgic/vgic-v3.c | 4 ++++
> > 1 file changed, 4 insertions(+)
> >
> > diff --git a/arch/arm64/kvm/vgic/vgic-v3.c b/arch/arm64/kvm/vgic/vgic-v3.c
> > index 66004f61cd83..5afd9f6f68f6 100644
> > --- a/arch/arm64/kvm/vgic/vgic-v3.c
> > +++ b/arch/arm64/kvm/vgic/vgic-v3.c
> > @@ -512,6 +512,10 @@ bool vgic_v3_check_base(struct kvm *kvm)
> > if (rdreg->base + vgic_v3_rd_region_size(kvm, rdreg) <
> > rdreg->base)
> > return false;
>
> Can we drop this check in favor of explicitly comparing rdreg->base with
> kvm_phys_size()? I believe that would be more readable.
>
You mean the integer overflow check above? in that case, I would prefer
to leave it, if you don't mind. It seems that this type of check is used
in some other places in KVM (like kvm_assign_ioeventfd and
vgic_v3_alloc_redist_region).
> > +
> > + if (rdreg->base + vgic_v3_rd_region_size(kvm, rdreg) >
> > + kvm_phys_size(kvm))
> > + return false;
> > }
> >
> > if (IS_VGIC_ADDR_UNDEF(d->vgic_dist_base))
> > --
> > 2.33.0.153.gba50c8fa24-goog
> >
>
> --
> Thanks,
> Oliver
_______________________________________________
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
WARNING: multiple messages have this Message-ID (diff)
From: Ricardo Koller <ricarkol@google.com>
To: Oliver Upton <oupton@google.com>
Cc: kvm@vger.kernel.org, maz@kernel.org,
kvmarm@lists.cs.columbia.edu, drjones@redhat.com,
eric.auger@redhat.com, alexandru.elisei@arm.com,
Paolo Bonzini <pbonzini@redhat.com>,
james.morse@arm.com, suzuki.poulose@arm.com, shuah@kernel.org,
jingzhangos@google.com, pshier@google.com, rananta@google.com,
reijiw@google.com
Subject: Re: [PATCH 1/2] KVM: arm64: vgic: check redist region is not above the VM IPA size
Date: Wed, 8 Sep 2021 14:50:16 -0700 [thread overview]
Message-ID: <YTkwGHdBcy7v/mSA@google.com> (raw)
In-Reply-To: <YTkr1c7S0wPRv6hH@google.com>
On Wed, Sep 08, 2021 at 09:32:05PM +0000, Oliver Upton wrote:
> Hi Ricardo,
>
> On Wed, Sep 08, 2021 at 02:03:19PM -0700, Ricardo Koller wrote:
> > Extend vgic_v3_check_base() to verify that the redistributor regions
> > don't go above the VM-specified IPA size (phys_size). This can happen
> > when using the legacy KVM_VGIC_V3_ADDR_TYPE_REDIST attribute with:
> >
> > base + size > phys_size AND base < phys_size
> >
> > vgic_v3_check_base() is used to check the redist regions bases when
> > setting them (with the vcpus added so far) and when attempting the first
> > vcpu-run.
> >
> > Signed-off-by: Ricardo Koller <ricarkol@google.com>
> > ---
> > arch/arm64/kvm/vgic/vgic-v3.c | 4 ++++
> > 1 file changed, 4 insertions(+)
> >
> > diff --git a/arch/arm64/kvm/vgic/vgic-v3.c b/arch/arm64/kvm/vgic/vgic-v3.c
> > index 66004f61cd83..5afd9f6f68f6 100644
> > --- a/arch/arm64/kvm/vgic/vgic-v3.c
> > +++ b/arch/arm64/kvm/vgic/vgic-v3.c
> > @@ -512,6 +512,10 @@ bool vgic_v3_check_base(struct kvm *kvm)
> > if (rdreg->base + vgic_v3_rd_region_size(kvm, rdreg) <
> > rdreg->base)
> > return false;
>
> Can we drop this check in favor of explicitly comparing rdreg->base with
> kvm_phys_size()? I believe that would be more readable.
>
You mean the integer overflow check above? in that case, I would prefer
to leave it, if you don't mind. It seems that this type of check is used
in some other places in KVM (like kvm_assign_ioeventfd and
vgic_v3_alloc_redist_region).
> > +
> > + if (rdreg->base + vgic_v3_rd_region_size(kvm, rdreg) >
> > + kvm_phys_size(kvm))
> > + return false;
> > }
> >
> > if (IS_VGIC_ADDR_UNDEF(d->vgic_dist_base))
> > --
> > 2.33.0.153.gba50c8fa24-goog
> >
>
> --
> Thanks,
> Oliver
next prev parent reply other threads:[~2021-09-08 21:50 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-08 21:03 [PATCH 0/2] KVM: arm64: vgic-v3: Missing check for redist region above the VM IPA size Ricardo Koller
2021-09-08 21:03 ` Ricardo Koller
2021-09-08 21:03 ` [PATCH 1/2] KVM: arm64: vgic: check redist region is not " Ricardo Koller
2021-09-08 21:03 ` Ricardo Koller
2021-09-08 21:32 ` Oliver Upton
2021-09-08 21:32 ` Oliver Upton
2021-09-08 21:50 ` Ricardo Koller [this message]
2021-09-08 21:50 ` Ricardo Koller
2021-09-08 22:00 ` Oliver Upton
2021-09-08 22:00 ` Oliver Upton
2021-09-09 10:20 ` Alexandru Elisei
2021-09-09 10:20 ` Alexandru Elisei
2021-09-09 14:43 ` Eric Auger
2021-09-09 14:43 ` Eric Auger
2021-09-09 16:47 ` Ricardo Koller
2021-09-09 16:47 ` Ricardo Koller
2021-09-10 8:28 ` Alexandru Elisei
2021-09-10 8:28 ` Alexandru Elisei
2021-09-10 8:42 ` Eric Auger
2021-09-10 8:42 ` Eric Auger
2021-09-10 19:32 ` Ricardo Koller
2021-09-10 19:32 ` Ricardo Koller
2021-09-13 8:51 ` Eric Auger
2021-09-13 8:51 ` Eric Auger
2021-09-13 10:15 ` Alexandru Elisei
2021-09-14 3:20 ` Ricardo Koller
2021-09-14 3:20 ` Ricardo Koller
2021-09-14 11:00 ` Alexandru Elisei
2021-09-20 21:01 ` Ricardo Koller
2021-09-20 21:01 ` Ricardo Koller
2021-09-08 21:03 ` [PATCH 2/2] KVM: arm64: selftests: test for vgic redist " Ricardo Koller
2021-09-08 21:03 ` Ricardo Koller
2021-09-09 13:54 ` Eric Auger
2021-09-09 13:54 ` Eric Auger
2021-09-09 18:22 ` Ricardo Koller
2021-09-09 18:22 ` Ricardo Koller
2021-09-10 7:12 ` Eric Auger
2021-09-10 7:12 ` Eric Auger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YTkwGHdBcy7v/mSA@google.com \
--to=ricarkol@google.com \
--cc=kvm@vger.kernel.org \
--cc=kvmarm@lists.cs.columbia.edu \
--cc=maz@kernel.org \
--cc=oupton@google.com \
--cc=pbonzini@redhat.com \
--cc=pshier@google.com \
--cc=shuah@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.