From: Oliver Upton <oliver.upton@linux.dev>
To: Marc Zyngier <maz@kernel.org>
Cc: kvmarm@lists.linux.dev, James Morse <james.morse@arm.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
Zenghui Yu <yuzenghui@huawei.com>, Will Deacon <will@kernel.org>,
Catalin Marinas <catalin.marinas@arm.com>,
Fuad Tabba <tabba@google.com>,
linux-arm-kernel@lists.infradead.org, surajjs@amazon.com,
Cornelia Huck <cohuck@redhat.com>,
Shameerali Kolothum Thodi <shameerali.kolothum.thodi@huawei.com>,
Jing Zhang <jingzhangos@google.com>
Subject: Re: [PATCH v12 07/11] KVM: arm64: Use arm64_ftr_bits to sanitise ID register writes
Date: Thu, 15 Jun 2023 12:45:34 +0000 [thread overview]
Message-ID: <ZIsH7rbS72Cdxmfx@linux.dev> (raw)
In-Reply-To: <878rckrjcl.wl-maz@kernel.org>
Hey Marc,
On Thu, Jun 15, 2023 at 01:38:34PM +0100, Marc Zyngier wrote:
> > @@ -1528,11 +1613,31 @@ static int get_id_reg(struct kvm_vcpu *vcpu, const struct sys_reg_desc *rd,
> > static int set_id_reg(struct kvm_vcpu *vcpu, const struct sys_reg_desc *rd,
> > u64 val)
> > {
> > - /* This is what we mean by invariant: you can't change it. */
> > - if (val != read_id_reg(vcpu, rd))
> > - return -EINVAL;
> > + u32 id = reg_to_encoding(rd);
> > + int ret;
> >
> > - return 0;
> > + mutex_lock(&vcpu->kvm->arch.config_lock);
> > +
> > + /*
> > + * Once the VM has started the ID registers are immutable. Reject any
> > + * write that does not match the final register value.
> > + */
> > + if (kvm_vm_has_ran_once(vcpu->kvm)) {
> > + if (val != read_id_reg(vcpu, rd))
> > + ret = -EBUSY;
> > + else
> > + ret = 0;
> > +
> > + mutex_unlock(&vcpu->kvm->arch.config_lock);
> > + return ret;
> > + }
> > +
> > + ret = arm64_check_features(vcpu, rd, val);
> > + if (!ret)
> > + IDREG(vcpu->kvm, id) = val;
> > +
> > + mutex_unlock(&vcpu->kvm->arch.config_lock);
> > + return ret;
>
> ... we now end-up with a *new* error code that userspace was never
> able to see so far.
>
> This may not be a big deal, but I'd rather err on the side of caution
> by keeping the current, slightly less precise error code.
I completely agree, thanks for catching this. There's already enough
deliberate (theorectical) breakage brought about by this series, want to
avoid any unintended fallout :)
I plan on taking this, and I'll apply a fix on top to dumb down the
return.
--
Thanks,
Oliver
WARNING: multiple messages have this Message-ID (diff)
From: Oliver Upton <oliver.upton@linux.dev>
To: Marc Zyngier <maz@kernel.org>
Cc: kvmarm@lists.linux.dev, James Morse <james.morse@arm.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
Zenghui Yu <yuzenghui@huawei.com>, Will Deacon <will@kernel.org>,
Catalin Marinas <catalin.marinas@arm.com>,
Fuad Tabba <tabba@google.com>,
linux-arm-kernel@lists.infradead.org, surajjs@amazon.com,
Cornelia Huck <cohuck@redhat.com>,
Shameerali Kolothum Thodi <shameerali.kolothum.thodi@huawei.com>,
Jing Zhang <jingzhangos@google.com>
Subject: Re: [PATCH v12 07/11] KVM: arm64: Use arm64_ftr_bits to sanitise ID register writes
Date: Thu, 15 Jun 2023 12:45:34 +0000 [thread overview]
Message-ID: <ZIsH7rbS72Cdxmfx@linux.dev> (raw)
In-Reply-To: <878rckrjcl.wl-maz@kernel.org>
Hey Marc,
On Thu, Jun 15, 2023 at 01:38:34PM +0100, Marc Zyngier wrote:
> > @@ -1528,11 +1613,31 @@ static int get_id_reg(struct kvm_vcpu *vcpu, const struct sys_reg_desc *rd,
> > static int set_id_reg(struct kvm_vcpu *vcpu, const struct sys_reg_desc *rd,
> > u64 val)
> > {
> > - /* This is what we mean by invariant: you can't change it. */
> > - if (val != read_id_reg(vcpu, rd))
> > - return -EINVAL;
> > + u32 id = reg_to_encoding(rd);
> > + int ret;
> >
> > - return 0;
> > + mutex_lock(&vcpu->kvm->arch.config_lock);
> > +
> > + /*
> > + * Once the VM has started the ID registers are immutable. Reject any
> > + * write that does not match the final register value.
> > + */
> > + if (kvm_vm_has_ran_once(vcpu->kvm)) {
> > + if (val != read_id_reg(vcpu, rd))
> > + ret = -EBUSY;
> > + else
> > + ret = 0;
> > +
> > + mutex_unlock(&vcpu->kvm->arch.config_lock);
> > + return ret;
> > + }
> > +
> > + ret = arm64_check_features(vcpu, rd, val);
> > + if (!ret)
> > + IDREG(vcpu->kvm, id) = val;
> > +
> > + mutex_unlock(&vcpu->kvm->arch.config_lock);
> > + return ret;
>
> ... we now end-up with a *new* error code that userspace was never
> able to see so far.
>
> This may not be a big deal, but I'd rather err on the side of caution
> by keeping the current, slightly less precise error code.
I completely agree, thanks for catching this. There's already enough
deliberate (theorectical) breakage brought about by this series, want to
avoid any unintended fallout :)
I plan on taking this, and I'll apply a fix on top to dumb down the
return.
--
Thanks,
Oliver
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2023-06-15 12:45 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-09 19:00 [PATCH v12 00/11] Support writable CPU ID registers from userspace Oliver Upton
2023-06-09 19:00 ` Oliver Upton
2023-06-09 19:00 ` [PATCH v12 01/11] KVM: arm64: Separate out feature sanitisation and initialisation Oliver Upton
2023-06-09 19:00 ` Oliver Upton
2023-06-09 19:00 ` [PATCH v12 02/11] KVM: arm64: Relax invariance of KVM_ARM_VCPU_POWER_OFF Oliver Upton
2023-06-09 19:00 ` Oliver Upton
2023-06-09 19:00 ` [PATCH v12 03/11] KVM: arm64: Make vCPU feature flags consistent VM-wide Oliver Upton
2023-06-09 19:00 ` Oliver Upton
2023-06-09 19:00 ` [PATCH v12 04/11] KVM: arm64: Rewrite IMPDEF PMU version as NI Oliver Upton
2023-06-09 19:00 ` Oliver Upton
2023-06-09 19:00 ` [PATCH v12 05/11] KVM: arm64: Reuse fields of sys_reg_desc for idreg Oliver Upton
2023-06-09 19:00 ` Oliver Upton
2023-06-09 19:00 ` [PATCH v12 06/11] KVM: arm64: Save ID registers' sanitized value per guest Oliver Upton
2023-06-09 19:00 ` Oliver Upton
2023-06-09 19:00 ` [PATCH v12 07/11] KVM: arm64: Use arm64_ftr_bits to sanitise ID register writes Oliver Upton
2023-06-09 19:00 ` Oliver Upton
2023-06-15 12:38 ` Marc Zyngier
2023-06-15 12:38 ` Marc Zyngier
2023-06-15 12:45 ` Oliver Upton [this message]
2023-06-15 12:45 ` Oliver Upton
2023-06-09 19:00 ` [PATCH v12 08/11] KVM: arm64: Use generic sanitisation for ID_(AA64)DFR0_EL1 Oliver Upton
2023-06-09 19:00 ` Oliver Upton
2023-06-09 19:00 ` [PATCH v12 09/11] KVM: arm64: Use generic sanitisation for ID_AA64PFR0_EL1 Oliver Upton
2023-06-09 19:00 ` Oliver Upton
2023-06-09 19:00 ` [PATCH v12 10/11] KVM: arm64: Handle ID register reads using the VM-wide values Oliver Upton
2023-06-09 19:00 ` Oliver Upton
2023-06-09 19:00 ` [PATCH v12 11/11] KVM: arm64: Rip out the vestiges of the 'old' ID register scheme Oliver Upton
2023-06-09 19:00 ` Oliver Upton
2023-06-09 19:08 ` [PATCH v12 00/11] Support writable CPU ID registers from userspace Oliver Upton
2023-06-09 19:08 ` Oliver Upton
2023-06-15 13:20 ` Oliver Upton
2023-06-15 13:20 ` Oliver Upton
2023-06-15 13:30 ` Marc Zyngier
2023-06-15 13:30 ` Marc Zyngier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZIsH7rbS72Cdxmfx@linux.dev \
--to=oliver.upton@linux.dev \
--cc=catalin.marinas@arm.com \
--cc=cohuck@redhat.com \
--cc=james.morse@arm.com \
--cc=jingzhangos@google.com \
--cc=kvmarm@lists.linux.dev \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=maz@kernel.org \
--cc=shameerali.kolothum.thodi@huawei.com \
--cc=surajjs@amazon.com \
--cc=suzuki.poulose@arm.com \
--cc=tabba@google.com \
--cc=will@kernel.org \
--cc=yuzenghui@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.