From: Marc Zyngier <maz@kernel.org>
To: James Morse <james.morse@arm.com>
Cc: linux-arm-kernel@lists.infradead.org, kvm@vger.kernel.org,
kernel-team@android.com, Will Deacon <will@kernel.org>,
kvmarm@lists.cs.columbia.edu
Subject: Re: [PATCH 04/11] KVM: arm64: Move PC rollback on SError to HYP
Date: Tue, 27 Oct 2020 14:59:14 +0000 [thread overview]
Message-ID: <cd5527f7308f1db09268efd7c83e51c5@kernel.org> (raw)
In-Reply-To: <e2487f06-3f2f-1a0b-49d8-a72ea9288bb2@arm.com>
On 2020-10-27 14:56, James Morse wrote:
> Hi Marc,
>
> On 26/10/2020 13:34, Marc Zyngier wrote:
>> Instead of handling the "PC rollback on SError during HVC" at EL1
>> (which
>> requires disclosing PC to a potentially untrusted kernel), let's move
>> this fixup to ... fixup_guest_exit(), which is where we do all fixups.
>
>> diff --git a/arch/arm64/kvm/hyp/include/hyp/switch.h
>> b/arch/arm64/kvm/hyp/include/hyp/switch.h
>> index d687e574cde5..668f02c7b0b3 100644
>> --- a/arch/arm64/kvm/hyp/include/hyp/switch.h
>> +++ b/arch/arm64/kvm/hyp/include/hyp/switch.h
>> @@ -411,6 +411,21 @@ static inline bool fixup_guest_exit(struct
>> kvm_vcpu *vcpu, u64 *exit_code)
>> if (ARM_EXCEPTION_CODE(*exit_code) != ARM_EXCEPTION_IRQ)
>> vcpu->arch.fault.esr_el2 = read_sysreg_el2(SYS_ESR);
>>
>> + if (ARM_SERROR_PENDING(*exit_code)) {
>> + u8 esr_ec = kvm_vcpu_trap_get_class(vcpu);
>> +
>> + /*
>> + * HVC already have an adjusted PC, which we need to
>> + * correct in order to return to after having injected
>> + * the SError.
>> + *
>> + * SMC, on the other hand, is *trapped*, meaning its
>> + * preferred return address is the SMC itself.
>> + */
>> + if (esr_ec == ESR_ELx_EC_HVC32 || esr_ec == ESR_ELx_EC_HVC64)
>> + *vcpu_pc(vcpu) -= 4;
>
> Isn't *vcpu_pc(vcpu) the PC of the previous entry for this vcpu?....
> its not the PC of the
> exit until __sysreg_save_el2_return_state() saves it, which happens
> just after
> fixup_guest_exit().
Hmmm. Good point. The move was obviously done in haste, thank you for
pointing
this blatant bug.
> Mess with ELR_EL2 directly?
Yes, that's the best course of action. We never run this code anyway.
Thanks,
M.
--
Jazz is not dead. It just smells funny...
_______________________________________________
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
WARNING: multiple messages have this Message-ID (diff)
From: Marc Zyngier <maz@kernel.org>
To: James Morse <james.morse@arm.com>
Cc: linux-arm-kernel@lists.infradead.org, kvm@vger.kernel.org,
Suzuki K Poulose <suzuki.poulose@arm.com>,
kernel-team@android.com, Quentin Perret <qperret@google.com>,
Andrew Scull <ascull@google.com>,
David Brazdil <dbrazdil@google.com>,
Will Deacon <will@kernel.org>,
kvmarm@lists.cs.columbia.edu,
Julien Thierry <julien.thierry.kdev@gmail.com>
Subject: Re: [PATCH 04/11] KVM: arm64: Move PC rollback on SError to HYP
Date: Tue, 27 Oct 2020 14:59:14 +0000 [thread overview]
Message-ID: <cd5527f7308f1db09268efd7c83e51c5@kernel.org> (raw)
In-Reply-To: <e2487f06-3f2f-1a0b-49d8-a72ea9288bb2@arm.com>
On 2020-10-27 14:56, James Morse wrote:
> Hi Marc,
>
> On 26/10/2020 13:34, Marc Zyngier wrote:
>> Instead of handling the "PC rollback on SError during HVC" at EL1
>> (which
>> requires disclosing PC to a potentially untrusted kernel), let's move
>> this fixup to ... fixup_guest_exit(), which is where we do all fixups.
>
>> diff --git a/arch/arm64/kvm/hyp/include/hyp/switch.h
>> b/arch/arm64/kvm/hyp/include/hyp/switch.h
>> index d687e574cde5..668f02c7b0b3 100644
>> --- a/arch/arm64/kvm/hyp/include/hyp/switch.h
>> +++ b/arch/arm64/kvm/hyp/include/hyp/switch.h
>> @@ -411,6 +411,21 @@ static inline bool fixup_guest_exit(struct
>> kvm_vcpu *vcpu, u64 *exit_code)
>> if (ARM_EXCEPTION_CODE(*exit_code) != ARM_EXCEPTION_IRQ)
>> vcpu->arch.fault.esr_el2 = read_sysreg_el2(SYS_ESR);
>>
>> + if (ARM_SERROR_PENDING(*exit_code)) {
>> + u8 esr_ec = kvm_vcpu_trap_get_class(vcpu);
>> +
>> + /*
>> + * HVC already have an adjusted PC, which we need to
>> + * correct in order to return to after having injected
>> + * the SError.
>> + *
>> + * SMC, on the other hand, is *trapped*, meaning its
>> + * preferred return address is the SMC itself.
>> + */
>> + if (esr_ec == ESR_ELx_EC_HVC32 || esr_ec == ESR_ELx_EC_HVC64)
>> + *vcpu_pc(vcpu) -= 4;
>
> Isn't *vcpu_pc(vcpu) the PC of the previous entry for this vcpu?....
> its not the PC of the
> exit until __sysreg_save_el2_return_state() saves it, which happens
> just after
> fixup_guest_exit().
Hmmm. Good point. The move was obviously done in haste, thank you for
pointing
this blatant bug.
> Mess with ELR_EL2 directly?
Yes, that's the best course of action. We never run this code anyway.
Thanks,
M.
--
Jazz is not dead. It just smells funny...
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
WARNING: multiple messages have this Message-ID (diff)
From: Marc Zyngier <maz@kernel.org>
To: James Morse <james.morse@arm.com>
Cc: linux-arm-kernel@lists.infradead.org,
kvmarm@lists.cs.columbia.edu, kvm@vger.kernel.org,
Julien Thierry <julien.thierry.kdev@gmail.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
Andrew Scull <ascull@google.com>, Will Deacon <will@kernel.org>,
Quentin Perret <qperret@google.com>,
David Brazdil <dbrazdil@google.com>,
kernel-team@android.com
Subject: Re: [PATCH 04/11] KVM: arm64: Move PC rollback on SError to HYP
Date: Tue, 27 Oct 2020 14:59:14 +0000 [thread overview]
Message-ID: <cd5527f7308f1db09268efd7c83e51c5@kernel.org> (raw)
In-Reply-To: <e2487f06-3f2f-1a0b-49d8-a72ea9288bb2@arm.com>
On 2020-10-27 14:56, James Morse wrote:
> Hi Marc,
>
> On 26/10/2020 13:34, Marc Zyngier wrote:
>> Instead of handling the "PC rollback on SError during HVC" at EL1
>> (which
>> requires disclosing PC to a potentially untrusted kernel), let's move
>> this fixup to ... fixup_guest_exit(), which is where we do all fixups.
>
>> diff --git a/arch/arm64/kvm/hyp/include/hyp/switch.h
>> b/arch/arm64/kvm/hyp/include/hyp/switch.h
>> index d687e574cde5..668f02c7b0b3 100644
>> --- a/arch/arm64/kvm/hyp/include/hyp/switch.h
>> +++ b/arch/arm64/kvm/hyp/include/hyp/switch.h
>> @@ -411,6 +411,21 @@ static inline bool fixup_guest_exit(struct
>> kvm_vcpu *vcpu, u64 *exit_code)
>> if (ARM_EXCEPTION_CODE(*exit_code) != ARM_EXCEPTION_IRQ)
>> vcpu->arch.fault.esr_el2 = read_sysreg_el2(SYS_ESR);
>>
>> + if (ARM_SERROR_PENDING(*exit_code)) {
>> + u8 esr_ec = kvm_vcpu_trap_get_class(vcpu);
>> +
>> + /*
>> + * HVC already have an adjusted PC, which we need to
>> + * correct in order to return to after having injected
>> + * the SError.
>> + *
>> + * SMC, on the other hand, is *trapped*, meaning its
>> + * preferred return address is the SMC itself.
>> + */
>> + if (esr_ec == ESR_ELx_EC_HVC32 || esr_ec == ESR_ELx_EC_HVC64)
>> + *vcpu_pc(vcpu) -= 4;
>
> Isn't *vcpu_pc(vcpu) the PC of the previous entry for this vcpu?....
> its not the PC of the
> exit until __sysreg_save_el2_return_state() saves it, which happens
> just after
> fixup_guest_exit().
Hmmm. Good point. The move was obviously done in haste, thank you for
pointing
this blatant bug.
> Mess with ELR_EL2 directly?
Yes, that's the best course of action. We never run this code anyway.
Thanks,
M.
--
Jazz is not dead. It just smells funny...
next prev parent reply other threads:[~2020-10-27 14:59 UTC|newest]
Thread overview: 102+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-26 13:34 [PATCH 00/11] KVM: arm64: Move PC/ELR/SPSR/PSTATE updatess to EL2 Marc Zyngier
2020-10-26 13:34 ` Marc Zyngier
2020-10-26 13:34 ` Marc Zyngier
2020-10-26 13:34 ` [PATCH 01/11] KVM: arm64: Don't adjust PC on SError during SMC trap Marc Zyngier
2020-10-26 13:34 ` Marc Zyngier
2020-10-26 13:34 ` Marc Zyngier
2020-10-26 13:53 ` Mark Rutland
2020-10-26 13:53 ` Mark Rutland
2020-10-26 13:53 ` Mark Rutland
2020-10-26 14:08 ` Marc Zyngier
2020-10-26 14:08 ` Marc Zyngier
2020-10-26 14:08 ` Marc Zyngier
2020-10-26 14:22 ` Mark Rutland
2020-10-26 14:22 ` Mark Rutland
2020-10-26 14:22 ` Mark Rutland
2020-10-26 13:34 ` [PATCH 02/11] KVM: arm64: Move kvm_vcpu_trap_il_is32bit into kvm_skip_instr32() Marc Zyngier
2020-10-26 13:34 ` Marc Zyngier
2020-10-26 13:34 ` Marc Zyngier
2020-10-26 13:55 ` Mark Rutland
2020-10-26 13:55 ` Mark Rutland
2020-10-26 13:55 ` Mark Rutland
2020-10-26 13:34 ` [PATCH 03/11] KVM: arm64: Make kvm_skip_instr() and co private to HYP Marc Zyngier
2020-10-26 13:34 ` Marc Zyngier
2020-10-26 13:34 ` Marc Zyngier
2020-10-26 14:04 ` Mark Rutland
2020-10-26 14:04 ` Mark Rutland
2020-10-26 14:04 ` Mark Rutland
2020-10-27 16:17 ` Marc Zyngier
2020-10-27 16:17 ` Marc Zyngier
2020-10-27 16:17 ` Marc Zyngier
2020-10-27 10:55 ` Suzuki K Poulose
2020-10-27 10:55 ` Suzuki K Poulose
2020-10-27 10:55 ` Suzuki K Poulose
2020-10-27 11:08 ` Marc Zyngier
2020-10-27 11:08 ` Marc Zyngier
2020-10-27 11:08 ` Marc Zyngier
2020-10-26 13:34 ` [PATCH 04/11] KVM: arm64: Move PC rollback on SError " Marc Zyngier
2020-10-26 13:34 ` Marc Zyngier
2020-10-26 13:34 ` Marc Zyngier
2020-10-26 14:06 ` Mark Rutland
2020-10-26 14:06 ` Mark Rutland
2020-10-26 14:06 ` Mark Rutland
2020-10-27 14:56 ` James Morse
2020-10-27 14:56 ` James Morse
2020-10-27 14:56 ` James Morse
2020-10-27 14:59 ` Marc Zyngier [this message]
2020-10-27 14:59 ` Marc Zyngier
2020-10-27 14:59 ` Marc Zyngier
2020-10-26 13:34 ` [PATCH 05/11] KVM: arm64: Move VHE direct sysreg accessors into kvm_host.h Marc Zyngier
2020-10-26 13:34 ` Marc Zyngier
2020-10-26 13:34 ` Marc Zyngier
2020-10-26 14:07 ` Mark Rutland
2020-10-26 14:07 ` Mark Rutland
2020-10-26 14:07 ` Mark Rutland
2020-10-26 13:34 ` [PATCH 06/11] KVM: arm64: Add basic hooks for injecting exceptions from EL2 Marc Zyngier
2020-10-26 13:34 ` Marc Zyngier
2020-10-26 13:34 ` Marc Zyngier
2020-10-26 13:34 ` [PATCH 07/11] KVM: arm64: Inject AArch64 exceptions from HYP Marc Zyngier
2020-10-26 13:34 ` Marc Zyngier
2020-10-26 13:34 ` Marc Zyngier
2020-10-26 14:22 ` Mark Rutland
2020-10-26 14:22 ` Mark Rutland
2020-10-26 14:22 ` Mark Rutland
2020-10-27 16:21 ` Marc Zyngier
2020-10-27 16:21 ` Marc Zyngier
2020-10-27 16:21 ` Marc Zyngier
2020-10-27 17:41 ` James Morse
2020-10-27 17:41 ` James Morse
2020-10-27 17:41 ` James Morse
2020-10-27 18:49 ` Marc Zyngier
2020-10-27 18:49 ` Marc Zyngier
2020-10-27 18:49 ` Marc Zyngier
2020-10-26 13:34 ` [PATCH 08/11] KVM: arm64: Inject AArch32 " Marc Zyngier
2020-10-26 13:34 ` Marc Zyngier
2020-10-26 13:34 ` Marc Zyngier
2020-10-26 14:26 ` Mark Rutland
2020-10-26 14:26 ` Mark Rutland
2020-10-26 14:26 ` Mark Rutland
2020-10-27 17:41 ` James Morse
2020-10-27 17:41 ` James Morse
2020-10-27 17:41 ` James Morse
2020-10-27 19:21 ` Marc Zyngier
2020-10-27 19:21 ` Marc Zyngier
2020-10-27 19:21 ` Marc Zyngier
2020-10-28 19:20 ` James Morse
2020-10-28 19:20 ` James Morse
2020-10-28 19:20 ` James Morse
2020-10-28 20:24 ` Marc Zyngier
2020-10-28 20:24 ` Marc Zyngier
2020-10-28 20:24 ` Marc Zyngier
2020-10-26 13:34 ` [PATCH 09/11] KVM: arm64: Remove SPSR manipulation primitives Marc Zyngier
2020-10-26 13:34 ` Marc Zyngier
2020-10-26 13:34 ` Marc Zyngier
2020-10-26 14:30 ` Mark Rutland
2020-10-26 14:30 ` Mark Rutland
2020-10-26 14:30 ` Mark Rutland
2020-10-26 13:34 ` [PATCH 10/11] KVM: arm64: Consolidate exception injection Marc Zyngier
2020-10-26 13:34 ` Marc Zyngier
2020-10-26 13:34 ` Marc Zyngier
2020-10-26 13:34 ` [PATCH 11/11] KVM: arm64: Get rid of the AArch32 register mapping code Marc Zyngier
2020-10-26 13:34 ` Marc Zyngier
2020-10-26 13:34 ` Marc Zyngier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cd5527f7308f1db09268efd7c83e51c5@kernel.org \
--to=maz@kernel.org \
--cc=james.morse@arm.com \
--cc=kernel-team@android.com \
--cc=kvm@vger.kernel.org \
--cc=kvmarm@lists.cs.columbia.edu \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.