From: Marc Zyngier <marc.zyngier@arm.com>
To: Eric Auger <eric.auger@redhat.com>
Cc: kvm@vger.kernel.org, cdall@linaro.org, andre.przywara@arm.com,
linux-kernel@vger.kernel.org, kvmarm@lists.cs.columbia.edu,
wu.wubin@huawei.com, eric.auger.pro@gmail.com
Subject: Re: [PATCH v5 03/10] KVM: arm/arm64: vgic-its: Check CBASER/BASER validity before enabling the ITS
Date: Wed, 25 Oct 2017 10:46:23 +0100 [thread overview]
Message-ID: <86y3nzef0w.fsf@arm.com> (raw)
In-Reply-To: <863767ftyy.fsf@arm.com> (Marc Zyngier's message of "Wed, 25 Oct 2017 10:38:13 +0100")
On Wed, Oct 25 2017 at 10:38:13 am BST, Marc Zyngier <marc.zyngier@arm.com> wrote:
> On Mon, Oct 23 2017 at 4:08:22 pm BST, Eric Auger <eric.auger@redhat.com> wrote:
>> The spec says it is UNPREDICTABLE to enable the ITS
>> if any of the following conditions are true:
>>
>> - GITS_CBASER.Valid == 0.
>> - GITS_BASER<n>.Valid == 0, for any GITS_BASER<n> register
>> where the Type field indicates Device.
>> - GITS_BASER<n>.Valid == 0, for any GITS_BASER<n> register
>> where the Type field indicates Interrupt Collection and
>> GITS_TYPER.HCC == 0.
>>
>> In that case, let's keep the ITS disabled.
>>
>> Signed-off-by: Eric Auger <eric.auger@redhat.com>
>> Reported-by: Andre Przywara <andre.przywara@arm.com>
>>
>> ---
>>
>> need to be CC'ed stable
>>
>> v4 -> v5:
>> - check the condition before updating its->enabled and
>> fix its->cbaser && GITS_CBASER_VALID
>>
>> v3: creation
>> ---
>> virt/kvm/arm/vgic/vgic-its.c | 11 +++++++++++
>> 1 file changed, 11 insertions(+)
>>
>> diff --git a/virt/kvm/arm/vgic/vgic-its.c b/virt/kvm/arm/vgic/vgic-its.c
>> index b0ba80f..1eb355e 100644
>> --- a/virt/kvm/arm/vgic/vgic-its.c
>> +++ b/virt/kvm/arm/vgic/vgic-its.c
>> @@ -1466,6 +1466,16 @@ static void vgic_mmio_write_its_ctlr(struct kvm *kvm, struct vgic_its *its,
>> {
>> mutex_lock(&its->cmd_lock);
>>
>> + /*
>> + * It is UNPREDICTABLE to enable the ITS if any of the CBASER or
>> + * device/collection BASER are invalid
>> + */
>> + if (!its->enabled && (val & GITS_CTLR_ENABLE) &&
>> + (!(its->baser_device_table & GITS_BASER_VALID) ||
>> + !(its->baser_coll_table & GITS_BASER_VALID) ||
>> + !(its->cbaser & GITS_CBASER_VALID)))
>> + goto out;
>> +
>> its->enabled = !!(val & GITS_CTLR_ENABLE);
>>
>> /*
>> @@ -1474,6 +1484,7 @@ static void vgic_mmio_write_its_ctlr(struct kvm *kvm, struct vgic_its *its,
>> */
>> vgic_its_process_commands(kvm, its);
>>
>> +out:
>> mutex_unlock(&its->cmd_lock);
>> }
>
> While this is definitely a good hardening of the implementation, I don't
> think it fixes anything for the guest which is already misbehaving and
> would just not get anything out of this misconfigurarion (in line with
> the UNPRED requirement).
>
> So I don't think we need to Cc stable for this.
I'm having second thoughts. If the guest has written junk in one of the
BASER registers, enabled the ITS (which won't work), and is then
save/restored, userspace is going to get an -EFAULT as part of the
restore process. Not great.
So cc-stable is probably justified here.
Thanks,
M.
--
Jazz is not dead. It just smells funny.
next prev parent reply other threads:[~2017-10-25 9:46 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-23 14:08 [PATCH v5 00/10] vITS Migration fixes and reset Eric Auger
2017-10-23 14:08 ` [PATCH v5 01/10] KVM: arm/arm64: vgic-its: Fix return value for device table restore Eric Auger
2017-10-24 16:02 ` Christoffer Dall
2017-10-23 14:08 ` [PATCH v5 02/10] KVM: arm/arm64: vgic-its: Fix vgic_its_restore_collection_table returned value Eric Auger
2017-10-24 16:15 ` Christoffer Dall
2017-10-23 14:08 ` [PATCH v5 03/10] KVM: arm/arm64: vgic-its: Check CBASER/BASER validity before enabling the ITS Eric Auger
2017-10-25 9:38 ` Marc Zyngier
2017-10-25 9:46 ` Marc Zyngier [this message]
2017-10-25 11:52 ` Christoffer Dall
2017-10-23 14:08 ` [PATCH v5 04/10] KVM: arm/arm64: vgic-its: Check GITS_BASER Valid bit before saving tables Eric Auger
2017-10-25 9:47 ` Marc Zyngier
2017-10-23 14:08 ` [PATCH v5 05/10] KVM: arm/arm64: vgic-its: Save the collection table before device tables Eric Auger
2017-10-25 9:59 ` Christoffer Dall
2017-10-23 14:08 ` [PATCH v5 06/10] KVM: arm/arm64: vgic-its: Remove kvm_its_unmap_device Eric Auger
2017-10-25 9:45 ` Christoffer Dall
2017-10-23 14:08 ` [PATCH v5 07/10] KVM: arm/arm64: vgic-its: New helper functions to free the caches Eric Auger
2017-10-25 10:31 ` Christoffer Dall
2017-10-25 10:31 ` Marc Zyngier
2017-10-23 14:08 ` [PATCH v5 08/10] KVM: arm/arm64: vgic-its: Free caches when GITS_BASER Valid bit is cleared Eric Auger
2017-10-25 10:23 ` Marc Zyngier
2017-10-23 14:08 ` [PATCH v5 09/10] KVM: arm/arm64: Document KVM_DEV_ARM_ITS_CTRL_RESET Eric Auger
2017-10-25 10:40 ` Marc Zyngier
2017-10-23 14:08 ` [PATCH v5 10/10] KVM: arm/arm64: vgic-its: Implement KVM_DEV_ARM_ITS_CTRL_RESET Eric Auger
2017-10-25 10:52 ` Marc Zyngier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=86y3nzef0w.fsf@arm.com \
--to=marc.zyngier@arm.com \
--cc=andre.przywara@arm.com \
--cc=cdall@linaro.org \
--cc=eric.auger.pro@gmail.com \
--cc=eric.auger@redhat.com \
--cc=kvm@vger.kernel.org \
--cc=kvmarm@lists.cs.columbia.edu \
--cc=linux-kernel@vger.kernel.org \
--cc=wu.wubin@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox