From mboxrd@z Thu Jan  1 00:00:00 1970
From: Pavel Fedin <p.fedin@samsung.com>
Subject: [PATCH v2 0/4] KVM: arm64: BUG FIX: Correctly handle zero register
 transfers
Date: Fri, 04 Dec 2015 13:25:56 +0300
Message-ID: <cover.1449224338.git.p.fedin@samsung.com>
Cc: Marc Zyngier <marc.zyngier@arm.com>
To: kvmarm@lists.cs.columbia.edu, kvm@vger.kernel.org
Return-path: <kvm-owner@vger.kernel.org>
Received: from mailout3.w1.samsung.com ([210.118.77.13]:56553 "EHLO
	mailout3.w1.samsung.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751343AbbLDK0P (ORCPT <rfc822;kvm@vger.kernel.org>);
	Fri, 4 Dec 2015 05:26:15 -0500
Received: from eucpsbgm2.samsung.com (unknown [203.254.199.245])
 by mailout3.w1.samsung.com
 (Oracle Communications Messaging Server 7.0.5.31.0 64bit (built May  5 2014))
 with ESMTP id <0NYT00CUAWZO4L80@mailout3.w1.samsung.com> for
 kvm@vger.kernel.org; Fri, 04 Dec 2015 10:26:12 +0000 (GMT)
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

ARM64 CPU has zero register which is read-only, with a value of 0.
However, KVM currently incorrectly recognizes it being SP (because
Rt == 31, and in struct user_pt_regs 'regs' array is followed by SP),
resulting in invalid value being read, or even SP corruption on write.

The problem has been discovered by performing an operation

 *((volatile int *)reg) = 0;

which compiles as "str xzr, [xx]", and resulted in strange values being
written.

v1 => v2:
- Changed type of transfer value to u64 and store it directly in
  struct sys_reg_params instead of a pointer
- Use lower_32_bits()/upper_32_bits() where appropriate
- Fixed wrong usage of 'Rt' instead of 'Rt2' in kvm_handle_cp_64(),
  overlooked in v1
- Do not write value back when reading

Pavel Fedin (4):
  KVM: arm64: Correctly handle zero register during MMIO
  KVM: arm64: Remove const from struct sys_reg_params
  KVM: arm64: Correctly handle zero register in system register accesses
  KVM: arm64: Get rid of old vcpu_reg()

 arch/arm/include/asm/kvm_emulate.h   |  12 ++++
 arch/arm/kvm/mmio.c                  |   5 +-
 arch/arm/kvm/psci.c                  |  20 +++---
 arch/arm64/include/asm/kvm_emulate.h |  18 +++--
 arch/arm64/kvm/handle_exit.c         |   2 +-
 arch/arm64/kvm/sys_regs.c            | 126 +++++++++++++++++------------------
 arch/arm64/kvm/sys_regs.h            |  16 ++---
 arch/arm64/kvm/sys_regs_generic_v8.c |   4 +-
 8 files changed, 111 insertions(+), 92 deletions(-)

-- 
2.4.4