From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mm01.cs.columbia.edu (mm01.cs.columbia.edu [128.59.11.253]) by smtp.lore.kernel.org (Postfix) with ESMTP id 97393C433FE for ; Thu, 24 Feb 2022 12:30:59 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mm01.cs.columbia.edu (Postfix) with ESMTP id 1DFE14C078; Thu, 24 Feb 2022 07:30:59 -0500 (EST) X-Virus-Scanned: at lists.cs.columbia.edu Authentication-Results: mm01.cs.columbia.edu (amavisd-new); dkim=softfail (fail, message has been altered) header.i=@kernel.org Received: from mm01.cs.columbia.edu ([127.0.0.1]) by localhost (mm01.cs.columbia.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ngjq3s6qiMhs; Thu, 24 Feb 2022 07:30:57 -0500 (EST) Received: from mm01.cs.columbia.edu (localhost [127.0.0.1]) by mm01.cs.columbia.edu (Postfix) with ESMTP id DE8E44C081; Thu, 24 Feb 2022 07:30:57 -0500 (EST) Received: from localhost (localhost [127.0.0.1]) by mm01.cs.columbia.edu (Postfix) with ESMTP id 4B73C4C078 for ; Thu, 24 Feb 2022 07:30:56 -0500 (EST) X-Virus-Scanned: at lists.cs.columbia.edu Received: from mm01.cs.columbia.edu ([127.0.0.1]) by localhost (mm01.cs.columbia.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GvGa2AnAw9GS for ; Thu, 24 Feb 2022 07:30:55 -0500 (EST) Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by mm01.cs.columbia.edu (Postfix) with ESMTPS id 054E64C075 for ; Thu, 24 Feb 2022 07:30:54 -0500 (EST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 821A3B824F5; Thu, 24 Feb 2022 12:30:53 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2C98BC340E9; Thu, 24 Feb 2022 12:30:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1645705852; bh=WlTwlp+iGoNWQX8+jkkxXRvSX9F450dOOqw8J4p+j6U=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=g4W1JS2TbyuCxfzMTJPmdO0Fg8nUt+j6Yqgz8zqlLyJk1Ye0aC7bEcakRTJzar3e7 JsG5vs7N3r8oDCI1i2ameCOPgQ9mlJH2pAAtZMLV+fPj3ntYGrOO1r2xlnt/Z0v2oJ q3WoQ4OgmhfUCZaE65GIpkUla+9QDezZLPPr8L8HxLnkX5svr3chZNKuDgHPHBErDK icPSPxCXhZhFQqLw5GhuoaOYPEhd+RIM4oZjYOJ2f72r6Y2zYn1JR44B/wlIRQAZRf BTDqYw0o5uBdvUhYwMY0/gxA52M99QMgxFpyuGIZ91WtlvOsKz+AEmQeqUctzgH+ut +/mqCiW33+fHg== Received: from sofa.misterjones.org ([185.219.108.64] helo=why.misterjones.org) by disco-boy.misterjones.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1nNDGj-00AB4h-Ls; Thu, 24 Feb 2022 12:30:49 +0000 Date: Thu, 24 Feb 2022 12:30:49 +0000 Message-ID: <87zgmg30qu.wl-maz@kernel.org> From: Marc Zyngier To: Oliver Upton Subject: Re: [PATCH v3 03/19] KVM: arm64: Reject invalid addresses for CPU_ON PSCI call In-Reply-To: <20220223041844.3984439-4-oupton@google.com> References: <20220223041844.3984439-1-oupton@google.com> <20220223041844.3984439-4-oupton@google.com> User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM-LB/1.14.9 (=?UTF-8?B?R29qxY0=?=) APEL-LB/10.8 EasyPG/1.0.0 Emacs/27.1 (x86_64-pc-linux-gnu) MULE/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") X-SA-Exim-Connect-IP: 185.219.108.64 X-SA-Exim-Rcpt-To: oupton@google.com, kvmarm@lists.cs.columbia.edu, pbonzini@redhat.com, james.morse@arm.com, alexandru.elisei@arm.com, suzuki.poulose@arm.com, anup@brainfault.org, atishp@atishpatra.org, seanjc@google.com, vkuznets@redhat.com, wanpengli@tencent.com, jmattson@google.com, joro@8bytes.org, kvm@vger.kernel.org, kvm-riscv@lists.infradead.org, pshier@google.com, reijiw@google.com, ricarkol@google.com, rananta@google.com, jingzhangos@google.com X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false Cc: Wanpeng Li , kvm@vger.kernel.org, Joerg Roedel , Peter Shier , kvm-riscv@lists.infradead.org, Atish Patra , Paolo Bonzini , Vitaly Kuznetsov , kvmarm@lists.cs.columbia.edu, Jim Mattson X-BeenThere: kvmarm@lists.cs.columbia.edu X-Mailman-Version: 2.1.14 Precedence: list List-Id: Where KVM/ARM decisions are made List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: kvmarm-bounces@lists.cs.columbia.edu Sender: kvmarm-bounces@lists.cs.columbia.edu On Wed, 23 Feb 2022 04:18:28 +0000, Oliver Upton wrote: > > DEN0022D.b 5.6.2 "Caller responsibilities" states that a PSCI > implementation may return INVALID_ADDRESS for the CPU_ON call if the > provided entry address is known to be invalid. There is an additional > caveat to this rule. Prior to PSCI v1.0, the INVALID_PARAMETERS error > is returned instead. Check the guest's PSCI version and return the > appropriate error if the IPA is invalid. > > Reported-by: Reiji Watanabe > Signed-off-by: Oliver Upton > --- > arch/arm64/kvm/psci.c | 24 ++++++++++++++++++++++-- > 1 file changed, 22 insertions(+), 2 deletions(-) > > diff --git a/arch/arm64/kvm/psci.c b/arch/arm64/kvm/psci.c > index a0c10c11f40e..de1cf554929d 100644 > --- a/arch/arm64/kvm/psci.c > +++ b/arch/arm64/kvm/psci.c > @@ -12,6 +12,7 @@ > > #include > #include > +#include > > #include > #include > @@ -70,12 +71,31 @@ static unsigned long kvm_psci_vcpu_on(struct kvm_vcpu *source_vcpu) > struct vcpu_reset_state *reset_state; > struct kvm *kvm = source_vcpu->kvm; > struct kvm_vcpu *vcpu = NULL; > - unsigned long cpu_id; > + unsigned long cpu_id, entry_addr; > > cpu_id = smccc_get_arg1(source_vcpu); > if (!kvm_psci_valid_affinity(source_vcpu, cpu_id)) > return PSCI_RET_INVALID_PARAMS; > > + /* > + * Basic sanity check: ensure the requested entry address actually > + * exists within the guest's address space. > + */ > + entry_addr = smccc_get_arg2(source_vcpu); > + if (!kvm_ipa_valid(kvm, entry_addr)) { > + > + /* > + * Before PSCI v1.0, the INVALID_PARAMETERS error is returned > + * instead of INVALID_ADDRESS. > + * > + * For more details, see ARM DEN0022D.b 5.6 "CPU_ON". > + */ > + if (kvm_psci_version(source_vcpu) < KVM_ARM_PSCI_1_0) > + return PSCI_RET_INVALID_PARAMS; > + else > + return PSCI_RET_INVALID_ADDRESS; > + } > + If you're concerned with this, should you also check for the PC alignment, or the presence of a memslot covering the address you are branching to? Le latter is particularly hard to implement reliably. So far, my position has been that the guest is free to shoot itself in the foot if that's what it wants to do, and that babysitting it was a waste of useful bits! ;-) Or have you identified something that makes it a requirement to handle this case (and possibly others) in the hypervisor? Thanks, M. -- Without deviation from the norm, progress is not possible. _______________________________________________ kvmarm mailing list kvmarm@lists.cs.columbia.edu https://lists.cs.columbia.edu/mailman/listinfo/kvmarm