[PATCH] KVM: arm/arm64: vgic-v3: Don't pretend to support IRQ/FIQ bypass

linux-arm-kernel.lists.infradead.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] KVM: arm/arm64: vgic-v3: Don't pretend to support IRQ/FIQ bypass
@ 2017-02-22 12:13 Marc Zyngier
  2017-02-22 16:52 ` Auger Eric
  2017-02-24 14:12 ` Christoffer Dall
  0 siblings, 2 replies; 3+ messages in thread
From: Marc Zyngier @ 2017-02-22 12:13 UTC (permalink / raw)
  To: linux-arm-kernel

Our GICv3 emulation always presents ICC_SRE_EL1 with DIB/DFB set to
zero, which implies that there is a way to bypass the GIC and
inject raw IRQ/FIQ by driving the CPU pins.

Of course, we don't allow that when the GIC is configured, but
we fail to indicate that to the guest. The obvious fix is to
set these bits (and never let them being changed again).

Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
---
 include/linux/irqchip/arm-gic-v3.h | 2 ++
 virt/kvm/arm/vgic/vgic-v3.c        | 5 ++++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/include/linux/irqchip/arm-gic-v3.h b/include/linux/irqchip/arm-gic-v3.h
index e808f8ae6f14..0a8bad331341 100644
--- a/include/linux/irqchip/arm-gic-v3.h
+++ b/include/linux/irqchip/arm-gic-v3.h
@@ -354,6 +354,8 @@
  */
 #define ICC_CTLR_EL1_EOImode_drop_dir	(0U << 1)
 #define ICC_CTLR_EL1_EOImode_drop	(1U << 1)
+#define ICC_SRE_EL1_DIB			(1U << 2)
+#define ICC_SRE_EL1_DFB			(1U << 1)
 #define ICC_SRE_EL1_SRE			(1U << 0)
 
 /*
diff --git a/virt/kvm/arm/vgic/vgic-v3.c b/virt/kvm/arm/vgic/vgic-v3.c
index e6b03fd8c374..d062256131fc 100644
--- a/virt/kvm/arm/vgic/vgic-v3.c
+++ b/virt/kvm/arm/vgic/vgic-v3.c
@@ -215,10 +215,13 @@ void vgic_v3_enable(struct kvm_vcpu *vcpu)
 	/*
 	 * If we are emulating a GICv3, we do it in an non-GICv2-compatible
 	 * way, so we force SRE to 1 to demonstrate this to the guest.
+	 * Also, we don't support any form of IRQ/FIQ bypass.
 	 * This goes with the spec allowing the value to be RAO/WI.
 	 */
 	if (vcpu->kvm->arch.vgic.vgic_model == KVM_DEV_TYPE_ARM_VGIC_V3) {
-		vgic_v3->vgic_sre = ICC_SRE_EL1_SRE;
+		vgic_v3->vgic_sre = (ICC_SRE_EL1_DIB |
+				     ICC_SRE_EL1_DFB |
+				     ICC_SRE_EL1_SRE);
 		vcpu->arch.vgic_cpu.pendbaser = INITIAL_PENDBASER_VALUE;
 	} else {
 		vgic_v3->vgic_sre = 0;
-- 
2.11.0

^ permalink raw reply related	[flat|nested] 3+ messages in thread

* [PATCH] KVM: arm/arm64: vgic-v3: Don't pretend to support IRQ/FIQ bypass
  2017-02-22 12:13 [PATCH] KVM: arm/arm64: vgic-v3: Don't pretend to support IRQ/FIQ bypass Marc Zyngier
@ 2017-02-22 16:52 ` Auger Eric
  2017-02-24 14:12 ` Christoffer Dall
  1 sibling, 0 replies; 3+ messages in thread
From: Auger Eric @ 2017-02-22 16:52 UTC (permalink / raw)
  To: linux-arm-kernel

Hi Marc,

On 22/02/2017 13:13, Marc Zyngier wrote:
> Our GICv3 emulation always presents ICC_SRE_EL1 with DIB/DFB set to
> zero, which implies that there is a way to bypass the GIC and
> inject raw IRQ/FIQ by driving the CPU pins.
> 
> Of course, we don't allow that when the GIC is configured, but
> we fail to indicate that to the guest. The obvious fix is to
> set these bits (and never let them being changed again).
> 
> Reported-by: Peter Maydell <peter.maydell@linaro.org>
> Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>

Eric

> ---
>  include/linux/irqchip/arm-gic-v3.h | 2 ++
>  virt/kvm/arm/vgic/vgic-v3.c        | 5 ++++-
>  2 files changed, 6 insertions(+), 1 deletion(-)
> 
> diff --git a/include/linux/irqchip/arm-gic-v3.h b/include/linux/irqchip/arm-gic-v3.h
> index e808f8ae6f14..0a8bad331341 100644
> --- a/include/linux/irqchip/arm-gic-v3.h
> +++ b/include/linux/irqchip/arm-gic-v3.h
> @@ -354,6 +354,8 @@
>   */
>  #define ICC_CTLR_EL1_EOImode_drop_dir	(0U << 1)
>  #define ICC_CTLR_EL1_EOImode_drop	(1U << 1)
> +#define ICC_SRE_EL1_DIB			(1U << 2)
> +#define ICC_SRE_EL1_DFB			(1U << 1)
>  #define ICC_SRE_EL1_SRE			(1U << 0)
>  
>  /*
> diff --git a/virt/kvm/arm/vgic/vgic-v3.c b/virt/kvm/arm/vgic/vgic-v3.c
> index e6b03fd8c374..d062256131fc 100644
> --- a/virt/kvm/arm/vgic/vgic-v3.c
> +++ b/virt/kvm/arm/vgic/vgic-v3.c
> @@ -215,10 +215,13 @@ void vgic_v3_enable(struct kvm_vcpu *vcpu)
>  	/*
>  	 * If we are emulating a GICv3, we do it in an non-GICv2-compatible
>  	 * way, so we force SRE to 1 to demonstrate this to the guest.
> +	 * Also, we don't support any form of IRQ/FIQ bypass.
>  	 * This goes with the spec allowing the value to be RAO/WI.
>  	 */
>  	if (vcpu->kvm->arch.vgic.vgic_model == KVM_DEV_TYPE_ARM_VGIC_V3) {
> -		vgic_v3->vgic_sre = ICC_SRE_EL1_SRE;
> +		vgic_v3->vgic_sre = (ICC_SRE_EL1_DIB |
> +				     ICC_SRE_EL1_DFB |
> +				     ICC_SRE_EL1_SRE);
>  		vcpu->arch.vgic_cpu.pendbaser = INITIAL_PENDBASER_VALUE;
>  	} else {
>  		vgic_v3->vgic_sre = 0;
> 

^ permalink raw reply	[flat|nested] 3+ messages in thread

* [PATCH] KVM: arm/arm64: vgic-v3: Don't pretend to support IRQ/FIQ bypass
  2017-02-22 12:13 [PATCH] KVM: arm/arm64: vgic-v3: Don't pretend to support IRQ/FIQ bypass Marc Zyngier
  2017-02-22 16:52 ` Auger Eric
@ 2017-02-24 14:12 ` Christoffer Dall
  1 sibling, 0 replies; 3+ messages in thread
From: Christoffer Dall @ 2017-02-24 14:12 UTC (permalink / raw)
  To: linux-arm-kernel

On Wed, Feb 22, 2017 at 12:13:48PM +0000, Marc Zyngier wrote:
> Our GICv3 emulation always presents ICC_SRE_EL1 with DIB/DFB set to
> zero, which implies that there is a way to bypass the GIC and
> inject raw IRQ/FIQ by driving the CPU pins.
> 
> Of course, we don't allow that when the GIC is configured, but
> we fail to indicate that to the guest. The obvious fix is to
> set these bits (and never let them being changed again).
> 
> Reported-by: Peter Maydell <peter.maydell@linaro.org>
> Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>

Acked-by: Christoffer Dall <cdall@linaro.org>

> ---
>  include/linux/irqchip/arm-gic-v3.h | 2 ++
>  virt/kvm/arm/vgic/vgic-v3.c        | 5 ++++-
>  2 files changed, 6 insertions(+), 1 deletion(-)
> 
> diff --git a/include/linux/irqchip/arm-gic-v3.h b/include/linux/irqchip/arm-gic-v3.h
> index e808f8ae6f14..0a8bad331341 100644
> --- a/include/linux/irqchip/arm-gic-v3.h
> +++ b/include/linux/irqchip/arm-gic-v3.h
> @@ -354,6 +354,8 @@
>   */
>  #define ICC_CTLR_EL1_EOImode_drop_dir	(0U << 1)
>  #define ICC_CTLR_EL1_EOImode_drop	(1U << 1)
> +#define ICC_SRE_EL1_DIB			(1U << 2)
> +#define ICC_SRE_EL1_DFB			(1U << 1)
>  #define ICC_SRE_EL1_SRE			(1U << 0)
>  
>  /*
> diff --git a/virt/kvm/arm/vgic/vgic-v3.c b/virt/kvm/arm/vgic/vgic-v3.c
> index e6b03fd8c374..d062256131fc 100644
> --- a/virt/kvm/arm/vgic/vgic-v3.c
> +++ b/virt/kvm/arm/vgic/vgic-v3.c
> @@ -215,10 +215,13 @@ void vgic_v3_enable(struct kvm_vcpu *vcpu)
>  	/*
>  	 * If we are emulating a GICv3, we do it in an non-GICv2-compatible
>  	 * way, so we force SRE to 1 to demonstrate this to the guest.
> +	 * Also, we don't support any form of IRQ/FIQ bypass.
>  	 * This goes with the spec allowing the value to be RAO/WI.
>  	 */
>  	if (vcpu->kvm->arch.vgic.vgic_model == KVM_DEV_TYPE_ARM_VGIC_V3) {
> -		vgic_v3->vgic_sre = ICC_SRE_EL1_SRE;
> +		vgic_v3->vgic_sre = (ICC_SRE_EL1_DIB |
> +				     ICC_SRE_EL1_DFB |
> +				     ICC_SRE_EL1_SRE);
>  		vcpu->arch.vgic_cpu.pendbaser = INITIAL_PENDBASER_VALUE;
>  	} else {
>  		vgic_v3->vgic_sre = 0;
> -- 
> 2.11.0
> 

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2017-02-24 14:12 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-02-22 12:13 [PATCH] KVM: arm/arm64: vgic-v3: Don't pretend to support IRQ/FIQ bypass Marc Zyngier
2017-02-22 16:52 ` Auger Eric
2017-02-24 14:12 ` Christoffer Dall

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).