[PATCH 21/27] arm/arm64: KVM: vgic: handle out-of-range MMIO accesses

linux-arm-kernel.lists.infradead.org archive mirror
 help / color / mirror / Atom feed

From: christoffer.dall@linaro.org (Christoffer Dall)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH 21/27] arm/arm64: KVM: vgic: handle out-of-range MMIO accesses
Date: Fri, 26 Sep 2014 15:16:54 +0200	[thread overview]
Message-ID: <1411737420-9063-22-git-send-email-christoffer.dall@linaro.org> (raw)
In-Reply-To: <1411737420-9063-1-git-send-email-christoffer.dall@linaro.org>

From: Marc Zyngier <marc.zyngier@arm.com>

Now that we can (almost) dynamically size the number of interrupts,
we're facing an interesting issue:

We have to evaluate at runtime whether or not an access hits a valid
register, based on the sizing of this particular instance of the
distributor. Furthermore, the GIC spec says that accessing a reserved
register is RAZ/WI.

For this, add a new field to our range structure, indicating the number
of bits a single interrupts uses. That allows us to find out whether or
not the access is in range.

Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
---
 include/kvm/arm_vgic.h |  3 ++-
 virt/kvm/arm/vgic.c    | 56 ++++++++++++++++++++++++++++++++++++++++----------
 2 files changed, 47 insertions(+), 12 deletions(-)

diff --git a/include/kvm/arm_vgic.h b/include/kvm/arm_vgic.h
index 3b73d78..2767f93 100644
--- a/include/kvm/arm_vgic.h
+++ b/include/kvm/arm_vgic.h
@@ -32,6 +32,7 @@
 
 #define VGIC_V2_MAX_LRS		(1 << 6)
 #define VGIC_V3_MAX_LRS		16
+#define VGIC_MAX_IRQS		1024
 
 /* Sanity checks... */
 #if (KVM_MAX_VCPUS > 8)
@@ -42,7 +43,7 @@
 #error "VGIC_NR_IRQS must be a multiple of 32"
 #endif
 
-#if (VGIC_NR_IRQS > 1024)
+#if (VGIC_NR_IRQS > VGIC_MAX_IRQS)
 #error "VGIC_NR_IRQS must be <= 1024"
 #endif
 
diff --git a/virt/kvm/arm/vgic.c b/virt/kvm/arm/vgic.c
index 599ad17..973eaf7 100644
--- a/virt/kvm/arm/vgic.c
+++ b/virt/kvm/arm/vgic.c
@@ -895,6 +895,7 @@ static bool handle_mmio_sgi_clear(struct kvm_vcpu *vcpu,
 struct mmio_range {
 	phys_addr_t base;
 	unsigned long len;
+	int bits_per_irq;
 	bool (*handle_mmio)(struct kvm_vcpu *vcpu, struct kvm_exit_mmio *mmio,
 			    phys_addr_t offset);
 };
@@ -903,56 +904,67 @@ static const struct mmio_range vgic_dist_ranges[] = {
 	{
 		.base		= GIC_DIST_CTRL,
 		.len		= 12,
+		.bits_per_irq	= 0,
 		.handle_mmio	= handle_mmio_misc,
 	},
 	{
 		.base		= GIC_DIST_IGROUP,
-		.len		= VGIC_NR_IRQS / 8,
+		.len		= VGIC_MAX_IRQS / 8,
+		.bits_per_irq	= 1,
 		.handle_mmio	= handle_mmio_raz_wi,
 	},
 	{
 		.base		= GIC_DIST_ENABLE_SET,
-		.len		= VGIC_NR_IRQS / 8,
+		.len		= VGIC_MAX_IRQS / 8,
+		.bits_per_irq	= 1,
 		.handle_mmio	= handle_mmio_set_enable_reg,
 	},
 	{
 		.base		= GIC_DIST_ENABLE_CLEAR,
-		.len		= VGIC_NR_IRQS / 8,
+		.len		= VGIC_MAX_IRQS / 8,
+		.bits_per_irq	= 1,
 		.handle_mmio	= handle_mmio_clear_enable_reg,
 	},
 	{
 		.base		= GIC_DIST_PENDING_SET,
-		.len		= VGIC_NR_IRQS / 8,
+		.len		= VGIC_MAX_IRQS / 8,
+		.bits_per_irq	= 1,
 		.handle_mmio	= handle_mmio_set_pending_reg,
 	},
 	{
 		.base		= GIC_DIST_PENDING_CLEAR,
-		.len		= VGIC_NR_IRQS / 8,
+		.len		= VGIC_MAX_IRQS / 8,
+		.bits_per_irq	= 1,
 		.handle_mmio	= handle_mmio_clear_pending_reg,
 	},
 	{
 		.base		= GIC_DIST_ACTIVE_SET,
-		.len		= VGIC_NR_IRQS / 8,
+		.len		= VGIC_MAX_IRQS / 8,
+		.bits_per_irq	= 1,
 		.handle_mmio	= handle_mmio_raz_wi,
 	},
 	{
 		.base		= GIC_DIST_ACTIVE_CLEAR,
-		.len		= VGIC_NR_IRQS / 8,
+		.len		= VGIC_MAX_IRQS / 8,
+		.bits_per_irq	= 1,
 		.handle_mmio	= handle_mmio_raz_wi,
 	},
 	{
 		.base		= GIC_DIST_PRI,
-		.len		= VGIC_NR_IRQS,
+		.len		= VGIC_MAX_IRQS,
+		.bits_per_irq	= 8,
 		.handle_mmio	= handle_mmio_priority_reg,
 	},
 	{
 		.base		= GIC_DIST_TARGET,
-		.len		= VGIC_NR_IRQS,
+		.len		= VGIC_MAX_IRQS,
+		.bits_per_irq	= 8,
 		.handle_mmio	= handle_mmio_target_reg,
 	},
 	{
 		.base		= GIC_DIST_CONFIG,
-		.len		= VGIC_NR_IRQS / 4,
+		.len		= VGIC_MAX_IRQS / 4,
+		.bits_per_irq	= 2,
 		.handle_mmio	= handle_mmio_cfg_reg,
 	},
 	{
@@ -990,6 +1002,22 @@ struct mmio_range *find_matching_range(const struct mmio_range *ranges,
 	return NULL;
 }
 
+static bool vgic_validate_access(const struct vgic_dist *dist,
+				 const struct mmio_range *range,
+				 unsigned long offset)
+{
+	int irq;
+
+	if (!range->bits_per_irq)
+		return true;	/* Not an irq-based access */
+
+	irq = offset * 8 / range->bits_per_irq;
+	if (irq >= dist->nr_irqs)
+		return false;
+
+	return true;
+}
+
 /**
  * vgic_handle_mmio - handle an in-kernel MMIO access
  * @vcpu:	pointer to the vcpu performing the access
@@ -1029,7 +1057,13 @@ bool vgic_handle_mmio(struct kvm_vcpu *vcpu, struct kvm_run *run,
 
 	spin_lock(&vcpu->kvm->arch.vgic.lock);
 	offset = mmio->phys_addr - range->base - base;
-	updated_state = range->handle_mmio(vcpu, mmio, offset);
+	if (vgic_validate_access(dist, range, offset)) {
+		updated_state = range->handle_mmio(vcpu, mmio, offset);
+	} else {
+		vgic_reg_access(mmio, NULL, offset,
+				ACCESS_READ_RAZ | ACCESS_WRITE_IGNORED);
+		updated_state = false;
+	}
 	spin_unlock(&vcpu->kvm->arch.vgic.lock);
 	kvm_prepare_mmio(run, mmio);
 	kvm_handle_mmio_return(vcpu, run);
-- 
2.0.0

next prev parent reply	other threads:[~2014-09-26 13:16 UTC|newest]

Thread overview: 29+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-09-26 13:16 [PATCH 00/27] Changes for arm/arm64 KVM for 3.18 Christoffer Dall
2014-09-26 13:16 ` [PATCH 01/27] KVM: Introduce gfn_to_hva_memslot_prot Christoffer Dall
2014-09-26 13:16 ` [PATCH 02/27] arm/arm64: KVM: Support KVM_CAP_READONLY_MEM Christoffer Dall
2014-09-26 13:16 ` [PATCH 03/27] KVM: ARM/arm64: fix non-const declaration of function returning const Christoffer Dall
2014-09-26 13:16 ` [PATCH 04/27] KVM: ARM/arm64: fix broken __percpu annotation Christoffer Dall
2014-09-26 13:16 ` [PATCH 05/27] KVM: ARM/arm64: avoid returning negative error code as bool Christoffer Dall
2014-09-26 13:16 ` [PATCH 06/27] KVM: ARM/arm64: return -EFAULT if copy_from_user fails in set_timer_reg Christoffer Dall
2014-09-26 13:16 ` [PATCH 07/27] KVM: vgic: return int instead of bool when checking I/O ranges Christoffer Dall
2014-09-26 13:16 ` [PATCH 08/27] KVM: vgic: declare probe function pointer as const Christoffer Dall
2014-09-26 13:16 ` [PATCH 09/27] ARM/arm64: KVM: fix use of WnR bit in kvm_is_write_fault() Christoffer Dall
2014-09-26 13:16 ` [PATCH 10/27] KVM: EVENTFD: remove inclusion of irq.h Christoffer Dall
2014-09-26 13:16 ` [PATCH 11/27] arm/arm64: KVM: Rename irq_state to irq_pending Christoffer Dall
2014-09-26 13:16 ` [PATCH 12/27] arm/arm64: KVM: Rename irq_active to irq_queued Christoffer Dall
2014-09-26 13:16 ` [PATCH 13/27] arm/arm64: KVM: vgic: Clear queued flags on unqueue Christoffer Dall
2014-09-26 13:16 ` [PATCH 14/27] arm/arm64: KVM: vgic: Improve handling of GICD_I{CS}PENDRn Christoffer Dall
2014-09-26 13:16 ` [PATCH 15/27] arm/arm64: KVM: vgic: Fix SGI writes to GICD_I{CS}PENDR0 Christoffer Dall
2014-09-26 13:16 ` [PATCH 16/27] arm/arm64: KVM: vgic: Clarify and correct vgic documentation Christoffer Dall
2014-09-26 13:16 ` [PATCH 17/27] KVM: ARM: vgic: plug irq injection race Christoffer Dall
2014-09-26 13:16 ` [PATCH 18/27] arm/arm64: KVM: vgic: switch to dynamic allocation Christoffer Dall
2014-09-26 13:16 ` [PATCH 19/27] arm/arm64: KVM: vgic: Parametrize VGIC_NR_SHARED_IRQS Christoffer Dall
2014-09-26 13:16 ` [PATCH 20/27] arm/arm64: KVM: vgic: kill VGIC_MAX_CPUS Christoffer Dall
2014-09-26 13:16 ` Christoffer Dall [this message]
2014-09-26 13:16 ` [PATCH 22/27] arm/arm64: KVM: vgic: kill VGIC_NR_IRQS Christoffer Dall
2014-09-26 13:16 ` [PATCH 23/27] arm/arm64: KVM: vgic: delay vgic allocation until init time Christoffer Dall
2014-09-26 13:16 ` [PATCH 24/27] arm/arm64: KVM: vgic: make number of irqs a configurable attribute Christoffer Dall
2014-09-26 13:16 ` [PATCH 25/27] arm/arm64: KVM: Fix set_clear_sgi_pend_reg offset Christoffer Dall
2014-09-26 13:16 ` [PATCH 26/27] arm/arm64: KVM: Fix VTTBR_BADDR_MASK and pgd alloc Christoffer Dall
2014-09-26 13:17 ` [PATCH 27/27] arm/arm64: KVM: Report correct FSC for unsupported fault types Christoffer Dall
2014-09-27 19:33 ` [PATCH 00/27] Changes for arm/arm64 KVM for 3.18 Paolo Bonzini

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:3b73d78 dfblob:2767f93 dfblob:599ad17 dfblob:973eaf7 )
 OR (
bs:"[PATCH 21/27] arm/arm64: KVM: vgic: handle out-of-range MMIO accesses" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1411737420-9063-22-git-send-email-christoffer.dall@linaro.org \
    --to=christoffer.dall@linaro.org \
    --cc=linux-arm-kernel@lists.infradead.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).