From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-14.5 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_ADSP_CUSTOM_MED,DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D625FC2BC11 for ; Mon, 14 Sep 2020 17:30:35 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 6270620735 for ; Mon, 14 Sep 2020 17:30:35 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="g8IVwrnA"; dkim=fail reason="signature verification failed" (2048-bit key) header.d=google.com header.i=@google.com header.b="amPh1yVy" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 6270620735 Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=uHqYuPgP37MmO+e1bzVJJeHlGniei1Oor/xmpQLezlg=; b=g8IVwrnALeuQKKZHOu4P56l7J poollxe6TY+jeI1o8yQrr7YstDh/hnE5GmrzMrIqhVgtrztBWo+2bJXoGKSOObMMLwUCjhi7/ux34 BobAAlDxC9AA0/hG9sL0wkwLVxEBMrRkFShaibnm1aZzqqkNvUEQsXp/jI51lPR4+BY3BMEJVPH+w 2EhZIOseKtaHttRtfZ0Sjl53Ovna1JHS1GBz7KjkflEAsHsrYQLLWG9gPfbptmO6PBnh96Q578yoD OXEcfEDrl1twUBw6rQ85RyOQoFfdUDU5MqZ+StWXLiP8yLZHF+QC2uHddo38sGg1kQiJ2ZdTmsozC u8XIfh1Mg==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1kHsHQ-0000kO-D8; Mon, 14 Sep 2020 17:28:41 +0000 Received: from mail-wr1-x444.google.com ([2a00:1450:4864:20::444]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1kHsGy-0000Zm-Lt for linux-arm-kernel@lists.infradead.org; Mon, 14 Sep 2020 17:28:14 +0000 Received: by mail-wr1-x444.google.com with SMTP id m6so556096wrn.0 for ; Mon, 14 Sep 2020 10:28:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=/4VwXgJoMbk9POxFRHy1vRuuoE0F0rYUfbOkZd2TWH0=; b=amPh1yVyk5hsom+N7frn7ZaaN2fdVT09fNxiF+g8sBUUwDxE8gwytpL5RaaqpAKPXL K1P6UwD+bgpwaOVGkDSH8HhKaO6zCvViC3tpU9Zpuwn4OcPoiiGXGBoW2R0EoC8v4rKy EGoQGj3Dg1w2+f36a7/lnrpY/1iFHmPlqbhDSmo0O+MGsGmZGM6pqptzDnasinwhANLj 4Fc/V4MVAloP8rQ590HmNMl95HI36WRgEGjmpAubcTv73WDPz2iZNfd5xPgaOkDzx8TR RterKOwezbCeHnyORfnJPbeyY0EZq9QAv2mPqglRAYdyEvVDulzE9OeK3oSzuwgvg5TQ 6agA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=/4VwXgJoMbk9POxFRHy1vRuuoE0F0rYUfbOkZd2TWH0=; b=bfJLnApj575rVgvH/PNZDYSLp/RBAQAnjLH5GCdv6qcVZjzoHC8ha/WfUU9BIM2Gep CUoT6acziH/+ODJJmsed6hG08rlBNBVR+fC4RItgw6FOVy3XBnKyVFhw/uidgNzL9jDZ 7/z1vMgGMyfD6k+fB0zXzPWaASZEFt5xQJxOCD95bvGSHE0tkvI1BPknDeWTc1K6e+w3 TmyQbRramhVSdFwzKPjIoiWZf+xgpWB3/N9cLYLT75Chc1+hufkLUhgyRQCwqAxFPZPQ ZweaoPSAzF4F4Zy/QcjSohctxoRJuqjLhjjvGaeOz+JJQ2bprCIsdsicuR+NNBvJLSG5 3znQ== X-Gm-Message-State: AOAM533+yimJVczWTr8+eH06slfDIPFpztgtVjovgCPMgPzftEK0IQQW r8n7cTsLGiWJ8s7ptx6rjHd5ww== X-Google-Smtp-Source: ABdhPJzjIpl24eBuXRk5Xw2CVqvs2BB+r9DeJ7mZjJ1acd5LET7e/D2xbtzn/nEHsYfgyEIUS5e5Mg== X-Received: by 2002:adf:8b48:: with SMTP id v8mr17059052wra.21.1600104491563; Mon, 14 Sep 2020 10:28:11 -0700 (PDT) Received: from localhost (49.222.77.34.bc.googleusercontent.com. [34.77.222.49]) by smtp.gmail.com with ESMTPSA id h16sm22935608wre.87.2020.09.14.10.28.10 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 14 Sep 2020 10:28:10 -0700 (PDT) From: George-Aurelian Popescu To: maz@kernel.org, catalin.marinas@arm.com, will@kernel.org, masahiroy@kernel.org, michal.lkml@markovi.net Subject: [PATCH 05/14] KVM: arm64: Define a buffer that can pass UBSan data from hyp/nVHE to kernel Date: Mon, 14 Sep 2020 17:27:41 +0000 Message-Id: <20200914172750.852684-6-georgepope@google.com> X-Mailer: git-send-email 2.28.0.618.gf4bc123cb7-goog In-Reply-To: <20200914172750.852684-1-georgepope@google.com> References: <20200914172750.852684-1-georgepope@google.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200914_132812_757683_1C3255AE X-CRM114-Status: GOOD ( 26.46 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: arnd@arndb.de, elver@google.com, tglx@linutronix.de, keescook@chromium.org, maskray@google.com, linux-kbuild@vger.kernel.org, suzuki.poulose@arm.com, ndesaulniers@google.com, linux-kernel@vger.kernel.org, akpm@linux-foundation.org, George Popescu , clang-built-linux@googlegroups.com, broonie@kernel.org, james.morse@arm.com, julien.thierry.kdev@gmail.com, dvyukov@google.com, natechancellor@gmail.com, dbrazdil@google.com, kvmarm@lists.cs.columbia.edu, linux-arm-kernel@lists.infradead.org, ascull@google.com Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org From: George Popescu Store data, which is collected from UBSan handlers that lives inside hyp/nVHE, into the kvm_ubsan_buffer. This buffer is designed to store only UBSan data because it should not be preoccupied by other mechanisms data structures and functionalities. Map the buffer and the write index before switching the control to hyp/nVHE. Map the kernel .data region to read the compile time generated UBSan struct's data from hyp/nVHE. Signed-off-by: George Popescu --- arch/arm64/include/asm/kvm_asm.h | 3 +++ arch/arm64/include/asm/kvm_host.h | 6 +++++ arch/arm64/include/asm/kvm_ubsan.h | 17 +++++++++++++ arch/arm64/kvm/Makefile | 4 ++++ arch/arm64/kvm/arm.c | 38 +++++++++++++++++++++++++++++- arch/arm64/kvm/hyp/hyp-entry.S | 4 ++++ arch/arm64/kvm/hyp/nvhe/ubsan.c | 24 ++++++++++++++++++- arch/arm64/kvm/kvm_ubsan_buffer.c | 32 +++++++++++++++++++++++++ 8 files changed, 126 insertions(+), 2 deletions(-) create mode 100644 arch/arm64/include/asm/kvm_ubsan.h create mode 100644 arch/arm64/kvm/kvm_ubsan_buffer.c diff --git a/arch/arm64/include/asm/kvm_asm.h b/arch/arm64/include/asm/kvm_asm.h index 200bb8d0a720..9d4a77f08ffd 100644 --- a/arch/arm64/include/asm/kvm_asm.h +++ b/arch/arm64/include/asm/kvm_asm.h @@ -63,6 +63,9 @@ #define CHOOSE_VHE_SYM(sym) sym #define CHOOSE_NVHE_SYM(sym) kvm_nvhe_sym(sym) +#define this_cpu_ptr_nvhe(sym) this_cpu_ptr(&kvm_nvhe_sym(sym)) +#define per_cpu_ptr_nvhe(sym, cpu) per_cpu_ptr(&kvm_nvhe_sym(sym), cpu) + #ifndef __KVM_NVHE_HYPERVISOR__ /* * BIG FAT WARNINGS: diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h index adc8957e9321..337fd2d0f976 100644 --- a/arch/arm64/include/asm/kvm_host.h +++ b/arch/arm64/include/asm/kvm_host.h @@ -494,8 +494,14 @@ u64 __kvm_call_hyp(void *hypfn, ...); __kvm_call_hyp(kvm_ksym_ref_nvhe(f), ##__VA_ARGS__); \ }) +#ifdef CONFIG_UBSAN +extern void __kvm_check_ubsan_buffer(void); +#endif + #define __kvm_arm_check_debug_buffer() \ { \ + if (IS_ENABLED(CONFIG_UBSAN)) \ + __kvm_check_ubsan_buffer(); \ } /* diff --git a/arch/arm64/include/asm/kvm_ubsan.h b/arch/arm64/include/asm/kvm_ubsan.h new file mode 100644 index 000000000000..af607a796376 --- /dev/null +++ b/arch/arm64/include/asm/kvm_ubsan.h @@ -0,0 +1,17 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +/* + * Copyright 2020 Google LLC + * Author: George Popescu + */ + +#ifdef CONFIG_UBSAN +#include + + +#define UBSAN_MAX_TYPE 6 +#define KVM_UBSAN_BUFFER_SIZE 1000 + +struct kvm_ubsan_info { + int type; +}; +#endif diff --git a/arch/arm64/kvm/Makefile b/arch/arm64/kvm/Makefile index 99977c1972cc..92f06cb5b3df 100644 --- a/arch/arm64/kvm/Makefile +++ b/arch/arm64/kvm/Makefile @@ -24,4 +24,8 @@ kvm-y := $(KVM)/kvm_main.o $(KVM)/coalesced_mmio.o $(KVM)/eventfd.o \ vgic/vgic-mmio-v3.o vgic/vgic-kvm-device.o \ vgic/vgic-its.o vgic/vgic-debug.o +CFLAGS_kvm_ubsan_buffer.o += -I $(srctree)/lib/ +CFLAGS_arm.o += -I $(srctree)/lib + +kvm-$(CONFIG_UBSAN) += kvm_ubsan_buffer.o kvm-$(CONFIG_KVM_ARM_PMU) += pmu-emul.o diff --git a/arch/arm64/kvm/arm.c b/arch/arm64/kvm/arm.c index b588c3b5c2f0..eff57069e103 100644 --- a/arch/arm64/kvm/arm.c +++ b/arch/arm64/kvm/arm.c @@ -42,10 +42,17 @@ #include #include +#include +#include + #ifdef REQUIRES_VIRT __asm__(".arch_extension virt"); #endif +#ifdef CONFIG_UBSAN +DECLARE_KVM_DEBUG_BUFFER(struct kvm_ubsan_info, kvm_ubsan_buff, KVM_UBSAN_BUFFER_SIZE); +#endif + DEFINE_PER_CPU(kvm_host_data_t, kvm_host_data); static DEFINE_PER_CPU(unsigned long, kvm_arm_hyp_stack_page); @@ -1519,7 +1526,15 @@ static int init_hyp_mode(void) kvm_err("Cannot map bss section\n"); goto out_err; } - +#ifdef CONFIG_UBSAN + /* required by ubsan to access the handlers structures fields */ + err = create_hyp_mappings(kvm_ksym_ref(_data), + kvm_ksym_ref(__end_once), PAGE_HYP_RO); + if (err) { + kvm_err("Cannot map data section\n"); + goto out_err; + } +#endif err = kvm_map_vectors(); if (err) { kvm_err("Cannot map vectors\n"); @@ -1552,6 +1567,27 @@ static int init_hyp_mode(void) } } +#ifdef CONFIG_UBSAN + for_each_possible_cpu(cpu) { + /* map the write index */ + struct kvm_ubsan_info *buff; + unsigned long *wr_ind; + + wr_ind = per_cpu_ptr_nvhe(kvm_ubsan_buff_wr_ind, cpu); + err = create_hyp_mappings(wr_ind, wr_ind + 1, PAGE_HYP); + if (err) { + kvm_err("Cannot map the busan buffer write index: %d\n", err); + goto out_err; + } + buff = per_cpu_ptr(kvm_nvhe_sym(kvm_ubsan_buff), cpu); + err = create_hyp_mappings(buff, buff + KVM_UBSAN_BUFFER_SIZE, PAGE_HYP); + if (err) { + kvm_err("Cannot map the ubsan buffer: %d\n", err); + goto out_err; + } + } +#endif + err = hyp_map_aux_data(); if (err) kvm_err("Cannot map host auxiliary data: %d\n", err); diff --git a/arch/arm64/kvm/hyp/hyp-entry.S b/arch/arm64/kvm/hyp/hyp-entry.S index 8df0082b9ccf..bcdbab4d2e43 100644 --- a/arch/arm64/kvm/hyp/hyp-entry.S +++ b/arch/arm64/kvm/hyp/hyp-entry.S @@ -14,6 +14,7 @@ #include #include #include +#include .macro save_caller_saved_regs_vect /* x0 and x1 were saved in the vector entry */ @@ -74,6 +75,9 @@ el1_sync: // Guest trapped into EL2 cmp x0, #HVC_STUB_HCALL_NR b.hs 1f +#ifdef CONFIG_UBSAN + clear_kvm_debug_buffer kvm_ubsan_buff_wr_ind, x4, x5, x6 +#endif /* * Compute the idmap address of __kvm_handle_stub_hvc and * jump there. Since we use kimage_voffset, do not use the diff --git a/arch/arm64/kvm/hyp/nvhe/ubsan.c b/arch/arm64/kvm/hyp/nvhe/ubsan.c index a5db6b61ceb2..a43c9646e1e8 100644 --- a/arch/arm64/kvm/hyp/nvhe/ubsan.c +++ b/arch/arm64/kvm/hyp/nvhe/ubsan.c @@ -3,9 +3,31 @@ * Copyright 2020 Google LLC * Author: George Popescu */ +#include #include #include -#include +#include +#include +#include +#include +#include +#include +#include + +DEFINE_KVM_DEBUG_BUFFER(struct kvm_ubsan_info, kvm_ubsan_buff, KVM_UBSAN_BUFFER_SIZE); + +static inline struct kvm_ubsan_info *kvm_ubsan_buffer_next_slot(void) +{ + struct kvm_ubsan_info *res; + struct kvm_ubsan_info *buff; + unsigned long *buff_ind; + unsigned long buff_size = KVM_UBSAN_BUFFER_SIZE; + unsigned int struct_size = sizeof(struct kvm_ubsan_info); + + init_kvm_debug_buffer(kvm_ubsan_buff, struct kvm_ubsan_info, buff, buff_ind); + res = kvm_debug_buffer_next_slot(buff, buff_ind, struct_size, buff_size); + return res; +} void __ubsan_handle_add_overflow(void *_data, void *lhs, void *rhs) {} diff --git a/arch/arm64/kvm/kvm_ubsan_buffer.c b/arch/arm64/kvm/kvm_ubsan_buffer.c new file mode 100644 index 000000000000..28dcf19b5706 --- /dev/null +++ b/arch/arm64/kvm/kvm_ubsan_buffer.c @@ -0,0 +1,32 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Copyright 2020 Google LLC + * Author: George Popescu + */ + +#include +#include +#include +#include +#include +#include + +#include +#include + +DECLARE_KVM_DEBUG_BUFFER(struct kvm_ubsan_info, kvm_ubsan_buff, KVM_UBSAN_BUFFER_SIZE); + + +void __kvm_check_ubsan_buffer(void) +{ + unsigned long *write_ind; + unsigned long it; + struct kvm_ubsan_info *slot; + + init_kvm_debug_buffer(kvm_ubsan_buff, struct kvm_ubsan_info, slot, write_ind); + for_each_kvm_debug_buffer_slot(slot, write_ind, it) { + /* check ubsan data */ + slot->type = 0; + } +} + -- 2.28.0.618.gf4bc123cb7-goog _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel