From: Marc Zyngier <maz@kernel.org>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: Mark Rutland <mark.rutland@arm.com>,
Santosh Shukla <sashukla@nvidia.com>,
Gavin Shan <gshan@redhat.com>,
kvm@vger.kernel.org, Quentin Perret <qperret@google.com>,
kernel-team@android.com,
Suzuki K Poulose <suzuki.poulose@arm.com>,
kvmarm@lists.cs.columbia.edu,
Vladimir Murzin <vladimir.murzin@arm.com>,
James Morse <james.morse@arm.com>,
linux-arm-kernel@lists.infradead.org,
David Brazdil <dbrazdil@google.com>,
Will Deacon <will@kernel.org>, Qais Yousef <qais.yousef@arm.com>,
Julien Thierry <julien.thierry.kdev@gmail.com>
Subject: [PATCH 01/12] KVM: arm64: Don't corrupt tpidr_el2 on failed HVC call
Date: Fri, 30 Oct 2020 16:40:06 +0000 [thread overview]
Message-ID: <20201030164017.244287-2-maz@kernel.org> (raw)
In-Reply-To: <20201030164017.244287-1-maz@kernel.org>
The hyp-init code starts by stashing a register in TPIDR_EL2
in in order to free a register. This happens no matter if the
HVC call is legal or not.
Although nothing wrong seems to come out of it, it feels odd
to alter the EL2 state for something that eventually returns
an error.
Instead, use the fact that we know exactly which bits of the
__kvm_hyp_init call are non-zero to perform the check with
a series of EOR/ROR instructions, combined with a build-time
check that the value is the one we expect.
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20201026095116.72051-2-maz@kernel.org
---
arch/arm64/kvm/hyp/nvhe/hyp-init.S | 23 ++++++++++++++++-------
1 file changed, 16 insertions(+), 7 deletions(-)
diff --git a/arch/arm64/kvm/hyp/nvhe/hyp-init.S b/arch/arm64/kvm/hyp/nvhe/hyp-init.S
index 47224dc62c51..b11a9d7db677 100644
--- a/arch/arm64/kvm/hyp/nvhe/hyp-init.S
+++ b/arch/arm64/kvm/hyp/nvhe/hyp-init.S
@@ -57,16 +57,25 @@ __do_hyp_init:
cmp x0, #HVC_STUB_HCALL_NR
b.lo __kvm_handle_stub_hvc
- /* Set tpidr_el2 for use by HYP to free a register */
- msr tpidr_el2, x2
-
- mov x2, #KVM_HOST_SMCCC_FUNC(__kvm_hyp_init)
- cmp x0, x2
- b.eq 1f
+ // We only actively check bits [24:31], and everything
+ // else has to be zero, which we check at build time.
+#if (KVM_HOST_SMCCC_FUNC(__kvm_hyp_init) & 0xFFFFFFFF00FFFFFF)
+#error Unexpected __KVM_HOST_SMCCC_FUNC___kvm_hyp_init value
+#endif
+
+ ror x0, x0, #24
+ eor x0, x0, #((KVM_HOST_SMCCC_FUNC(__kvm_hyp_init) >> 24) & 0xF)
+ ror x0, x0, #4
+ eor x0, x0, #((KVM_HOST_SMCCC_FUNC(__kvm_hyp_init) >> 28) & 0xF)
+ cbz x0, 1f
mov x0, #SMCCC_RET_NOT_SUPPORTED
eret
-1: phys_to_ttbr x0, x1
+1:
+ /* Set tpidr_el2 for use by HYP to free a register */
+ msr tpidr_el2, x2
+
+ phys_to_ttbr x0, x1
alternative_if ARM64_HAS_CNP
orr x0, x0, #TTBR_CNP_BIT
alternative_else_nop_endif
--
2.28.0
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2020-10-30 16:42 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-30 16:40 [GIT PULL] KVM/arm64 fixes for 5.10, take #1 Marc Zyngier
2020-10-30 16:40 ` Marc Zyngier [this message]
2020-10-30 16:40 ` [PATCH 02/12] KVM: arm64: Remove leftover kern_hyp_va() in nVHE TLB invalidation Marc Zyngier
2020-10-30 16:40 ` [PATCH 03/12] KVM: arm64: Drop useless PAN setting on host EL1 to EL2 transition Marc Zyngier
2020-10-30 16:40 ` [PATCH 04/12] KVM: arm64: Allocate stage-2 pgd pages with GFP_KERNEL_ACCOUNT Marc Zyngier
2020-10-30 16:40 ` [PATCH 05/12] KVM: arm64: Fix AArch32 handling of DBGD{CCINT, SCRext} and DBGVCR Marc Zyngier
2020-10-30 16:40 ` [PATCH 06/12] KVM: arm64: Fix masks in stage2_pte_cacheable() Marc Zyngier
2020-10-30 16:40 ` [PATCH 07/12] KVM: arm64: Use fallback mapping sizes for contiguous huge page sizes Marc Zyngier
2020-10-30 16:40 ` [PATCH 08/12] KVM: arm64: Force PTE mapping on fault resulting in a device mapping Marc Zyngier
2020-10-30 16:40 ` [PATCH 09/12] KVM: arm64: Factor out is_{vhe,nvhe}_hyp_code() Marc Zyngier
2020-10-30 16:40 ` [PATCH 10/12] arm64: cpufeature: reorder cpus_have_{const, final}_cap() Marc Zyngier
2020-10-30 16:40 ` [PATCH 11/12] arm64: cpufeature: upgrade hyp caps to final Marc Zyngier
2020-10-30 16:40 ` [PATCH 12/12] KVM: arm64: Handle Asymmetric AArch32 systems Marc Zyngier
2020-10-31 14:35 ` [GIT PULL] KVM/arm64 fixes for 5.10, take #1 Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201030164017.244287-2-maz@kernel.org \
--to=maz@kernel.org \
--cc=dbrazdil@google.com \
--cc=gshan@redhat.com \
--cc=james.morse@arm.com \
--cc=julien.thierry.kdev@gmail.com \
--cc=kernel-team@android.com \
--cc=kvm@vger.kernel.org \
--cc=kvmarm@lists.cs.columbia.edu \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=mark.rutland@arm.com \
--cc=pbonzini@redhat.com \
--cc=qais.yousef@arm.com \
--cc=qperret@google.com \
--cc=sashukla@nvidia.com \
--cc=suzuki.poulose@arm.com \
--cc=vladimir.murzin@arm.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).