From: Marc Zyngier <maz@kernel.org>
To: kvmarm@lists.linux.dev, kvm@vger.kernel.org,
linux-arm-kernel@lists.infradead.org
Cc: Alexandru Elisei <alexandru.elisei@arm.com>,
Andre Przywara <andre.przywara@arm.com>,
Chase Conklin <chase.conklin@arm.com>,
Christoffer Dall <christoffer.dall@arm.com>,
Ganapatrao Kulkarni <gankulkarni@os.amperecomputing.com>,
Darren Hart <darren@os.amperecomputing.com>,
Jintack Lim <jintack@cs.columbia.edu>,
Russell King <rmk+kernel@armlinux.org.uk>,
Miguel Luis <miguel.luis@oracle.com>,
James Morse <james.morse@arm.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
Oliver Upton <oliver.upton@linux.dev>,
Zenghui Yu <yuzenghui@huawei.com>
Subject: [PATCH v11 20/43] KVM: arm64: nv: Restrict S2 RD/WR permissions to match the guest's
Date: Mon, 20 Nov 2023 13:10:04 +0000 [thread overview]
Message-ID: <20231120131027.854038-21-maz@kernel.org> (raw)
In-Reply-To: <20231120131027.854038-1-maz@kernel.org>
When mapping a page in a shadow stage-2, special care must be
taken not to be more permissive than the guest is (writable or
readable page when the guest hasn't set that permission).
Reviewed-by: Alexandru Elisei <alexandru.elisei@arm.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
---
arch/arm64/include/asm/kvm_nested.h | 15 +++++++++++++++
arch/arm64/kvm/mmu.c | 14 +++++++++++++-
arch/arm64/kvm/nested.c | 2 +-
3 files changed, 29 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/include/asm/kvm_nested.h b/arch/arm64/include/asm/kvm_nested.h
index a9aec29bf7a1..cbcddc2e8379 100644
--- a/arch/arm64/include/asm/kvm_nested.h
+++ b/arch/arm64/include/asm/kvm_nested.h
@@ -92,6 +92,21 @@ static inline u32 kvm_s2_trans_esr(struct kvm_s2_trans *trans)
return trans->esr;
}
+static inline bool kvm_s2_trans_readable(struct kvm_s2_trans *trans)
+{
+ return trans->readable;
+}
+
+static inline bool kvm_s2_trans_writable(struct kvm_s2_trans *trans)
+{
+ return trans->writable;
+}
+
+static inline bool kvm_s2_trans_executable(struct kvm_s2_trans *trans)
+{
+ return !(trans->upper_attr & BIT(54));
+}
+
extern int kvm_walk_nested_s2(struct kvm_vcpu *vcpu, phys_addr_t gipa,
struct kvm_s2_trans *result);
extern int kvm_s2_handle_perm_fault(struct kvm_vcpu *vcpu,
diff --git a/arch/arm64/kvm/mmu.c b/arch/arm64/kvm/mmu.c
index 41de7616b735..b885a02200a1 100644
--- a/arch/arm64/kvm/mmu.c
+++ b/arch/arm64/kvm/mmu.c
@@ -1586,6 +1586,17 @@ static int user_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa,
if (exec_fault && device)
return -ENOEXEC;
+ /*
+ * Potentially reduce shadow S2 permissions to match the guest's own
+ * S2. For exec faults, we'd only reach this point if the guest
+ * actually allowed it (see kvm_s2_handle_perm_fault).
+ */
+ if (nested) {
+ writable &= kvm_s2_trans_writable(nested);
+ if (!kvm_s2_trans_readable(nested))
+ prot &= ~KVM_PGTABLE_PROT_R;
+ }
+
read_lock(&kvm->mmu_lock);
pgt = vcpu->arch.hw_mmu->pgt;
if (mmu_invalidate_retry(kvm, mmu_seq))
@@ -1628,7 +1639,8 @@ static int user_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa,
if (device)
prot |= KVM_PGTABLE_PROT_DEVICE;
- else if (cpus_have_final_cap(ARM64_HAS_CACHE_DIC))
+ else if (cpus_have_final_cap(ARM64_HAS_CACHE_DIC) &&
+ (!nested || kvm_s2_trans_executable(nested)))
prot |= KVM_PGTABLE_PROT_X;
/*
diff --git a/arch/arm64/kvm/nested.c b/arch/arm64/kvm/nested.c
index f4014ae0f901..e4203d106b71 100644
--- a/arch/arm64/kvm/nested.c
+++ b/arch/arm64/kvm/nested.c
@@ -496,7 +496,7 @@ int kvm_s2_handle_perm_fault(struct kvm_vcpu *vcpu, struct kvm_s2_trans *trans)
return 0;
if (kvm_vcpu_trap_is_iabt(vcpu)) {
- forward_fault = (trans->upper_attr & BIT(54));
+ forward_fault = !kvm_s2_trans_executable(trans);
} else {
bool write_fault = kvm_is_write_fault(vcpu);
--
2.39.2
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2023-11-20 13:13 UTC|newest]
Thread overview: 79+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-20 13:09 [PATCH v11 00/43] KVM: arm64: Nested Virtualization support (FEAT_NV2 only) Marc Zyngier
2023-11-20 13:09 ` [PATCH v11 01/43] arm64: cpufeatures: Restrict NV support to FEAT_NV2 Marc Zyngier
2023-11-21 9:07 ` Ganapatrao Kulkarni
2023-11-21 9:27 ` Marc Zyngier
2023-11-20 13:09 ` [PATCH v11 02/43] KVM: arm64: nv: Hoist vcpu_has_nv() into is_hyp_ctxt() Marc Zyngier
2023-11-20 13:09 ` [PATCH v11 03/43] KVM: arm64: nv: Compute NV view of idregs as a one-off Marc Zyngier
2023-11-20 13:09 ` [PATCH v11 04/43] KVM: arm64: nv: Drop EL12 register traps that are redirected to VNCR Marc Zyngier
2023-11-20 13:09 ` [PATCH v11 05/43] KVM: arm64: nv: Add non-VHE-EL2->EL1 translation helpers Marc Zyngier
2023-11-20 13:09 ` [PATCH v11 06/43] KVM: arm64: nv: Add include containing the VNCR_EL2 offsets Marc Zyngier
2023-11-20 13:09 ` [PATCH v11 07/43] KVM: arm64: Introduce a bad_trap() primitive for unexpected trap handling Marc Zyngier
2023-11-20 13:09 ` [PATCH v11 08/43] KVM: arm64: nv: Add EL2_REG_VNCR()/EL2_REG_REDIR() sysreg helpers Marc Zyngier
2023-11-20 13:09 ` [PATCH v11 09/43] KVM: arm64: nv: Map VNCR-capable registers to a separate page Marc Zyngier
2023-11-20 13:09 ` [PATCH v11 10/43] KVM: arm64: nv: Handle virtual EL2 registers in vcpu_read/write_sys_reg() Marc Zyngier
2023-11-20 13:09 ` [PATCH v11 11/43] KVM: arm64: nv: Handle HCR_EL2.E2H specially Marc Zyngier
2023-11-20 13:09 ` [PATCH v11 12/43] KVM: arm64: nv: Handle CNTHCTL_EL2 specially Marc Zyngier
2023-11-20 13:09 ` [PATCH v11 13/43] KVM: arm64: nv: Save/Restore vEL2 sysregs Marc Zyngier
2023-11-20 13:09 ` [PATCH v11 14/43] KVM: arm64: nv: Respect virtual HCR_EL2.TWX setting Marc Zyngier
2023-11-20 13:09 ` [PATCH v11 15/43] KVM: arm64: nv: Respect virtual CPTR_EL2.{TFP,FPEN} settings Marc Zyngier
2023-11-20 13:10 ` [PATCH v11 16/43] KVM: arm64: nv: Configure HCR_EL2 for FEAT_NV2 Marc Zyngier
2023-11-20 13:10 ` [PATCH v11 17/43] KVM: arm64: nv: Support multiple nested Stage-2 mmu structures Marc Zyngier
2024-01-23 9:55 ` Ganapatrao Kulkarni
2024-01-23 14:26 ` Marc Zyngier
2024-01-25 8:14 ` Ganapatrao Kulkarni
2024-01-25 8:58 ` Marc Zyngier
2024-01-31 9:39 ` Ganapatrao Kulkarni
2024-01-31 13:50 ` Marc Zyngier
2023-11-20 13:10 ` [PATCH v11 18/43] KVM: arm64: nv: Implement nested Stage-2 page table walk logic Marc Zyngier
2023-11-20 13:10 ` [PATCH v11 19/43] KVM: arm64: nv: Handle shadow stage 2 page faults Marc Zyngier
2024-01-17 14:53 ` Joey Gouly
2024-01-17 15:53 ` Marc Zyngier
2023-11-20 13:10 ` Marc Zyngier [this message]
2023-11-20 13:10 ` [PATCH v11 21/43] KVM: arm64: nv: Unmap/flush shadow stage 2 page tables Marc Zyngier
2023-11-20 13:10 ` [PATCH v11 22/43] KVM: arm64: nv: Set a handler for the system instruction traps Marc Zyngier
2023-11-20 13:10 ` [PATCH v11 23/43] KVM: arm64: nv: Trap and emulate AT instructions from virtual EL2 Marc Zyngier
2023-11-20 13:10 ` [PATCH v11 24/43] KVM: arm64: nv: Trap and emulate TLBI " Marc Zyngier
2023-11-20 13:10 ` [PATCH v11 25/43] KVM: arm64: nv: Hide RAS from nested guests Marc Zyngier
2023-11-20 13:10 ` [PATCH v11 26/43] KVM: arm64: nv: Add handling of EL2-specific timer registers Marc Zyngier
2023-11-20 13:10 ` [PATCH v11 27/43] KVM: arm64: nv: Sync nested timer state with FEAT_NV2 Marc Zyngier
2023-11-20 13:10 ` [PATCH v11 28/43] KVM: arm64: nv: Publish emulated timer interrupt state in the in-memory state Marc Zyngier
2023-11-20 13:10 ` [PATCH v11 29/43] KVM: arm64: nv: Load timer before the GIC Marc Zyngier
2023-11-20 13:10 ` [PATCH v11 30/43] KVM: arm64: nv: Nested GICv3 Support Marc Zyngier
2023-11-20 13:10 ` [PATCH v11 31/43] KVM: arm64: nv: Don't block in WFI from nested state Marc Zyngier
2023-11-20 13:10 ` [PATCH v11 32/43] KVM: arm64: nv: vgic: Allow userland to set VGIC maintenance IRQ Marc Zyngier
2023-11-20 13:10 ` [PATCH v11 33/43] KVM: arm64: nv: Fold GICv3 host trapping requirements into guest setup Marc Zyngier
2023-11-20 13:10 ` [PATCH v11 34/43] KVM: arm64: nv: Deal with broken VGIC on maintenance interrupt delivery Marc Zyngier
2023-11-20 13:10 ` [PATCH v11 35/43] KVM: arm64: nv: Add handling of FEAT_TTL TLB invalidation Marc Zyngier
2023-11-20 13:10 ` [PATCH v11 36/43] KVM: arm64: nv: Invalidate TLBs based on shadow S2 TTL-like information Marc Zyngier
2023-11-20 13:10 ` [PATCH v11 37/43] KVM: arm64: nv: Tag shadow S2 entries with nested level Marc Zyngier
2023-11-20 13:10 ` [PATCH v11 38/43] KVM: arm64: nv: Allocate VNCR page when required Marc Zyngier
2023-11-20 13:10 ` [PATCH v11 39/43] KVM: arm64: nv: Fast-track 'InHost' exception returns Marc Zyngier
2023-11-20 13:10 ` [PATCH v11 40/43] KVM: arm64: nv: Fast-track EL1 TLBIs for VHE guests Marc Zyngier
2023-11-20 13:10 ` [PATCH v11 41/43] KVM: arm64: nv: Use FEAT_ECV to trap access to EL0 timers Marc Zyngier
2023-11-20 13:10 ` [PATCH v11 42/43] KVM: arm64: nv: Accelerate EL0 timer read accesses when FEAT_ECV is on Marc Zyngier
2023-11-20 13:10 ` [PATCH v11 43/43] KVM: arm64: nv: Allow userspace to request KVM_ARM_VCPU_NESTED_VIRT Marc Zyngier
2023-11-21 8:51 ` [PATCH v11 00/43] KVM: arm64: Nested Virtualization support (FEAT_NV2 only) Ganapatrao Kulkarni
2023-11-21 9:08 ` Marc Zyngier
2023-11-21 9:26 ` Ganapatrao Kulkarni
2023-11-21 9:41 ` Marc Zyngier
2023-11-22 11:10 ` Ganapatrao Kulkarni
2023-11-22 11:39 ` Marc Zyngier
2023-11-21 16:49 ` Miguel Luis
2023-11-21 19:02 ` Marc Zyngier
2023-11-23 16:21 ` Miguel Luis
2023-11-23 16:44 ` Marc Zyngier
2023-11-24 9:50 ` Ganapatrao Kulkarni
2023-11-24 10:19 ` Marc Zyngier
2023-11-24 12:34 ` Ganapatrao Kulkarni
2023-11-24 12:51 ` Marc Zyngier
2023-11-24 13:22 ` Ganapatrao Kulkarni
2023-11-24 14:32 ` Marc Zyngier
2023-11-27 7:26 ` Ganapatrao Kulkarni
2023-11-27 9:22 ` Marc Zyngier
2023-11-27 10:59 ` Ganapatrao Kulkarni
2023-11-27 11:45 ` Marc Zyngier
2023-11-27 12:18 ` Ganapatrao Kulkarni
2023-11-27 13:57 ` Marc Zyngier
2023-12-18 12:39 ` Marc Zyngier
2023-12-18 19:51 ` Oliver Upton
2023-12-19 10:32 ` (subset) " Marc Zyngier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231120131027.854038-21-maz@kernel.org \
--to=maz@kernel.org \
--cc=alexandru.elisei@arm.com \
--cc=andre.przywara@arm.com \
--cc=chase.conklin@arm.com \
--cc=christoffer.dall@arm.com \
--cc=darren@os.amperecomputing.com \
--cc=gankulkarni@os.amperecomputing.com \
--cc=james.morse@arm.com \
--cc=jintack@cs.columbia.edu \
--cc=kvm@vger.kernel.org \
--cc=kvmarm@lists.linux.dev \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=miguel.luis@oracle.com \
--cc=oliver.upton@linux.dev \
--cc=rmk+kernel@armlinux.org.uk \
--cc=suzuki.poulose@arm.com \
--cc=yuzenghui@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).