From: "Pierre-Clément Tosi" <ptosi@google.com>
To: kvmarm@lists.linux.dev, linux-arm-kernel@lists.infradead.org,
kvm@vger.kernel.org
Cc: "Pierre-Clément Tosi" <ptosi@google.com>,
"Marc Zyngier" <maz@kernel.org>,
"Oliver Upton" <oliver.upton@linux.dev>,
"Suzuki K Poulose" <suzuki.poulose@arm.com>,
"Vincent Donnefort" <vdonnefort@google.com>
Subject: [PATCH v4 01/13] KVM: arm64: Fix clobbered ELR in sync abort/SError
Date: Wed, 29 May 2024 13:12:07 +0100 [thread overview]
Message-ID: <20240529121251.1993135-2-ptosi@google.com> (raw)
In-Reply-To: <20240529121251.1993135-1-ptosi@google.com>
When the hypervisor receives a SError or synchronous exception (EL2h)
while running with the __kvm_hyp_vector and if ELR_EL2 doesn't point to
an extable entry, it panics indirectly by overwriting ELR with the
address of a panic handler in order for the asm routine it returns to to
ERET into the handler.
However, this clobbers ELR_EL2 for the handler itself. As a result,
hyp_panic(), when retrieving what it believes to be the PC where the
exception happened, actually ends up reading the address of the panic
handler that called it! This results in an erroneous and confusing panic
message where the source of any synchronous exception (e.g. BUG() or
kCFI) appears to be __guest_exit_panic, making it hard to locate the
actual BRK instruction.
Therefore, store the original ELR_EL2 in the per-CPU kvm_hyp_ctxt and
point the sysreg to a routine that first restores it to its previous
value before running __guest_exit_panic.
Fixes: 7db21530479f ("KVM: arm64: Restore hyp when panicking in guest context")
Signed-off-by: Pierre-Clément Tosi <ptosi@google.com>
---
arch/arm64/kernel/asm-offsets.c | 1 +
arch/arm64/kvm/hyp/entry.S | 8 ++++++++
arch/arm64/kvm/hyp/include/hyp/switch.h | 5 +++--
3 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/kernel/asm-offsets.c b/arch/arm64/kernel/asm-offsets.c
index 81496083c041..27de1dddb0ab 100644
--- a/arch/arm64/kernel/asm-offsets.c
+++ b/arch/arm64/kernel/asm-offsets.c
@@ -128,6 +128,7 @@ int main(void)
DEFINE(VCPU_FAULT_DISR, offsetof(struct kvm_vcpu, arch.fault.disr_el1));
DEFINE(VCPU_HCR_EL2, offsetof(struct kvm_vcpu, arch.hcr_el2));
DEFINE(CPU_USER_PT_REGS, offsetof(struct kvm_cpu_context, regs));
+ DEFINE(CPU_ELR_EL2, offsetof(struct kvm_cpu_context, sys_regs[ELR_EL2]));
DEFINE(CPU_RGSR_EL1, offsetof(struct kvm_cpu_context, sys_regs[RGSR_EL1]));
DEFINE(CPU_GCR_EL1, offsetof(struct kvm_cpu_context, sys_regs[GCR_EL1]));
DEFINE(CPU_APIAKEYLO_EL1, offsetof(struct kvm_cpu_context, sys_regs[APIAKEYLO_EL1]));
diff --git a/arch/arm64/kvm/hyp/entry.S b/arch/arm64/kvm/hyp/entry.S
index f3aa7738b477..4433a234aa9b 100644
--- a/arch/arm64/kvm/hyp/entry.S
+++ b/arch/arm64/kvm/hyp/entry.S
@@ -83,6 +83,14 @@ alternative_else_nop_endif
eret
sb
+SYM_INNER_LABEL(__guest_exit_restore_elr_and_panic, SYM_L_GLOBAL)
+ // x2-x29,lr: vcpu regs
+ // vcpu x0-x1 on the stack
+
+ adr_this_cpu x0, kvm_hyp_ctxt, x1
+ ldr x0, [x0, #CPU_ELR_EL2]
+ msr elr_el2, x0
+
SYM_INNER_LABEL(__guest_exit_panic, SYM_L_GLOBAL)
// x2-x29,lr: vcpu regs
// vcpu x0-x1 on the stack
diff --git a/arch/arm64/kvm/hyp/include/hyp/switch.h b/arch/arm64/kvm/hyp/include/hyp/switch.h
index a92566f36022..ed9a63f1f7bf 100644
--- a/arch/arm64/kvm/hyp/include/hyp/switch.h
+++ b/arch/arm64/kvm/hyp/include/hyp/switch.h
@@ -689,7 +689,7 @@ static inline bool fixup_guest_exit(struct kvm_vcpu *vcpu, u64 *exit_code)
static inline void __kvm_unexpected_el2_exception(void)
{
- extern char __guest_exit_panic[];
+ extern char __guest_exit_restore_elr_and_panic[];
unsigned long addr, fixup;
struct kvm_exception_table_entry *entry, *end;
unsigned long elr_el2 = read_sysreg(elr_el2);
@@ -711,7 +711,8 @@ static inline void __kvm_unexpected_el2_exception(void)
}
/* Trigger a panic after restoring the hyp context. */
- write_sysreg(__guest_exit_panic, elr_el2);
+ this_cpu_ptr(&kvm_hyp_ctxt)->sys_regs[ELR_EL2] = elr_el2;
+ write_sysreg(__guest_exit_restore_elr_and_panic, elr_el2);
}
#endif /* __ARM64_KVM_HYP_SWITCH_H__ */
--
2.45.1.288.g0e0cd299f1-goog
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2024-05-29 12:14 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-29 12:12 [PATCH v4 00/13] KVM: arm64: Add support for hypervisor kCFI Pierre-Clément Tosi
2024-05-29 12:12 ` Pierre-Clément Tosi [this message]
2024-06-03 14:05 ` [PATCH v4 01/13] KVM: arm64: Fix clobbered ELR in sync abort/SError Will Deacon
2024-05-29 12:12 ` [PATCH v4 02/13] KVM: arm64: Fix __pkvm_init_switch_pgd call ABI Pierre-Clément Tosi
2024-06-03 14:22 ` Will Deacon
2024-05-29 12:12 ` [PATCH v4 03/13] KVM: arm64: nVHE: Simplify __guest_exit_panic path Pierre-Clément Tosi
2024-06-03 14:30 ` Will Deacon
2024-06-04 15:48 ` Pierre-Clément Tosi
2024-06-05 16:02 ` Will Deacon
2024-05-29 12:12 ` [PATCH v4 04/13] KVM: arm64: nVHE: Add EL2h sync exception handler Pierre-Clément Tosi
2024-06-03 14:32 ` Will Deacon
2024-05-29 12:12 ` [PATCH v4 05/13] KVM: arm64: Rename __guest_exit_panic __hyp_panic Pierre-Clément Tosi
2024-06-03 14:34 ` Will Deacon
2024-06-04 15:51 ` Pierre-Clément Tosi
2024-06-05 16:10 ` Will Deacon
2024-05-29 12:12 ` [PATCH v4 06/13] KVM: arm64: nVHE: gen-hyprel: Skip R_AARCH64_ABS32 Pierre-Clément Tosi
2024-06-03 14:35 ` Will Deacon
2024-05-29 12:12 ` [PATCH v4 07/13] KVM: arm64: VHE: Mark __hyp_call_panic __noreturn Pierre-Clément Tosi
2024-06-03 14:36 ` Will Deacon
2024-05-29 12:12 ` [PATCH v4 08/13] arm64: Introduce esr_comment() & esr_is_cfi_brk() Pierre-Clément Tosi
2024-06-03 14:42 ` Will Deacon
2024-05-29 12:12 ` [PATCH v4 09/13] KVM: arm64: Introduce print_nvhe_hyp_panic helper Pierre-Clément Tosi
2024-06-03 14:43 ` Will Deacon
2024-05-29 12:12 ` [PATCH v4 10/13] KVM: arm64: nVHE: Support CONFIG_CFI_CLANG at EL2 Pierre-Clément Tosi
2024-06-03 14:45 ` Will Deacon
2024-06-04 16:04 ` Pierre-Clément Tosi
2024-06-05 16:11 ` Will Deacon
2024-05-29 12:12 ` [PATCH v4 11/13] KVM: arm64: Improve CONFIG_CFI_CLANG error message Pierre-Clément Tosi
2024-06-03 14:48 ` Will Deacon
2024-06-04 16:05 ` Pierre-Clément Tosi
2024-06-06 16:22 ` Will Deacon
2024-05-29 12:12 ` [PATCH v4 12/13] KVM: arm64: VHE: Add test module for hyp kCFI Pierre-Clément Tosi
2024-05-29 12:12 ` [PATCH v4 13/13] KVM: arm64: nVHE: Support " Pierre-Clément Tosi
2024-06-03 13:59 ` [PATCH v4 00/13] KVM: arm64: Add support for hypervisor kCFI Will Deacon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240529121251.1993135-2-ptosi@google.com \
--to=ptosi@google.com \
--cc=kvm@vger.kernel.org \
--cc=kvmarm@lists.linux.dev \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=maz@kernel.org \
--cc=oliver.upton@linux.dev \
--cc=suzuki.poulose@arm.com \
--cc=vdonnefort@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox