From: Marc Zyngier <maz@kernel.org>
To: Mark Rutland <mark.rutland@arm.com>
Cc: kvmarm@lists.linux.dev, kvm@vger.kernel.org,
linux-arm-kernel@lists.infradead.org,
Joey Gouly <joey.gouly@arm.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
Oliver Upton <oliver.upton@linux.dev>,
Zenghui Yu <yuzenghui@huawei.com>, Fuad Tabba <tabba@google.com>
Subject: Re: [PATCH 06/18] KVM: arm64: Plug FEAT_GCS handling
Date: Tue, 11 Feb 2025 13:35:54 +0000 [thread overview]
Message-ID: <861pw4txhh.wl-maz@kernel.org> (raw)
In-Reply-To: <Z6tEUzwcHVHALIdu@J2N7QTR9R3>
On Tue, 11 Feb 2025 12:36:35 +0000,
Mark Rutland <mark.rutland@arm.com> wrote:
>
> On Mon, Feb 10, 2025 at 06:41:37PM +0000, Marc Zyngier wrote:
> > We don't seem to be handling the GCS-specific exception class.
> > Handle it by delivering an UNDEF to the guest, and populate the
> > relevant trap bits.
> >
> > Signed-off-by: Marc Zyngier <maz@kernel.org>
> > ---
> > arch/arm64/kvm/handle_exit.c | 11 +++++++++++
> > arch/arm64/kvm/sys_regs.c | 8 ++++++++
> > 2 files changed, 19 insertions(+)
> >
> > diff --git a/arch/arm64/kvm/handle_exit.c b/arch/arm64/kvm/handle_exit.c
> > index 4f8354bf7dc5f..624a78a99e38a 100644
> > --- a/arch/arm64/kvm/handle_exit.c
> > +++ b/arch/arm64/kvm/handle_exit.c
> > @@ -294,6 +294,16 @@ static int handle_svc(struct kvm_vcpu *vcpu)
> > return 1;
> > }
> >
> > +static int kvm_handle_gcs(struct kvm_vcpu *vcpu)
> > +{
> > + /* We don't expect GCS, so treat it with contempt */
> > + if (kvm_has_feat(vcpu->kvm, ID_AA64PFR1_EL1, GCS, IMP))
> > + WARN_ON_ONCE(1);
>
> Just to check / better my understanging, do we enforce that this can't
> be exposed to the guest somewhere?
>
> I see __kvm_read_sanitised_id_reg() masks it out, and the sys_reg_descs
> table has it filtered, but I'm not immediately sure whether that
> prevents host userspace maliciously setting this?
On writing to the idreg, you end-up in set_id_aa64pfr1_el1(), which
calls into set_id_reg(). There, arm64_check_features() compares each
and every feature in that register with the mask and limits that have
been established.
Since GCS is not part of the writable mask, and that it has been
disabled, the only valid value for ID_AA64PFR1_EL1.GCS is 0. A
non-zero value provided by userspace will be caught by the last check
in arm64_check_features(), and an error be returned.
HTH,
M.
--
Without deviation from the norm, progress is not possible.
next prev parent reply other threads:[~2025-02-11 13:43 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-10 18:41 [PATCH 00/18] KVM: arm64: Revamp Fine Grained Trap handling Marc Zyngier
2025-02-10 18:41 ` [PATCH 01/18] arm64: Add ID_AA64ISAR1_EL1.LS64 encoding for FEAT_LS64WB Marc Zyngier
2025-02-10 18:41 ` [PATCH 02/18] arm64: Add syndrome information for trapped LD64B/ST64B{,V,V0} Marc Zyngier
2025-02-11 12:23 ` Mark Rutland
2025-02-10 18:41 ` [PATCH 03/18] KVM: arm64: Handle trapping of FEAT_LS64* instructions Marc Zyngier
2025-02-11 12:28 ` Mark Rutland
2025-03-04 14:36 ` Fuad Tabba
2025-03-04 15:25 ` Marc Zyngier
2025-03-04 15:47 ` Marc Zyngier
2025-02-10 18:41 ` [PATCH 04/18] KVM: arm64: Restrict ACCDATA_EL1 undef to FEAT_ST64_ACCDATA being disabled Marc Zyngier
2025-02-10 18:41 ` [PATCH 05/18] KVM: arm64: Don't treat HCRX_EL2 as a FGT register Marc Zyngier
2025-02-10 18:41 ` [PATCH 06/18] KVM: arm64: Plug FEAT_GCS handling Marc Zyngier
2025-02-11 12:36 ` Mark Rutland
2025-02-11 13:35 ` Marc Zyngier [this message]
2025-02-11 13:47 ` Mark Rutland
2025-02-10 18:41 ` [PATCH 07/18] KVM: arm64: Compute FGT masks from KVM's own FGT tables Marc Zyngier
2025-03-04 16:55 ` Fuad Tabba
2025-03-10 11:42 ` Marc Zyngier
2025-03-11 19:10 ` Marc Zyngier
2025-02-10 18:41 ` [PATCH 08/18] KVM: arm64: Add description of FGT bits leading to EC!=0x18 Marc Zyngier
2025-02-10 18:41 ` [PATCH 09/18] KVM: arm64: Use computed masks as sanitisers for FGT registers Marc Zyngier
2025-02-10 18:41 ` [PATCH 10/18] KVM: arm64: Unconditionally configure fine-grain traps Marc Zyngier
2025-02-10 18:41 ` [PATCH 11/18] KVM: arm64: Propagate FGT masks to the nVHE hypervisor Marc Zyngier
2025-02-10 18:41 ` [PATCH 12/18] KVM: arm64: Use computed FGT masks to setup FGT registers Marc Zyngier
2025-02-10 18:41 ` [PATCH 13/18] KVM: arm64: Remove most hand-crafted masks for " Marc Zyngier
2025-02-10 18:41 ` [PATCH 14/18] KVM: arm64: Use KVM-specific HCRX_EL2 RES0 mask Marc Zyngier
2025-02-10 18:41 ` [PATCH 15/18] KVM: arm64: Handle PSB CSYNC traps Marc Zyngier
2025-02-10 18:41 ` [PATCH 16/18] KVM: arm64: Switch to table-driven FGU configuration Marc Zyngier
2025-02-10 18:41 ` [PATCH 17/18] KVM: arm64: Validate FGT register descriptions against RES0 masks Marc Zyngier
2025-02-10 18:41 ` [PATCH 18/18] KVM: arm64: Use FGT feature maps to drive RES0 bits Marc Zyngier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=861pw4txhh.wl-maz@kernel.org \
--to=maz@kernel.org \
--cc=joey.gouly@arm.com \
--cc=kvm@vger.kernel.org \
--cc=kvmarm@lists.linux.dev \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=mark.rutland@arm.com \
--cc=oliver.upton@linux.dev \
--cc=suzuki.poulose@arm.com \
--cc=tabba@google.com \
--cc=yuzenghui@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).