From patchwork Thu Oct 8 18:16:39 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Qais Yousef X-Patchwork-Id: 11824307 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id AB6E214D5 for ; Thu, 8 Oct 2020 18:18:42 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 69B15221FE for ; Thu, 8 Oct 2020 18:18:42 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="Au44HXhY" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 69B15221FE Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=arm.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:MIME-Version:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:References:In-Reply-To:Message-Id:Date:Subject:To: From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=w1cmSo389jP5xt0QWxdPkRz9s8a3zWxUhEa8IBg3BiY=; b=Au44HXhYziOj7CuikgTqIOv69V TgjDuGVudBcCpxeoZja7jlvSv90ca+sCxA0nyR45bkXzELKu/U0P56wvcggGXhMgaF2rmTWlW62q+ dMVuE09/gbJ64pSDznpMK5vA3Ugh0rAgTvF5h4kFM7eia7PEOtPFYZ6R4Yhanh6PNZlRtR7dZVdoQ EksYeFSxKDue/4pOFGRVli1S3MOQqxqwi4IvC8rdhG4gIdDdZDGUKVqIBCzAt2HlVeFLKLeUtKhEB D7/JVhh4Xre58xriMNWEVgpWWWjIWKw7wHHIUJnnaMGHLrAfVH7NtDfAFLUquAYlPCkur5xW49aGu PUZKnteA==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1kQaTP-0004cC-Dr; Thu, 08 Oct 2020 18:17:03 +0000 Received: from foss.arm.com ([217.140.110.172]) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1kQaTK-0004aQ-7z for linux-arm-kernel@lists.infradead.org; Thu, 08 Oct 2020 18:16:59 +0000 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 9AC451529; Thu, 8 Oct 2020 11:16:55 -0700 (PDT) Received: from e107158-lin.cambridge.arm.com (e107158-lin.cambridge.arm.com [10.1.195.21]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 4BBC73F802; Thu, 8 Oct 2020 11:16:54 -0700 (PDT) From: Qais Yousef To: Catalin Marinas , Will Deacon , Marc Zyngier , "Peter Zijlstra (Intel)" Subject: [RFC PATCH 1/3] arm64: kvm: Handle Asymmetric AArch32 systems Date: Thu, 8 Oct 2020 19:16:39 +0100 Message-Id: <20201008181641.32767-2-qais.yousef@arm.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20201008181641.32767-1-qais.yousef@arm.com> References: <20201008181641.32767-1-qais.yousef@arm.com> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20201008_141658_363164_DE978436 X-CRM114-Status: GOOD ( 15.28 ) X-Spam-Score: -2.3 (--) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (-2.3 points) pts rule name description ---- ---------------------- -------------------------------------------------- -2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at https://www.dnswl.org/, medium trust [217.140.110.172 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: linux-arch@vger.kernel.org, Greg Kroah-Hartman , Qais Yousef , Linus Torvalds , Morten Rasmussen , linux-arm-kernel@lists.infradead.org MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org On a system without uniform support for AArch32 at EL0, it is possible for the guest to force run AArch32 at EL0 and potentially cause an illegal exception if running on the wrong core. Add an extra check to catch if the guest ever does that and prevent it from running again, treating it as ARM_EXCEPTION_IL. We try to catch this misbehavior as early as possible and not rely on PSTATE.IL to occur. Tested on Juno by instrumenting the host to: * Fake asym aarch32. * Comment out hiding of ID registers from the guest. Any attempt to run 32bit app in the guest will produce such error on qemu: # ./test error: kvm run failed Invalid argument R00=ffff0fff R01=ffffffff R02=00000000 R03=00087968 R04=000874b8 R05=ffd70b24 R06=ffd70b2c R07=00000055 R08=00000000 R09=00000000 R10=00000000 R11=00000000 R12=0000001c R13=ffd6f974 R14=0001ff64 R15=ffff0fe0 PSR=a0000010 N-C- A usr32 Signed-off-by: Qais Yousef --- arch/arm64/kvm/arm.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/arch/arm64/kvm/arm.c b/arch/arm64/kvm/arm.c index b588c3b5c2f0..22ff3373d855 100644 --- a/arch/arm64/kvm/arm.c +++ b/arch/arm64/kvm/arm.c @@ -644,6 +644,11 @@ int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu) struct kvm_run *run = vcpu->run; int ret; + if (!system_supports_32bit_el0() && vcpu_mode_is_32bit(vcpu)) { + kvm_err("Illegal AArch32 mode at EL0, can't run."); + return -ENOEXEC; + } + if (unlikely(!kvm_vcpu_initialized(vcpu))) return -ENOEXEC; @@ -804,6 +809,17 @@ int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu) preempt_enable(); + /* + * For asym aarch32 systems we present a 64bit only system to + * the guest. But in case it managed somehow to escape that and + * enter 32bit mode, catch that and prevent it from running + * again. + */ + if (!system_supports_32bit_el0() && vcpu_mode_is_32bit(vcpu)) { + kvm_err("Detected illegal AArch32 mode at EL0, exiting."); + ret = ARM_EXCEPTION_IL; + } + ret = handle_exit(vcpu, ret); }