| Message ID | 20221027120945.29679-1-ryan.roberts@arm.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [v1] KVM: arm64: Fix bad dereference on MTE-enabled systems. | expand |
On 27/10/2022 13:09, Ryan Roberts wrote: > enter_exception64() performs an MTE check, which involves dereferencing > vcpu->kvm. While vcpu has already been fixed up for hyp va, kvm is still > a kern va pointer. > > Fix this by first converting kvm to a hyp va pointer. If the system does > not support MTE, the dereference is avoided in the first place. > > Fixes: ea7fc1bb1cd1 ("KVM: arm64: Introduce MTE VM feature") > > Signed-off-by: Ryan Roberts <ryan.roberts@arm.com> It's worth pointing out this only affects non-VHE mode, which is unusual on hardware which supports MTE (and therefore VHE). But, of course, about to get more usual with pKVM. Reviewed-by: Steven Price <steven.price@arm.com> > --- > arch/arm64/kvm/hyp/exception.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/arch/arm64/kvm/hyp/exception.c b/arch/arm64/kvm/hyp/exception.c > index b7557b25ed56..791d3de76771 100644 > --- a/arch/arm64/kvm/hyp/exception.c > +++ b/arch/arm64/kvm/hyp/exception.c > @@ -13,6 +13,7 @@ > #include <hyp/adjust_pc.h> > #include <linux/kvm_host.h> > #include <asm/kvm_emulate.h> > +#include <asm/kvm_mmu.h> > > #if !defined (__KVM_NVHE_HYPERVISOR__) && !defined (__KVM_VHE_HYPERVISOR__) > #error Hypervisor code only! > @@ -115,7 +116,7 @@ static void enter_exception64(struct kvm_vcpu *vcpu, unsigned long target_mode, > new |= (old & PSR_C_BIT); > new |= (old & PSR_V_BIT); > > - if (kvm_has_mte(vcpu->kvm)) > + if (kvm_has_mte(kern_hyp_va(vcpu->kvm))) > new |= PSR_TCO_BIT; > > new |= (old & PSR_DIT_BIT); > -- > 2.17.1 >
On Thu, 27 Oct 2022 13:09:45 +0100, Ryan Roberts wrote: > enter_exception64() performs an MTE check, which involves dereferencing > vcpu->kvm. While vcpu has already been fixed up for hyp va, kvm is still > a kern va pointer. > > Fix this by first converting kvm to a hyp va pointer. If the system does > not support MTE, the dereference is avoided in the first place. > > [...] Applied to fixes with minor commit message fixes, thanks! [1/1] KVM: arm64: Fix bad dereference on MTE-enabled systems. commit: b6bcdc9f6b8321e4471ff45413b6410e16762a8d Cheers, M.
diff --git a/arch/arm64/kvm/hyp/exception.c b/arch/arm64/kvm/hyp/exception.c index b7557b25ed56..791d3de76771 100644 --- a/arch/arm64/kvm/hyp/exception.c +++ b/arch/arm64/kvm/hyp/exception.c @@ -13,6 +13,7 @@ #include <hyp/adjust_pc.h> #include <linux/kvm_host.h> #include <asm/kvm_emulate.h> +#include <asm/kvm_mmu.h> #if !defined (__KVM_NVHE_HYPERVISOR__) && !defined (__KVM_VHE_HYPERVISOR__) #error Hypervisor code only! @@ -115,7 +116,7 @@ static void enter_exception64(struct kvm_vcpu *vcpu, unsigned long target_mode, new |= (old & PSR_C_BIT); new |= (old & PSR_V_BIT); - if (kvm_has_mte(vcpu->kvm)) + if (kvm_has_mte(kern_hyp_va(vcpu->kvm))) new |= PSR_TCO_BIT; new |= (old & PSR_DIT_BIT);
enter_exception64() performs an MTE check, which involves dereferencing vcpu->kvm. While vcpu has already been fixed up for hyp va, kvm is still a kern va pointer. Fix this by first converting kvm to a hyp va pointer. If the system does not support MTE, the dereference is avoided in the first place. Fixes: ea7fc1bb1cd1 ("KVM: arm64: Introduce MTE VM feature") Signed-off-by: Ryan Roberts <ryan.roberts@arm.com> --- arch/arm64/kvm/hyp/exception.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) -- 2.17.1