From patchwork Thu Oct 17 02:57:01 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ilkka Koskinen X-Patchwork-Id: 13839357 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 519E4D2F7E2 for ; Thu, 17 Oct 2024 02:59:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:MIME-Version:Content-Type: Content-Transfer-Encoding:Message-Id:Date:Subject:Cc:To:From:Reply-To: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Owner; bh=vwq/F+shr8mQwoX1UJ8uenpyoxkt6o+goCHTb6Sqp1E=; b=Lie3Z5vONGmq7me4mM2Y8n//os U7ArpjXL3/bny4KQBC2IUXFZr5i29iKF3fKirmaW3r/Iw/30fWfBhY8Vsmr/Qcz4/tm/Fq/OKVW51 QKscIYW3NskBGO+zFKmCl6DqEq5byHQL8oug3ZhOEDgyjvFKqKirNd0GIR+nw6hjjSDwHuxqPIee/ Dhn8bYGo8O9Uql2viZamrKDiAH+ILCeeEmZ1nn9tDkY+IochnaSLji/rZ+wClBJP0x66Tc4LUXsgi muzmlTcBxKFpyc6OCk5lwEwxPbvu6ES9J1ZzDXHk80yyyYeG2wV4jEN9ySFcKBXonlb5Da49s9/k7 gDHbi6Wg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1t1Gj9-0000000Dbjj-2P28; Thu, 17 Oct 2024 02:59:03 +0000 Received: from desiato.infradead.org ([2001:8b0:10b:1:d65d:64ff:fe57:4e05]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1t1Ghj-0000000DbXr-0DFM for linux-arm-kernel@bombadil.infradead.org; Thu, 17 Oct 2024 02:57:35 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=desiato.20200630; h=MIME-Version:Content-Type: Content-Transfer-Encoding:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: Content-ID:Content-Description:In-Reply-To:References; bh=vwq/F+shr8mQwoX1UJ8uenpyoxkt6o+goCHTb6Sqp1E=; b=T3riIOYaLFn8O45YeSu5LKS4Vl qaPwbXoZxlSYbQz4CPl1gNkdeCVHSn2TN9FvlRPpvQGdLIGRVb7/j5NNGdUb/P2/TUzX+19mqKoBQ 3vpk8OhTYpr13FQj3W1gufvjU51Ot4cy9cmxx1v0/imc1tQTaoM1haGRxk6Ox3bpkMpD0Tb/FCBLs qmG0hhcuOCzG5SOpOmBZPeSW6nAKRI9tRnJU/9XSL+0D/w37oXo5lGQ7Kvcern3qUSWPt040muQe7 hsx2tb2gPKxpMZUDwNlQAa7383soRq9AeirAWoOnjr6V6MuS5jMaVsvLdpkY/btfxDfSMCqhpy62e YFQu3dyQ==; Received: from mail-westcentralusazlp170100000.outbound.protection.outlook.com ([2a01:111:f403:c112::] helo=CY4PR05CU001.outbound.protection.outlook.com) by desiato.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1t1Ghd-000000072Is-2BWg for linux-arm-kernel@lists.infradead.org; Thu, 17 Oct 2024 02:57:33 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=V6WDiyYbO/H5BOuX3JDhXhLH6ct62B06a5kNMcNYXS1hAtB8oGsRek3ZSJqG+5REoWX/+fLNfHdHT2JcmTR5N+0FPacbzqNtkTYYcPuE4EQfddeXAf7kjQyA9I9AocSP1qJsQOjwj0iKM5NBW+q8Wx13k6u9Y9XaH5Vk1FtQYwIlqaGfsFUPxdP9w7zP9gVD5a3SrnwGFg3zS8VnWTziXh1fnvQkup0mlDKIZiJwAVG/DH67iRnVuXwjxNfdMuZRk6vk6/f2+sM/n3zYUCu3gP7vMZalBAinsviLCwH1JobtmCKpK6MGaFxGm/iNAIxD0T7iJhNZ3pilAtFmHLlK/Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=vwq/F+shr8mQwoX1UJ8uenpyoxkt6o+goCHTb6Sqp1E=; b=h0b9dKIoZK8fiMTJ3h1BU2QPFQrHuAW79hDAnaLZ0T1OsGSYpL7Xwe8/UMRQI+DKS/5Fen9CK1+nuYCIQSAe6igtb2+U2KkuprI7gxmXlh1TEk9pK2LmCO37BIMkibY0/YBDFGQ7PNkrU+f7EC5vaa/2Wja07fP5IQiiTxY9kBX14o5Og72sIW1oXfzCdINnDCo33rNuK+YK4MtdikHi1yww5icmZ//x9pb1YU3RawVWER9t/5TUaIcMKV+aurxXoo35juvAh9fOQE2t+txgWeWilpjLxBEOuQvZHNE+8aXsNbRAzOvG2yahyCeWQTV7ulFhWfegDZvAgi65dpWC/Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=os.amperecomputing.com; dmarc=pass action=none header.from=os.amperecomputing.com; dkim=pass header.d=os.amperecomputing.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=os.amperecomputing.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vwq/F+shr8mQwoX1UJ8uenpyoxkt6o+goCHTb6Sqp1E=; b=moZhRguV4L9gLZYJQOKoSvvANNwhuogZzwxNnjjOE8TtCyPPiaVOqgjzU8MpsOloTBWW1BzmOZtpdzaoVJzdbGs87dU1pelo/JAzfdF2mugs+zq8rroy392UVhLf2kA1/4eV3TkGUl5Ydo5dO7YNSnPW9mNq10Rq3lREEn6Xxa8= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=os.amperecomputing.com; Received: from MW4PR01MB6228.prod.exchangelabs.com (2603:10b6:303:76::7) by SJ2PR01MB8436.prod.exchangelabs.com (2603:10b6:a03:567::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7982.34; Thu, 17 Oct 2024 02:57:21 +0000 Received: from MW4PR01MB6228.prod.exchangelabs.com ([fe80::13ba:df5b:8558:8bba]) by MW4PR01MB6228.prod.exchangelabs.com ([fe80::13ba:df5b:8558:8bba%7]) with mapi id 15.20.7982.033; Thu, 17 Oct 2024 02:57:20 +0000 From: Ilkka Koskinen To: Gavin Shan , Marc Zyngier , Oliver Upton , Joey Gouly , Suzuki K Poulose , Zenghui Yu , Catalin Marinas , Will Deacon , Akihiko Odaki Cc: linux-arm-kernel@lists.infradead.org, kvmarm@lists.linux.dev, linux-kernel@vger.kernel.org, Ilkka Koskinen Subject: [PATCH v2] KVM: arm64: Fix shift-out-of-bounds bug Date: Wed, 16 Oct 2024 19:57:01 -0700 Message-Id: <20241017025701.67936-1-ilkka@os.amperecomputing.com> X-Mailer: git-send-email 2.40.1 X-ClientProxiedBy: CH5PR05CA0013.namprd05.prod.outlook.com (2603:10b6:610:1f0::26) To MW4PR01MB6228.prod.exchangelabs.com (2603:10b6:303:76::7) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: MW4PR01MB6228:EE_|SJ2PR01MB8436:EE_ X-MS-Office365-Filtering-Correlation-Id: fb2017b9-3427-4146-79e3-08dcee576b27 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|7416014|52116014|366016|376014|1800799024|38350700014; X-Microsoft-Antispam-Message-Info: 0yrAa1CIAkY/DdLVetAKaY9JbzXoR3rz22EGmMJ2DpjquopO38ubCOyh27bg8+0oYT6/Lf1tv1BqEPP4n45Yz6U6Inx5ZWPI6oH1gQFE0zLbJex60gtzRxVfm+ZEpFSkD3CAzrC7DC5oKUCKM4npbENN9X55EyLKJ/d4KKs7m48leym0/F0zeTdt+1xwBSZWQPHbUQ6y9bNELZJ60i11XWxaim8z9vK99HcoAgkPLyOlqYp9ZwR1Gme8yJV8V0o9HAVKu6HhK0A3bMDDPyUnz+C5Y9xPDzEoXQOhNUKHJO4ZSrYoNrbFZVdCQbBnfrzXmw+8KIDiP85TMMtZbaAXcHEzw7sxIodzAexb6Q/YDNcQTXzq42oyvJcc197uj6wJ7f8PWaQT6VKqMpsZJ1w1IcpKyygzkEKQys2WZwsE7kkkqbIvDzIx+yqIbcyGVEAFWlMarRjJrityqg/5eir21wFtvaCujQltG56JgqA/Y7rEe0B8Pd/uhh5wrlaBJvejyCCsO0laLh+PcUUdGZH4IPuksJhkPDkHXTGQAZwDfMRofBdA8CvBK3vAlLqRygqEH0GNwqmlRzJcwFV/qsD2ETYmOisYn8UNcJYH901sL+eV6a4RVg8We6ubqR6zqi08v+TNFW151NldAg+boDToE7d+cBHTK57tAr37twTuCL8Ll5ZuLjUjXZolpL/g1sKtWys5JLH05mTKTMedS6kqUCrftkgAtaOFcpyUxR1pYptl6dUWkvNPVmOy2YnWd1Rnyl4rt76BYXoskeVSgDBgsOfYpZRza2XBHk7SJj6qIc5y64kzZcEVA0ybydGBbGwU4X34yKswhhOwl7vqQ2JbbzF8EyLpB3/K5sKA7mEo6w0zHMefn/963LoMQbJllPr5Gm9UzY5OxEbIk6fzeC1e52pBRwhNWL8YvHOsDEOAOZcwecTgSKXlfBQxHuctnGdazP+19sg9UbUicZ/gr5bDWyY32VmLcqAownDfBAEnZURpwOge7ltqBShBWKz4aMhg2FnC0OiziavwoD25TWB1ZNnXXQIZfmOLw+xVGudM32iRNqQT57C+5tYUqcrpZrv0WnZ6zs9e8skvSATldvW72Mgcu56oNbXlwmtgGUR28UpL/LMqM026BQrCSZk6EHnqTe/lXUwmq5OBnIFewfSF5ou14t4VL784RtHXB3tnEEROcAl34jXxvQ/YpQDf/J0HgDWPvoPwCKnbg8k5+dwP/UGGoZ6m+vFUOzQ261ykkLA/IRgGTzfajv1NN5E4fo6wgfszAT13rVJDhRXxiAuqfbj3EdZSsadTEjNsS7LXbFSITCl6WRCyNaeILWuCfXmW7AiDukWl896oQIYpGX5L80/HtFNLbk0upyqkvYM//QU= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MW4PR01MB6228.prod.exchangelabs.com;PTR:;CAT:NONE;SFS:(13230040)(7416014)(52116014)(366016)(376014)(1800799024)(38350700014);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: 03mk8NQQC7fAQQ59Jy5MRcS/OAGwepvpk+KeoHH2JT2jTr2FLQtDKnObdnt+Yb9O1Lqv0OPu/2T9XZggIysa74iAd9z4gfZaf9mwwIpCxCKpM8HNvpcXKlw4AGc1fkJXxb7IkLVst+9e/TBKeaGr6M53YJsNLc3d541lmlUq2uTwjzUjUFWv2EvP8xb01m9I/2DXCIDBB/1VOknmgCjBHQJJ+QdDAEyuXhqsAW1k+M9I/CKrBEwluDU1hGAr9nOIvLi1abMUWpInR4WnsC5mv88Qzb0ohEcWfwGDI3bEH8Q0EGUg+s3ZBLxxBxXda6do7P74oRKPndfpILm8BcQ8SPLf99glKvsbp4ruUY3KES8th8LtJDJlW0LsfdS6A6wMsol+AjNqj6RTRIe0/hAgoizOeQwfhIdh5WxaaJyiRUeS0vK6/wim0fz22gnFi9N+yx9WzoubpiUGy6D4JCbOzUZljWvLXeuANnVAkZn/SEJNfdXhnuHSQmQ2Ovcms5NCga0hnXL02yzpegU2VwdScSA8ey3zBNcpuxlO8UuPXO7SX8H3dQTdDLR2Dm/tBCLg9D5Z75MxIdHjnY2AhxYedE/Hs9/ol0/C8AMBa0dpZjhflUio92fUa2drEzOnHxpYK4Rc0VExYwDouvBahHVTzI5dT1mmg56vE7msBkZuFHQMzp9E5EKfAEOdVp+CjEAiYtaQgfiQ3TNrx515pSL6ohUd6L5qXqMtlKhBcAx8exD8GbUD+UtLBVB3FVNlLWyACbCt/UkLAKIXT+RT44GOOOIWFcJ6q0TUshbPEhK1eKknuLvIQJ0FKyAOSH/J8EL0bVZNILVF9VYxijmipWDzBUGC5h2pB1Gz6/rD0fLVvWc/brN+mjyk+jNEzlfpZ+P0MET0BCcVhkt7IDKbvCB9AwNFnd+nd0inplVmYXZJlZwPipVlX/Bc0liXf2tvqyez6eOUKLzvhJ5CagEjRkVB6jey6j1aAHTzFzsmQuWG3hR31Sdnmfh7774//0/cCTb3qkECpCbXhGTgpxTar1SWXthdN/AEXmm5LOHUIkIHewP2POFfOxoEA/TBnRdfdpwfIMxHyrOItkin49Qnf5xuyQTKT1lTgNYrTBftACLBwc86NnwPv3Uax60SK1zT2VqZmCfXKHVbSV+3WSAsU/AGaiGEQkHQj2z2F+7j7Jot+00ar95YOPLdQ4/6D370ofbLp2TPofHsXdjNEVXflsxttmH6e0zmnJfpUvV9oDzmUARnCGMpieefcrNDQGOyK/A+1LFSZUgMAf+7mdRzQo/4kOOs1KQjdUUylRXcDILZ0NjgZrJ5oVlJeqiMu36wr1dL5wg8C902TQOtQsoqEVHTreov2gR/g3gJO7rU54YNb2ukEilzciE6hvqoU3l4nZR+WYr+lWkYiGlCRop0lhPT4mKBt82elrimS40W+zIw7WbemevAOEqpCrEIGmCtpUX9BvnQcMLvlBC/GJxFRoquKtdXH38w5s39EFkeYNIPL9zHYlzWx1drJz9xPqoWXFgAiB8LxT49fELu4tbXNyTDrm7BLIEAMP0eD4MkyumqIP9QyL7GpHmyKeLouR9IID1kQNAjlsmYwu9g+jvNx3jMXX0E2njDhZbh+LH7DZ08zZY= X-OriginatorOrg: os.amperecomputing.com X-MS-Exchange-CrossTenant-Network-Message-Id: fb2017b9-3427-4146-79e3-08dcee576b27 X-MS-Exchange-CrossTenant-AuthSource: MW4PR01MB6228.prod.exchangelabs.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Oct 2024 02:57:20.8469 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3bc2b170-fd94-476d-b0ce-4229bdc904a7 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 7X7/mwsRwYSNaSikZw+JPQDVduU5UAbnTHf/NzPWJ0AlzU9wOLJbTCKUlIzzoQBaq75HAFe3j4K2tf4RSsyRVfAH4PwZAtb1vJmZhkQ3lsQXi5toGG+i9YCt+rM8qdxX X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ2PR01MB8436 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20241017_035729_702458_6213EC7E X-CRM114-Status: UNSURE ( 9.48 ) X-CRM114-Notice: Please train this message. X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Fix a shift-out-of-bounds bug reported by UBSAN when running VM with MTE enabled host kernel. UBSAN: shift-out-of-bounds in arch/arm64/kvm/sys_regs.c:1988:14 shift exponent 33 is too large for 32-bit type 'int' CPU: 26 UID: 0 PID: 7629 Comm: qemu-kvm Not tainted 6.12.0-rc2 #34 Hardware name: IEI NF5280R7/Mitchell MB, BIOS 00.00. 2024-10-12 09:28:54 10/14/2024 Call trace: dump_backtrace+0xa0/0x128 show_stack+0x20/0x38 dump_stack_lvl+0x74/0x90 dump_stack+0x18/0x28 __ubsan_handle_shift_out_of_bounds+0xf8/0x1e0 reset_clidr+0x10c/0x1c8 kvm_reset_sys_regs+0x50/0x1c8 kvm_reset_vcpu+0xec/0x2b0 __kvm_vcpu_set_target+0x84/0x158 kvm_vcpu_set_target+0x138/0x168 kvm_arch_vcpu_ioctl_vcpu_init+0x40/0x2b0 kvm_arch_vcpu_ioctl+0x28c/0x4b8 kvm_vcpu_ioctl+0x4bc/0x7a8 __arm64_sys_ioctl+0xb4/0x100 invoke_syscall+0x70/0x100 el0_svc_common.constprop.0+0x48/0xf0 do_el0_svc+0x24/0x38 el0_svc+0x3c/0x158 el0t_64_sync_handler+0x120/0x130 el0t_64_sync+0x194/0x198 Fixes: 7af0c2534f4c ("KVM: arm64: Normalize cache configuration") Cc: stable@vger.kernel.org Reviewed-by: Gavin Shan Signed-off-by: Ilkka Koskinen Reviewed-by: Anshuman Khandual --- arch/arm64/kvm/sys_regs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c index 375052d8cd22..ff8c4e1b847e 100644 --- a/arch/arm64/kvm/sys_regs.c +++ b/arch/arm64/kvm/sys_regs.c @@ -1994,7 +1994,7 @@ static u64 reset_clidr(struct kvm_vcpu *vcpu, const struct sys_reg_desc *r) * one cache line. */ if (kvm_has_mte(vcpu->kvm)) - clidr |= 2 << CLIDR_TTYPE_SHIFT(loc); + clidr |= 2ULL << CLIDR_TTYPE_SHIFT(loc); __vcpu_sys_reg(vcpu, r->reg) = clidr;