From patchwork Fri May 24 14:19:54 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marc Zyngier X-Patchwork-Id: 13673213 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3045086262; Fri, 24 May 2024 14:20:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716560413; cv=none; b=Ks7lnoLekfZY4FGO4PD7cYQVaRvQOtmbzEJXYn7U/b+nT20mr2a6yYfHjjeOvauccw86RLEk+7f3rBC5Flazss8BbiKyGOK4Z0z2yMVKQud4drfqESHdZSBXcZoM0b4AK2OKXIeiqcf7IXcXi6pfZ/0XLqfVpLoCWPd2spi0IiA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716560413; c=relaxed/simple; bh=UBoLwNGuQCcRtKQYXG4UrSzJ5ovYyH9dKoajeluIiAs=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=P3YKpgMhbmy2KT9uWf9uThERL9AzmZiK9sLNTy13QbzryEKSp3oWcaOmZolWQLR92klnxCwbomcl60gDgQvwrlyny9ifGJp1gGZnLq2YWMZYdxh+JxWKzOuc3mGpA/Y9B8tgkM8q027EgTTJ+xJ72+vdH9+JCicEc77IEimGMTg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=B9ntX7qs; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="B9ntX7qs" Received: by smtp.kernel.org (Postfix) with ESMTPSA id DA4DBC2BBFC; Fri, 24 May 2024 14:20:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1716560412; bh=UBoLwNGuQCcRtKQYXG4UrSzJ5ovYyH9dKoajeluIiAs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=B9ntX7qs8kqzO1p6AolukxanwQs5o+WPLe6sF1b/3V4NhCQoa/ZNNXbdCxwolozPQ 3xm65YF4JuOxWlXldjpSSSSxvPHM5HrmwdMaEzQPEpyZRgkey5M277zg97bBm1PpBC +sGD4WkU9EhP9MIlCcCevZwwvc+8BEG1OMTOAPXs4dMKEdnyyVk6Knw2SR97tonwGn k3RfSG6+rXaRK7PJdtLALG2YNG6EFwnIDDZG3+0gcZ8+jJsNR7RMv8gLZHxkOTVqau FraVuTeH++kNnSG1wQ8UNuIFLUCeX6Doz7Wyt6utMXLXFZGvHxxupeIFh/q/XQJQhw vg/z99n5m4OZg== Received: from sofa.misterjones.org ([185.219.108.64] helo=valley-girl.lan) by disco-boy.misterjones.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1sAVmE-00FRdK-S2; Fri, 24 May 2024 15:20:10 +0100 From: Marc Zyngier To: kvmarm@lists.linux.dev, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org Cc: Nina Schoetterl-Glausch , James Morse , Suzuki K Poulose , Oliver Upton , Zenghui Yu , stable@vger.kernel.org Subject: [PATCH 1/3] KVM: arm64: Fix AArch32 register narrowing on userspace write Date: Fri, 24 May 2024 15:19:54 +0100 Message-Id: <20240524141956.1450304-2-maz@kernel.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20240524141956.1450304-1-maz@kernel.org> References: <20240524141956.1450304-1-maz@kernel.org> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-SA-Exim-Connect-IP: 185.219.108.64 X-SA-Exim-Rcpt-To: kvmarm@lists.linux.dev, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org, nsg@linux.ibm.com, james.morse@arm.com, suzuki.poulose@arm.com, oliver.upton@linux.dev, yuzenghui@huawei.com, stable@vger.kernel.org X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false When userspace writes to once of the core registers, we make sure to narrow the corresponding GPRs if PSTATE indicates an AArch32 context. The code tries to check whether the context is EL0 or EL1 so that it narrows the correct registers. But it does so by checking the full PSTATE instead of PSTATE.M. As a consequence, and if we are restoring an AArch32 EL0 context in a 64bit guest, and that PSTATE has *any* bit set outside of PSTATE.M, we narrow *all* registers instead of only the first 15, destroying the 64bit state. Obviously, this is not something the guest is likely to enjoy. Correctly masking PSTATE to only evaluate PSTATE.M fixes it. Fixes: 90c1f934ed71 ("KVM: arm64: Get rid of the AArch32 register mapping code") Reported-by: Nina Schoetterl-Glausch Signed-off-by: Marc Zyngier Cc: stable@vger.kernel.org Reviewed-by: Nina Schoetterl-Glausch --- arch/arm64/kvm/guest.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm64/kvm/guest.c b/arch/arm64/kvm/guest.c index e2f762d959bb..d9617b11f7a8 100644 --- a/arch/arm64/kvm/guest.c +++ b/arch/arm64/kvm/guest.c @@ -276,7 +276,7 @@ static int set_core_reg(struct kvm_vcpu *vcpu, const struct kvm_one_reg *reg) if (*vcpu_cpsr(vcpu) & PSR_MODE32_BIT) { int i, nr_reg; - switch (*vcpu_cpsr(vcpu)) { + switch (*vcpu_cpsr(vcpu) & PSR_AA32_MODE_MASK) { /* * Either we are dealing with user mode, and only the * first 15 registers (+ PC) must be narrowed to 32bit. From patchwork Fri May 24 14:19:55 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marc Zyngier X-Patchwork-Id: 13673214 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5E91F12C47A; Fri, 24 May 2024 14:20:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716560413; cv=none; b=mn4P6pz49tncuvBm4iNnjQ3/+hPqaCxsED4H+kyQXnyly3yyuUcfxauHGyKdmDRWzbWe67w63q56GCGtYYzaOvRFfUV04JROVkuwcBHGpKgkw1BFGArDFZMgQQG2aWljCmXIHU9RgvwGwUlTkrvfRCtWZXmPtr+MeK8JCsqWV2I= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716560413; c=relaxed/simple; bh=iIdRYg57SpeBw9lBpc2D4+wuU3F3SdjQYymK7xok+G0=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=cyjwY0C6gRtVJ+T9npos2F3z2YpJ3lSzRbeKtgU3QGM7tLzTmegI9I7z9QfPMnnWySc6FPvElju61Dt50IiQB41xpu2Nn3a2XPWR/qQNX5KbedrPNJiBlNkWU2oWRnlSMGqJflypj4pxDTqKCQEN+VADdQEjuWxo/FyuI9vwVJU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=BA6ph51F; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="BA6ph51F" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 074B3C32782; Fri, 24 May 2024 14:20:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1716560413; bh=iIdRYg57SpeBw9lBpc2D4+wuU3F3SdjQYymK7xok+G0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=BA6ph51Fp/v6UuF+peq85zhAGG5SWQWnU4+1HfNiovp29zouMfIUR1PgzCiVvQSnS 78lrwP6TXP/4epSVxDfc3lMWO2dmvmYOVkIMSqEGKckOojDPGzFzrfuN55wqqybkT/ cDfXv1/x6t2l7CQruK043drSBUQnHnH6yx7bh/nBiV+wlNZVH5wQiJQ598V4KLDj+l t/vPmcx4WjK2KESEMkRwpw5i8eg3lI+UeBVL6+gvTmRFFD2oVV5kjhn+JURyyhBjFg 6OmMkZ7BIS5jHjihscPkTh/v9cIDRBq+V2YXlSRm+XBapkrS6bLtyC6rsr/MBM73/s rsyaKAtnN3ymg== Received: from sofa.misterjones.org ([185.219.108.64] helo=valley-girl.lan) by disco-boy.misterjones.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1sAVmF-00FRdK-2z; Fri, 24 May 2024 15:20:11 +0100 From: Marc Zyngier To: kvmarm@lists.linux.dev, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org Cc: Nina Schoetterl-Glausch , James Morse , Suzuki K Poulose , Oliver Upton , Zenghui Yu , stable@vger.kernel.org Subject: [PATCH 2/3] KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode Date: Fri, 24 May 2024 15:19:55 +0100 Message-Id: <20240524141956.1450304-3-maz@kernel.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20240524141956.1450304-1-maz@kernel.org> References: <20240524141956.1450304-1-maz@kernel.org> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-SA-Exim-Connect-IP: 185.219.108.64 X-SA-Exim-Rcpt-To: kvmarm@lists.linux.dev, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org, nsg@linux.ibm.com, james.morse@arm.com, suzuki.poulose@arm.com, oliver.upton@linux.dev, yuzenghui@huawei.com, stable@vger.kernel.org X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false It appears that we don't allowed a vcpu to be restored in AArch32 System mode, as we *never* included it in the list of valid modes. Just add it to the list of allowed modes. Fixes: 0d854a60b1d7 ("arm64: KVM: enable initialization of a 32bit vcpu") Signed-off-by: Marc Zyngier Cc: stable@vger.kernel.org --- arch/arm64/kvm/guest.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/arm64/kvm/guest.c b/arch/arm64/kvm/guest.c index d9617b11f7a8..11098eb7eb44 100644 --- a/arch/arm64/kvm/guest.c +++ b/arch/arm64/kvm/guest.c @@ -251,6 +251,7 @@ static int set_core_reg(struct kvm_vcpu *vcpu, const struct kvm_one_reg *reg) case PSR_AA32_MODE_SVC: case PSR_AA32_MODE_ABT: case PSR_AA32_MODE_UND: + case PSR_AA32_MODE_SYS: if (!vcpu_el1_is_32bit(vcpu)) return -EINVAL; break; From patchwork Fri May 24 14:19:56 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marc Zyngier X-Patchwork-Id: 13673215 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 88AF812C528; Fri, 24 May 2024 14:20:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716560413; cv=none; b=Bx5SBT6G1RhiFnUZ+EEbM10Mt4rrvTD6TSONbDdVKzJPCinh/nKVRckIw6sjOrmcYbZsoRqQzB8RC+2RDqWoi7fDrFSIyF2p0T98cHPfb/vm86f1SwQEyAvWeE8RUTJ879DZLycwBRvklqNsTZSlF/n/GLhM3J7TcyF5Sen1+X0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716560413; c=relaxed/simple; bh=xU072VGyeAHT1DAYktQWseuVolvnjzRb0w0T1x/SsfE=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=FAAPEQfjIyjDI3JUOQ8tqk2tQ40UlTC7aqT78qY6A/Svs1lXJZ1chvglQL1RqH0iAPlIz3vt0mv3FZCRyFGTgw/5nZi0GxIkam7IrBEaSYk3hgwkuF7WxY/E1SIF8g9UlmFrep9kI8P/DQfEPbv6gfVy5+fditeXah0BcUmoVp0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=XyEO5d+C; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="XyEO5d+C" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3C8EAC32789; Fri, 24 May 2024 14:20:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1716560413; bh=xU072VGyeAHT1DAYktQWseuVolvnjzRb0w0T1x/SsfE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=XyEO5d+CsXAivITK9xTi9dn8/WtNYTJw5jpxXG5r0yGjOywMWPE7G/kVPC+4oZdye cTYgT697wzfyv+el/4e3z3vC9YgcKC8KW2jrkcDvJk+usF6diuYVup0N7cVa8mA0vf cC4BDaaN101b+WwI/4TD1xwuQ3Ebcx7rJWzvjXTYh2t8sYkgbUwbLF7Wn5jWoLC7Nh qX2Y9ML270+Udkcrupp1xbiXb6SAADoQGXyfUw7G3/01w5N2D5scWz10mc9VUnvhdq rFiLzMj+1FBRd3AwKPTYNJ1EWrhoUwNriLpE229kwVO3gZCVFUL8fJuFwrlfH+buJq 9osT0Zwvl0z3A== Received: from sofa.misterjones.org ([185.219.108.64] helo=valley-girl.lan) by disco-boy.misterjones.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1sAVmF-00FRdK-8k; Fri, 24 May 2024 15:20:11 +0100 From: Marc Zyngier To: kvmarm@lists.linux.dev, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org Cc: Nina Schoetterl-Glausch , James Morse , Suzuki K Poulose , Oliver Upton , Zenghui Yu , stable@vger.kernel.org Subject: [PATCH 3/3] KVM: arm64: AArch32: Fix spurious trapping of conditional instructions Date: Fri, 24 May 2024 15:19:56 +0100 Message-Id: <20240524141956.1450304-4-maz@kernel.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20240524141956.1450304-1-maz@kernel.org> References: <20240524141956.1450304-1-maz@kernel.org> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-SA-Exim-Connect-IP: 185.219.108.64 X-SA-Exim-Rcpt-To: kvmarm@lists.linux.dev, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org, nsg@linux.ibm.com, james.morse@arm.com, suzuki.poulose@arm.com, oliver.upton@linux.dev, yuzenghui@huawei.com, stable@vger.kernel.org X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false We recently upgraded the view of ESR_EL2 to 64bit, in keeping with the requirements of the architecture. However, the AArch32 emulation code was left unaudited, and the (already dodgy) code that triages whether a trap is spurious or not (because the condition code failed) broke in a subtle way: If ESR_EL2.ISS2 is ever non-zero (unlikely, but hey, this is the ARM architecture we're talking about), the hack that tests the top bits of ESR_EL2.EC will break in an interesting way. Instead, use kvm_vcpu_trap_get_class() to obtain the EC, and list all the possible ECs that can fail a condition code check. While we're at it, add SMC32 to the list, as it is explicitly listed as being allowed to trap despite failing a condition code check (as described in the HCR_EL2.TSC documentation). Fixes: 0b12620fddb8 ("KVM: arm64: Treat ESR_EL2 as a 64-bit register") Signed-off-by: Marc Zyngier Cc: stable@vger.kernel.org --- arch/arm64/kvm/hyp/aarch32.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/arch/arm64/kvm/hyp/aarch32.c b/arch/arm64/kvm/hyp/aarch32.c index 8d9670e6615d..449fa58cf3b6 100644 --- a/arch/arm64/kvm/hyp/aarch32.c +++ b/arch/arm64/kvm/hyp/aarch32.c @@ -50,9 +50,23 @@ bool kvm_condition_valid32(const struct kvm_vcpu *vcpu) u32 cpsr_cond; int cond; - /* Top two bits non-zero? Unconditional. */ - if (kvm_vcpu_get_esr(vcpu) >> 30) + /* + * These are the exception classes that could fire with a + * conditional instruction. + */ + switch (kvm_vcpu_trap_get_class(vcpu)) { + case ESR_ELx_EC_CP15_32: + case ESR_ELx_EC_CP15_64: + case ESR_ELx_EC_CP14_MR: + case ESR_ELx_EC_CP14_LS: + case ESR_ELx_EC_FP_ASIMD: + case ESR_ELx_EC_CP10_ID: + case ESR_ELx_EC_CP14_64: + case ESR_ELx_EC_SVC32: + break; + default: return true; + } /* Is condition field valid? */ cond = kvm_vcpu_get_condition(vcpu);