From patchwork Fri Jan 27 11:29:23 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steven Price X-Patchwork-Id: 49265 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp783686wrn; Fri, 27 Jan 2023 03:34:19 -0800 (PST) X-Google-Smtp-Source: AK7set+t7DAOleNcaQWq0i7s9rJANwijQOqpJFlCMytOV793qyf9qgegn8EUYek0UfHUu1w000GO X-Received: by 2002:a17:90a:1d5:b0:22b:b78f:ba04 with SMTP id 21-20020a17090a01d500b0022bb78fba04mr6454351pjd.41.1674819259350; Fri, 27 Jan 2023 03:34:19 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674819259; cv=none; d=google.com; s=arc-20160816; b=cGGanvxyGIGfrvyvw0XGMJdVFZgpaBKHFXPxCRB267rU7PuXaiVJBjdXsdBxgTsXbl K9E9XmwudyCAN+9ymkOTn//lGrwWTZVyzTnMG0OkjY0DiZFh1JNLBlzMu91qAcgTvUeB UiQmHbOnDzi14WkQdzTHfQJGueMBqCCxPPxE7wwWpTvRzid4OjYVW4ROiuOBDQgjduZ3 AjBG5SlIutV+kBEZBzBYONLC7PUe76Rh78KxxMhr7iR8cEQMu4jwPFTaCyCjxL7BHkq/ kGX/0rTiLf3Y27RC3UaaWc7z+tyINXxkLlMCG3p/FsKW7hPL0Qvhr7q3k8zM93mHm2ha Bftw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=hx4lGEnxyRw1X8co5vAAFFXfXxfDw6RoHbyfvpUGgE4=; b=nhJ4B5Wtd5X+dYOaUQrrk45RzKl8k9INjKuoa4bO0mgT72iArch7y9mCvM1chliye+ W75HBK2VCojyGv5swm5gqlf7VPhckU9rAgMWSG+FaTJhQhJZkoMmbWpgtBUn5CDHufDk y49rXUFZIGo6iVcqIeS/1F4ynz23C/C7hB935H4dCuHyQkKxelSkY5Qr7BOZEoQ02leE WG98rbH2ClbUfhbPaD2j54unJ3PeTEr725qHOCuAFSecZj9Tz6LW1R7WE9KrZ4WbwBt3 McjGmnfDFUwsQTo8FBsa3SOCpggoYpIenkGJ5nj0qw2qgZlOqbTb+9rZHAro6Z0CHnZZ nwmA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id bb24-20020a17090b009800b0021918bc9a47si4236502pjb.174.2023.01.27.03.33.37; Fri, 27 Jan 2023 03:34:19 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233670AbjA0LdS (ORCPT + 99 others); Fri, 27 Jan 2023 06:33:18 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45152 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233697AbjA0Lck (ORCPT ); Fri, 27 Jan 2023 06:32:40 -0500 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id D17506BBCA; Fri, 27 Jan 2023 03:31:14 -0800 (PST) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 578EC169E; Fri, 27 Jan 2023 03:31:13 -0800 (PST) Received: from e122027.cambridge.arm.com (e122027.cambridge.arm.com [10.1.35.16]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 55A0F3F64C; Fri, 27 Jan 2023 03:30:29 -0800 (PST) From: Steven Price To: kvm@vger.kernel.org, kvmarm@lists.linux.dev Cc: Steven Price , Catalin Marinas , Marc Zyngier , Will Deacon , James Morse , Oliver Upton , Suzuki K Poulose , Zenghui Yu , linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, Joey Gouly , Alexandru Elisei , Christoffer Dall , Fuad Tabba , linux-coco@lists.linux.dev Subject: [RFC PATCH 19/28] KVM: arm64: Validate register access for a Realm VM Date: Fri, 27 Jan 2023 11:29:23 +0000 Message-Id: <20230127112932.38045-20-steven.price@arm.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230127112932.38045-1-steven.price@arm.com> References: <20230127112248.136810-1-suzuki.poulose@arm.com> <20230127112932.38045-1-steven.price@arm.com> MIME-Version: 1.0 X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1756175279662422326?= X-GMAIL-MSGID: =?utf-8?q?1756175279662422326?= The RMM only allows setting the lower GPRS (x0-x7) and PC for a realm guest. Check this in kvm_arm_set_reg() so that the VMM can receive a suitable error return if other registers are accessed. Signed-off-by: Steven Price --- arch/arm64/kvm/guest.c | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/arch/arm64/kvm/guest.c b/arch/arm64/kvm/guest.c index 5626ddb540ce..93468bbfb50e 100644 --- a/arch/arm64/kvm/guest.c +++ b/arch/arm64/kvm/guest.c @@ -768,12 +768,38 @@ int kvm_arm_get_reg(struct kvm_vcpu *vcpu, const struct kvm_one_reg *reg) return kvm_arm_sys_reg_get_reg(vcpu, reg); } +/* + * The RMI ABI only enables setting the lower GPRs (x0-x7) and PC. + * All other registers are reset to architectural or otherwise defined reset + * values by the RMM + */ +static bool validate_realm_set_reg(struct kvm_vcpu *vcpu, + const struct kvm_one_reg *reg) +{ + u64 off = core_reg_offset_from_id(reg->id); + + if ((reg->id & KVM_REG_ARM_COPROC_MASK) != KVM_REG_ARM_CORE) + return false; + + switch (off) { + case KVM_REG_ARM_CORE_REG(regs.regs[0]) ... + KVM_REG_ARM_CORE_REG(regs.regs[7]): + case KVM_REG_ARM_CORE_REG(regs.pc): + return true; + } + + return false; +} + int kvm_arm_set_reg(struct kvm_vcpu *vcpu, const struct kvm_one_reg *reg) { /* We currently use nothing arch-specific in upper 32 bits */ if ((reg->id & ~KVM_REG_SIZE_MASK) >> 32 != KVM_REG_ARM64 >> 32) return -EINVAL; + if (kvm_is_realm(vcpu->kvm) && !validate_realm_set_reg(vcpu, reg)) + return -EINVAL; + switch (reg->id & KVM_REG_ARM_COPROC_MASK) { case KVM_REG_ARM_CORE: return set_core_reg(vcpu, reg); case KVM_REG_ARM_FW: