| Message ID | 20200401165816.530281-1-maz@kernel.org (mailing list archive) |
|---|---|
| Headers | show |
| Series | KVM: arm64: PSCI fixes | expand |
Hi, On 4/1/20 5:58 PM, Marc Zyngier wrote: > Christoffer recently pointed out that we don't narrow the arguments to > SMC32 PSCI functions called by a 64bit guest. This could result in a > guest failing to boot its secondary CPUs if it had junk in the upper > 32bits. Yes, this is silly, but the guest is allowed to do that. Duh. > > Whist I was looking at this, it became apparent that we allow a 32bit > guest to call 64bit functions, which the spec explicitly forbids. Oh > well, another patch. > > This has been lightly tested, but I feel that we could do with a new > set of PSCI corner cases in KVM-unit-tests (hint, nudge... ;-). Good idea. I was already planning to add new PSCI and timer tests, I'm waiting for Paolo to merge the pull request from Drew, which contains some fixes for the current tests. > > Marc Zyngier (2): > KVM: arm64: PSCI: Narrow input registers when using 32bit functions > KVM: arm64: PSCI: Forbid 64bit functions for 32bit guests > > virt/kvm/arm/psci.c | 40 ++++++++++++++++++++++++++++++++++++++++ > 1 file changed, 40 insertions(+) > I started reviewing the patches and I have a question. I'm probably missing something, but why make the changes to the PSCI code instead of making them in the kvm_hvc_call_handler function? From my understanding of the code, making the changes there would benefit all firmware interface that use SMCCC as the communication protocol, not just PSCI. Thanks, Alex
Hi Alexandru, On Fri, 3 Apr 2020 11:35:00 +0100 Alexandru Elisei <alexandru.elisei@arm.com> wrote: > Hi, > > On 4/1/20 5:58 PM, Marc Zyngier wrote: > > Christoffer recently pointed out that we don't narrow the arguments to > > SMC32 PSCI functions called by a 64bit guest. This could result in a > > guest failing to boot its secondary CPUs if it had junk in the upper > > 32bits. Yes, this is silly, but the guest is allowed to do that. Duh. > > > > Whist I was looking at this, it became apparent that we allow a 32bit > > guest to call 64bit functions, which the spec explicitly forbids. Oh > > well, another patch. > > > > This has been lightly tested, but I feel that we could do with a new > > set of PSCI corner cases in KVM-unit-tests (hint, nudge... ;-). > > Good idea. I was already planning to add new PSCI and timer tests, I'm waiting for > Paolo to merge the pull request from Drew, which contains some fixes for the > current tests. > > > > > Marc Zyngier (2): > > KVM: arm64: PSCI: Narrow input registers when using 32bit functions > > KVM: arm64: PSCI: Forbid 64bit functions for 32bit guests > > > > virt/kvm/arm/psci.c | 40 ++++++++++++++++++++++++++++++++++++++++ > > 1 file changed, 40 insertions(+) > > > I started reviewing the patches and I have a question. I'm probably missing > something, but why make the changes to the PSCI code instead of making them in the > kvm_hvc_call_handler function? From my understanding of the code, making the > changes there would benefit all firmware interface that use SMCCC as the > communication protocol, not just PSCI. The problem is that it is not obvious whether other functions have similar requirements. For example, the old PSCI 0.1 functions are completely outside of the SMCCC scope (there is no split between 32 and 64bit functions, for example), and there is no generic way to discover the number of arguments that you would want to narrow. Thanks, M.
Hi, On 4/3/20 12:20 PM, Marc Zyngier wrote: > Hi Alexandru, > > On Fri, 3 Apr 2020 11:35:00 +0100 > Alexandru Elisei <alexandru.elisei@arm.com> wrote: > >> Hi, >> >> On 4/1/20 5:58 PM, Marc Zyngier wrote: >>> Christoffer recently pointed out that we don't narrow the arguments to >>> SMC32 PSCI functions called by a 64bit guest. This could result in a >>> guest failing to boot its secondary CPUs if it had junk in the upper >>> 32bits. Yes, this is silly, but the guest is allowed to do that. Duh. >>> >>> Whist I was looking at this, it became apparent that we allow a 32bit >>> guest to call 64bit functions, which the spec explicitly forbids. Oh >>> well, another patch. >>> >>> This has been lightly tested, but I feel that we could do with a new >>> set of PSCI corner cases in KVM-unit-tests (hint, nudge... ;-). >> Good idea. I was already planning to add new PSCI and timer tests, I'm waiting for >> Paolo to merge the pull request from Drew, which contains some fixes for the >> current tests. >> >>> Marc Zyngier (2): >>> KVM: arm64: PSCI: Narrow input registers when using 32bit functions >>> KVM: arm64: PSCI: Forbid 64bit functions for 32bit guests >>> >>> virt/kvm/arm/psci.c | 40 ++++++++++++++++++++++++++++++++++++++++ >>> 1 file changed, 40 insertions(+) >>> >> I started reviewing the patches and I have a question. I'm probably missing >> something, but why make the changes to the PSCI code instead of making them in the >> kvm_hvc_call_handler function? From my understanding of the code, making the >> changes there would benefit all firmware interface that use SMCCC as the >> communication protocol, not just PSCI. > The problem is that it is not obvious whether other functions have > similar requirements. For example, the old PSCI 0.1 functions are > completely outside of the SMCCC scope (there is no split between 32 and > 64bit functions, for example), and there is no generic way to discover > the number of arguments that you would want to narrow. You're right, there's really no way to tell if the guest is using SMC32 or SMC64 other than looking at the function IDs, so having the PSCI code do the checking is the right thing to do. Thanks, Alex > > Thanks, > > M.