From patchwork Tue Jun 15 13:39:49 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Fuad Tabba X-Patchwork-Id: 12322041 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.9 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_ADSP_CUSTOM_MED,DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id EB75AC48BE5 for ; Tue, 15 Jun 2021 14:31:16 +0000 (UTC) Received: from bombadil.infradead.org (unknown [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id A281761493 for ; Tue, 15 Jun 2021 14:31:16 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org A281761493 Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:References: Mime-Version:Message-Id:In-Reply-To:Date:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=7k7Hu9D2RRkDaex8gxQ2XmzuahYwPNKxUAx1AiTS4dI=; b=w+jTq3CFFGCin+g73AjoN0NZoq tNN5zAYvhKjSGswxsBtVI1qwa5zb047KNIG/rlouE+61xC+75oojLZm6PoOXhxMVFR3ARBlN+4aA5 u+SLOCyiuwUX0nrRmq7uvL8f2gLzyH8kyna+eLsz63jxpZuo6DVC3D41dS9RpGZVPR6REVIxGcfgL rHgdB7yOIHux0cz+AeC3xw+Q0S+UHTJJdR23ztxUehGnIDwA1p3sJPnOWHjxm7CNbWf8K7xaLiKTH FMgiHLn8V2io1TQSM9QZYAuiLboY51Cgh96i82wJL3S02j7w8f7LFHYrt+tT6qsC5QMq9CDkZbwTC T8wJ4fMg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1lt9yi-000Ysa-J0; Tue, 15 Jun 2021 14:23:46 +0000 Received: from mail-qk1-x749.google.com ([2607:f8b0:4864:20::749]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1lt9Ik-000FA0-5W for linux-arm-kernel@lists.infradead.org; Tue, 15 Jun 2021 13:40:23 +0000 Received: by mail-qk1-x749.google.com with SMTP id y5-20020a37af050000b02903a9c3f8b89fso28027011qke.2 for ; Tue, 15 Jun 2021 06:40:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=f7gIb5rbS/9fOLN8dgvWOK7JCBV5aEZAvZ9qj7H9rQE=; b=mW9q4ubIKavGOU+Rb7aPnr1hD4mQbtR60amfOLStgdVAzy8G1ZXV0pospZ9jvjhE3P ZM6K+Bt7HDuOZq4dbeMHuTGhpfLrIquFHeLX1+dz/TU+bdQm5fUvjEaPt1q4ZpQ0n2eL dWZOG+Jo83M+JSERsHd0PSn8UEO8MSFAZMINv8BYrbe9F6IDK1pliRtNkeN4XCAXCrrh J18DD94cdm+kNJoqnij5o6QkeogOmDeAqtW8+QKXyf5qo+b30+jFj1fd7WLf8MwND+AI L/1YACkCPbMwSz1ymkC1PVqdN9igJDxPbMsBWgYlpiDbO9cG4KFN+wEw95VoReAmUmON AJSw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=f7gIb5rbS/9fOLN8dgvWOK7JCBV5aEZAvZ9qj7H9rQE=; b=YBd//fPZ7r45QMqPSDbXz1j9dRUsIqsJcd1R/H7LY/MGipeKVtUqZn+3PIqQv/unV/ H29lQawiPqm2oFjOY3JA2jVqWnINg48xK+wKlMfquD1e7uLB0oLUkFuwTIx3o682m4QK Sdj6ncl4K/LSH7DkV0iI8R8nATWRar8oiTqPFLpJdau9UXG1psp/3719v8tVC7zjwZNh u5zYWgS70DB/ZIWJGdfyj3RUC3laKXyt6A794uYhTv2O8kVwWdi6JMK5g7P0mVd26JGA JxG9lvkjesq1s7pG7f0msLs+mN+D6bHtcGIYJ/NnHK9hhGG6V1Xis5nBgRHzD0bmEuNg D5cA== X-Gm-Message-State: AOAM533IZubpg7TgQomKVCeU96HvFE338SRY5OsM+wJmuLdLGPh9uQgL LW4/OPpjsvLQ6XAEqkhWQDtlvUYxfw== X-Google-Smtp-Source: ABdhPJwS1qgOTRkDm9mapt/6C5Eyu8aYkJbw3LxewWQRvCB49rvrPnzdxGSqNfaJ1zDu9GfhaXZESn9zRQ== X-Received: from tabba.c.googlers.com ([fda3:e722:ac3:cc00:28:9cb1:c0a8:482]) (user=tabba job=sendgmr) by 2002:a05:6214:c88:: with SMTP id r8mr4489209qvr.58.1623764418202; Tue, 15 Jun 2021 06:40:18 -0700 (PDT) Date: Tue, 15 Jun 2021 14:39:49 +0100 In-Reply-To: <20210615133950.693489-1-tabba@google.com> Message-Id: <20210615133950.693489-13-tabba@google.com> Mime-Version: 1.0 References: <20210615133950.693489-1-tabba@google.com> X-Mailer: git-send-email 2.32.0.272.g935e593368-goog Subject: [PATCH v2 12/13] KVM: arm64: Handle protected guests at 32 bits From: Fuad Tabba To: kvmarm@lists.cs.columbia.edu Cc: maz@kernel.org, will@kernel.org, james.morse@arm.com, alexandru.elisei@arm.com, suzuki.poulose@arm.com, mark.rutland@arm.com, christoffer.dall@arm.com, pbonzini@redhat.com, drjones@redhat.com, qperret@google.com, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org, kernel-team@android.com, tabba@google.com X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210615_064022_276307_5948A0F7 X-CRM114-Status: GOOD ( 16.81 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Protected KVM does not support protected AArch32 guests. However, it is possible for the guest to force run AArch32, potentially causing problems. Add an extra check so that if the hypervisor catches the guest doing that, it can prevent the guest from running again by resetting vcpu->arch.target and returning ARM_EXCEPTION_IL. Adapted from commit 22f553842b14 ("KVM: arm64: Handle Asymmetric AArch32 systems") Signed-off-by: Fuad Tabba --- arch/arm64/kvm/hyp/include/hyp/switch.h | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/arch/arm64/kvm/hyp/include/hyp/switch.h b/arch/arm64/kvm/hyp/include/hyp/switch.h index d9f087ed6e02..672801f79579 100644 --- a/arch/arm64/kvm/hyp/include/hyp/switch.h +++ b/arch/arm64/kvm/hyp/include/hyp/switch.h @@ -447,6 +447,26 @@ static inline bool fixup_guest_exit(struct kvm_vcpu *vcpu, u64 *exit_code) write_sysreg_el2(read_sysreg_el2(SYS_ELR) - 4, SYS_ELR); } + /* + * Protected VMs are not allowed to run in AArch32. The check below is + * based on the one in kvm_arch_vcpu_ioctl_run(). + * The ARMv8 architecture doesn't give the hypervisor a mechanism to + * prevent a guest from dropping to AArch32 EL0 if implemented by the + * CPU. If the hypervisor spots a guest in such a state ensure it is + * handled, and don't trust the host to spot or fix it. + */ + if (unlikely(is_nvhe_hyp_code() && + kvm_vm_is_protected(kern_hyp_va(vcpu->kvm)) && + vcpu_mode_is_32bit(vcpu))) { + /* + * As we have caught the guest red-handed, decide that it isn't + * fit for purpose anymore by making the vcpu invalid. + */ + vcpu->arch.target = -1; + *exit_code = ARM_EXCEPTION_IL; + goto exit; + } + /* * We're using the raw exception code in order to only process * the trap if no SError is pending. We will come back to the