From patchwork Thu Apr 28 15:56:02 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexandru Elisei X-Patchwork-Id: 12830990 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 14419C433EF for ; Thu, 28 Apr 2022 16:02:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Cc:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=8y5KzVDpX0aV6MNKSw4BrzGItcKGn9HPZkCEjCj5Uto=; b=TsXeblLH2IX1Ny VqSwsUyObq/ZEjMb1VL0HM12EtomQK74cOv60cNSmdxzCx6ZqafHms0e1MJZukcceEVY4JHl3pzQp QkOrc9mbleiLqROzizGBJjK6mJsS6AOGckYYlF6CI1dtTGZD+v3FqKwMidbYdPitbdf0OVcTLgWyA SsqeLUJdudpnYUGRS4/V93bKLjs0fm1hqYCEAbPjOMHgnB3FyBxqG5kPscgWmNWeg9PiVzeIPZQAX qqL6FusjfEJ0639uY3bM12ROocKPGWqFOIUBLgBczTVKlWFlRq+TFqnq6Vh6AQy4jjyltAKkSQT7Y 4JY2zkQ0fm3zhR9QdePg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1nk6aJ-007mua-Il; Thu, 28 Apr 2022 16:01:39 +0000 Received: from foss.arm.com ([217.140.110.172]) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1nk6VM-007kS0-Nl for linux-arm-kernel@lists.infradead.org; Thu, 28 Apr 2022 15:56:34 +0000 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id E88891477; Thu, 28 Apr 2022 08:56:31 -0700 (PDT) Received: from monolith.localdoman (unknown [172.31.20.19]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 84AB93F774; Thu, 28 Apr 2022 08:56:30 -0700 (PDT) From: Alexandru Elisei To: julien.thierry.kdev@gmail.com, will@kernel.org, maz@kernel.org, suzuki.poulose@arm.com, julien@xen.org, linux-arm-kernel@lists.infradead.org, kvmarm@lists.cs.columbia.edu, james.morse@arm.com Subject: [PATCH kvmtool 15/15] arm/arm64: Validate firmware address in kvm__arch_validate_cfg() Date: Thu, 28 Apr 2022 16:56:02 +0100 Message-Id: <20220428155602.29445-16-alexandru.elisei@arm.com> X-Mailer: git-send-email 2.36.0 In-Reply-To: <20220428155602.29445-1-alexandru.elisei@arm.com> References: <20220428155602.29445-1-alexandru.elisei@arm.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220428_085632_883062_31C22974 X-CRM114-Status: UNSURE ( 9.90 ) X-CRM114-Notice: Please train this message. X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org We know at user configuration time if the firmware address is outside RAM, validate the address in kvm__arch_validate_cfg() before creating the VM. Signed-off-by: Alexandru Elisei --- arm/kvm.c | 36 ++++++++++++++---------------------- 1 file changed, 14 insertions(+), 22 deletions(-) diff --git a/arm/kvm.c b/arm/kvm.c index 3edc6fdbcb5f..79d085ab9965 100644 --- a/arm/kvm.c +++ b/arm/kvm.c @@ -33,8 +33,20 @@ int fw_addr_parser(const struct option *opt, const char *arg, int unset) void kvm__arch_validate_cfg(struct kvm *kvm) { - if (kvm->cfg.arch.fw_addr && !kvm->cfg.firmware_filename) - die("--firmware-address is only valid when loading a firmware image"); + u64 fw_addr = kvm->cfg.arch.fw_addr; + u64 ram_addr = kvm->cfg.ram_addr; + u64 ram_size = kvm->cfg.ram_size; + + if (fw_addr) { + if (!kvm->cfg.firmware_filename) + die("--firmware-address is only valid when loading a firmware image"); + + if (fw_addr < ram_addr || fw_addr >= ram_addr + ram_size) { + die("Firmware address 0x%016llx outside guest memory: " + "0x%016llx - 0x%016llx", + fw_addr, ram_addr, ram_addr + ram_size); + } + } kvm__arm_validate_cfg(kvm); } @@ -196,23 +208,6 @@ bool kvm__arch_load_kernel_image(struct kvm *kvm, int fd_kernel, int fd_initrd, return true; } -static bool validate_fw_addr(struct kvm *kvm, u64 fw_addr) -{ - u64 ram_phys; - - ram_phys = host_to_guest_flat(kvm, kvm->ram_start); - - if (fw_addr < ram_phys || fw_addr >= ram_phys + kvm->ram_size) { - pr_err("Provide --firmware-address an address in RAM: " - "0x%016llx - 0x%016llx", - ram_phys, ram_phys + kvm->ram_size); - - return false; - } - - return true; -} - bool kvm__load_firmware(struct kvm *kvm, const char *firmware_filename) { u64 fw_addr = kvm->cfg.arch.fw_addr; @@ -227,9 +222,6 @@ bool kvm__load_firmware(struct kvm *kvm, const char *firmware_filename) if (fw_addr == 0) fw_addr = kvm->arch.memory_guest_start; - if (!validate_fw_addr(kvm, fw_addr)) - die("Bad firmware destination: 0x%016llx", fw_addr); - fd = open(firmware_filename, O_RDONLY); if (fd < 0) return false;