From patchwork Wed May 29 12:12:07 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Pierre-Cl=C3=A9ment_Tosi?= <ptosi@google.com>
X-Patchwork-Id: 13678764
Return-Path: 
 <linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from bombadil.infradead.org (bombadil.infradead.org
 [198.137.202.133])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.lore.kernel.org (Postfix) with ESMTPS id F2922C27C43
	for <linux-arm-kernel@archiver.kernel.org>;
 Wed, 29 May 2024 12:14:44 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20210309; h=Sender:
	Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:
	List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:Message-ID:
	References:Mime-Version:In-Reply-To:Date:Reply-To:Content-ID:
	Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
	:Resent-Message-ID:List-Owner;
	bh=31PTmgXzMZ/9sv6oLJdp847p3JTi7uUYk18x1S+jU0c=; b=EsFYtXqtxWf1Ipe7G+AFpTwEwY
	JOKcJMzvf9o7GfbrZbDG/uoR1pCyNCUZKuczIJKIaHkE323Zy/p3K5NvrPkkQTU+Ulbd0ACJ6A0Jx
	f2TjFW9yM7mNvkuEBg645gAj7aKMOkrcEUaCfACiNZ+gFmrZ7zBJpfMxw6FxO3j/q1V7HYXlcneju
	/yUqap7VZN4eUD6NEsiuk1vWFHOEkVW6z0BU9ag0lETw0VtiCMedSKfds3CgXUTqfCizETk9fSt+s
	FfeX6CjttLATK64uvdCIDL1hMHfHtHMpbi/RdP68y/gt0RRo1E2XosrVts1DXfuv0iA4D+lS6SVIg
	d185X51Q==;
Received: from localhost ([::1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux))
	id 1sCICS-0000000430R-2iLN;
	Wed, 29 May 2024 12:14:36 +0000
Received: from mail-ej1-x649.google.com ([2a00:1450:4864:20::649])
	by bombadil.infradead.org with esmtps (Exim 4.97.1 #2 (Red Hat Linux))
	id 1sCICP-000000042z5-397P
	for linux-arm-kernel@lists.infradead.org;
	Wed, 29 May 2024 12:14:35 +0000
Received: by mail-ej1-x649.google.com with SMTP id
 a640c23a62f3a-a592c35ac06so113291066b.0
        for <linux-arm-kernel@lists.infradead.org>;
 Wed, 29 May 2024 05:14:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1716984871; x=1717589671;
 darn=lists.infradead.org;
        h=content-transfer-encoding:cc:to:from:subject:message-id:references
         :mime-version:in-reply-to:date:from:to:cc:subject:date:message-id
         :reply-to;
        bh=LiBCWky943GnQdDxaq98aS8ZLEQ71giQKbDHRUj5HqQ=;
        b=EFmt1YR/EeIkgwKfHmPTPfvFlSeT/HuJUbydoSRcWtEAkNp80An5dE4VSA6cPq3WKw
         Ru4jOmB9bGjHOTYpWDvs9Vx+Rl3i56BuTem1Fhq2UJJSDAwsyd4zCSYLJQhtDeeYseWw
         NDZczYfsq9UQ++6WyMnbWcQo/QAqCzaweUQa/zDVhP8Z3+0Fys6atv5q655VQGCZnaw0
         F4Pkr7lytlM+EQkXXrttLuG1eY468p7sAR30pVrb3+90xeGFeLeBj/k+c8z0pWpcckWC
         yS29Glo78R8a0ZGpDtVHrMfFp1P0jLS+QkfrXp5TVtjlGNqPjnu98fNU16scG4W7ihHH
         p4qA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1716984871; x=1717589671;
        h=content-transfer-encoding:cc:to:from:subject:message-id:references
         :mime-version:in-reply-to:date:x-gm-message-state:from:to:cc:subject
         :date:message-id:reply-to;
        bh=LiBCWky943GnQdDxaq98aS8ZLEQ71giQKbDHRUj5HqQ=;
        b=TRuHsVsTR8bOXEB1ImoN3/zbeRiot70HifO5p0ITOMoUcO0a4wsivwPW44xkr5H+9Z
         GrcRJhaR59Fzrh+mSQqnaWnzOPIF96k2TEyDKFi3aZdaUS/TuPkQTO68QSkKOswoXj1T
         ZRDhVi/Qhi4vYpX/TQHPn1quh32qvZbNzrvxflTgDk7LhZfBYhuJfyI6hAPuoV5eqU0s
         cDViJJRG1l/RCt42jdVBxSqlticdn0LkUhlUZawtNBv6Z1/0UshtXs6RYAWQ3O54+IBq
         tmkQ1/fUOkunue2kCuTyk1BALzfH75FRtJs6a/30MBzhtr+ilIFSiybxe86jX6oxsbUo
         MqGg==
X-Forwarded-Encrypted: i=1;
 AJvYcCXxVsmbWdSq6nbIutqrOSYRPse7ebzanJWpD4bXIejDxqbiljJwgK1EmCKGbn5ADd/LwELuIrvsw0ORkgaJQ/O6HajGX6Nqb8QJlTfRc2uMHxOpMHc=
X-Gm-Message-State: AOJu0Yz4x34Uxg5a30UWWNLB+rP6dwsSHaP2huqYMVoNoCRspH0mtgyK
	HEuESUnCdlqGILO+yXTaOdkhrO4GyfgB6yVkq1ptQKi05FiCiASCKYNj5Ed+Q3LnOyif+Ck2RA=
	=
X-Google-Smtp-Source: 
 AGHT+IFP6n0siCbzTCYAQHYIrAphWxkqP2Ntf7Z84XOpYY4Wgk7fdgvFlpZ4wx2gsGuIGmJgr+coEywpTQ==
X-Received: from ptosi.c.googlers.com ([fda3:e722:ac3:cc00:31:98fb:c0a8:11ec])
 (user=ptosi job=sendgmr) by 2002:a17:906:3185:b0:a5a:1c6:b892 with SMTP id
 a640c23a62f3a-a642d6aba53mr229666b.6.1716984871216; Wed, 29 May 2024 05:14:31
 -0700 (PDT)
Date: Wed, 29 May 2024 13:12:07 +0100
In-Reply-To: <20240529121251.1993135-1-ptosi@google.com>
Mime-Version: 1.0
References: <20240529121251.1993135-1-ptosi@google.com>
X-Mailer: git-send-email 2.45.1.288.g0e0cd299f1-goog
Message-ID: <20240529121251.1993135-2-ptosi@google.com>
Subject: [PATCH v4 01/13] KVM: arm64: Fix clobbered ELR in sync abort/SError
From: " =?utf-8?q?Pierre-Cl=C3=A9ment_Tosi?= " <ptosi@google.com>
To: kvmarm@lists.linux.dev, linux-arm-kernel@lists.infradead.org,
	kvm@vger.kernel.org
Cc: " =?utf-8?q?Pierre-Cl=C3=A9ment_Tosi?= " <ptosi@google.com>,
 Marc Zyngier <maz@kernel.org>,  Oliver Upton <oliver.upton@linux.dev>,
 Suzuki K Poulose <suzuki.poulose@arm.com>,
  Vincent Donnefort <vdonnefort@google.com>
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20240529_051433_834480_805E1F0E 
X-CRM114-Status: GOOD (  16.62  )
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: <linux-arm-kernel.lists.infradead.org>
List-Unsubscribe: 
 <http://lists.infradead.org/mailman/options/linux-arm-kernel>,
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/>
List-Post: <mailto:linux-arm-kernel@lists.infradead.org>
List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>
List-Subscribe: 
 <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>,
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: 
 linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org

When the hypervisor receives a SError or synchronous exception (EL2h)
while running with the __kvm_hyp_vector and if ELR_EL2 doesn't point to
an extable entry, it panics indirectly by overwriting ELR with the
address of a panic handler in order for the asm routine it returns to to
ERET into the handler.

However, this clobbers ELR_EL2 for the handler itself. As a result,
hyp_panic(), when retrieving what it believes to be the PC where the
exception happened, actually ends up reading the address of the panic
handler that called it! This results in an erroneous and confusing panic
message where the source of any synchronous exception (e.g. BUG() or
kCFI) appears to be __guest_exit_panic, making it hard to locate the
actual BRK instruction.

Therefore, store the original ELR_EL2 in the per-CPU kvm_hyp_ctxt and
point the sysreg to a routine that first restores it to its previous
value before running __guest_exit_panic.

Fixes: 7db21530479f ("KVM: arm64: Restore hyp when panicking in guest context")
Signed-off-by: Pierre-Clément Tosi <ptosi@google.com>
Acked-by: Will Deacon <will@kernel.org>
---
 arch/arm64/kernel/asm-offsets.c         | 1 +
 arch/arm64/kvm/hyp/entry.S              | 8 ++++++++
 arch/arm64/kvm/hyp/include/hyp/switch.h | 5 +++--
 3 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/arch/arm64/kernel/asm-offsets.c b/arch/arm64/kernel/asm-offsets.c
index 81496083c041..27de1dddb0ab 100644
--- a/arch/arm64/kernel/asm-offsets.c
+++ b/arch/arm64/kernel/asm-offsets.c
@@ -128,6 +128,7 @@ int main(void)
   DEFINE(VCPU_FAULT_DISR,	offsetof(struct kvm_vcpu, arch.fault.disr_el1));
   DEFINE(VCPU_HCR_EL2,		offsetof(struct kvm_vcpu, arch.hcr_el2));
   DEFINE(CPU_USER_PT_REGS,	offsetof(struct kvm_cpu_context, regs));
+  DEFINE(CPU_ELR_EL2,		offsetof(struct kvm_cpu_context, sys_regs[ELR_EL2]));
   DEFINE(CPU_RGSR_EL1,		offsetof(struct kvm_cpu_context, sys_regs[RGSR_EL1]));
   DEFINE(CPU_GCR_EL1,		offsetof(struct kvm_cpu_context, sys_regs[GCR_EL1]));
   DEFINE(CPU_APIAKEYLO_EL1,	offsetof(struct kvm_cpu_context, sys_regs[APIAKEYLO_EL1]));
diff --git a/arch/arm64/kvm/hyp/entry.S b/arch/arm64/kvm/hyp/entry.S
index f3aa7738b477..4433a234aa9b 100644
--- a/arch/arm64/kvm/hyp/entry.S
+++ b/arch/arm64/kvm/hyp/entry.S
@@ -83,6 +83,14 @@ alternative_else_nop_endif
 	eret
 	sb
 
+SYM_INNER_LABEL(__guest_exit_restore_elr_and_panic, SYM_L_GLOBAL)
+	// x2-x29,lr: vcpu regs
+	// vcpu x0-x1 on the stack
+
+	adr_this_cpu x0, kvm_hyp_ctxt, x1
+	ldr	x0, [x0, #CPU_ELR_EL2]
+	msr	elr_el2, x0
+
 SYM_INNER_LABEL(__guest_exit_panic, SYM_L_GLOBAL)
 	// x2-x29,lr: vcpu regs
 	// vcpu x0-x1 on the stack
diff --git a/arch/arm64/kvm/hyp/include/hyp/switch.h b/arch/arm64/kvm/hyp/include/hyp/switch.h
index a92566f36022..ed9a63f1f7bf 100644
--- a/arch/arm64/kvm/hyp/include/hyp/switch.h
+++ b/arch/arm64/kvm/hyp/include/hyp/switch.h
@@ -689,7 +689,7 @@ static inline bool fixup_guest_exit(struct kvm_vcpu *vcpu, u64 *exit_code)
 
 static inline void __kvm_unexpected_el2_exception(void)
 {
-	extern char __guest_exit_panic[];
+	extern char __guest_exit_restore_elr_and_panic[];
 	unsigned long addr, fixup;
 	struct kvm_exception_table_entry *entry, *end;
 	unsigned long elr_el2 = read_sysreg(elr_el2);
@@ -711,7 +711,8 @@ static inline void __kvm_unexpected_el2_exception(void)
 	}
 
 	/* Trigger a panic after restoring the hyp context. */
-	write_sysreg(__guest_exit_panic, elr_el2);
+	this_cpu_ptr(&kvm_hyp_ctxt)->sys_regs[ELR_EL2] = elr_el2;
+	write_sysreg(__guest_exit_restore_elr_and_panic, elr_el2);
 }
 
 #endif /* __ARM64_KVM_HYP_SWITCH_H__ */