From patchwork Tue May 10 00:16:30 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ricardo Koller X-Patchwork-Id: 12844374 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 59919C433F5 for ; Tue, 10 May 2022 00:16:47 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233442AbiEJAUl (ORCPT ); Mon, 9 May 2022 20:20:41 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53650 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233436AbiEJAUh (ORCPT ); Mon, 9 May 2022 20:20:37 -0400 Received: from mail-pf1-x44a.google.com (mail-pf1-x44a.google.com [IPv6:2607:f8b0:4864:20::44a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A899E50B1C for ; Mon, 9 May 2022 17:16:38 -0700 (PDT) Received: by mail-pf1-x44a.google.com with SMTP id cw22-20020a056a00451600b0050e09a0c53aso5401500pfb.2 for ; Mon, 09 May 2022 17:16:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=J9SU8jSKgh6uBb3migUTzAXRu9j22K1MxFAJt62NpsI=; b=MSKWPMWuXeOjKPRzEUOdQO7zLqBE+AKJCoK07GnCviMAvxRAyC9qNOMuPdFxMxQdKV kskQHmTvrbZqWVGccgkaEzvI67c7QCq4lRe72ySYYD+HEIwDsUoHMOxv78uCtQwzPLrZ nhNif7j/z5j67cdu/WE6+5gdEr1N6/0ockMOvI9vWPAoTjzkumGWLSZjV1lFnijesIY1 9yrgYpGj4/wnyx7MKWdloIIqSE8IV+pFVuFWYLAH7ltUY7CJ48dcflFDMp/NNTtjD9Of Q5mCrGDHeDGrMVNFL6+UUVfr+KLi47llh7lira2uRO93QUlupiggN7n3B/nYlZCPb+Iq HoZA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=J9SU8jSKgh6uBb3migUTzAXRu9j22K1MxFAJt62NpsI=; b=Oqu2+FXCV7UYMvHzxRSgYUp6h6L33sUQMhURJ6RFHzAdaNnCAAAcp2uzAyoPRZLBvN bnkpvmiL3yi3McadOwUxPDhaEm3FLPooQnbbeq81k7EXXIGApBmsdsgf2Xl/tliAz/GT 9tTzqDe0lKYQMZcBjLIiXAxBceTXSF/K/+9szZ4ZgnkoZXOjJY2r77nxFxmfeg+4lxZa 2khuqM4h20qk4K4tu78lmaJ1lRnMyMzFC9dqmyZOK/8Vk3czCckDCe4qWLOK9miY3N8d YfWbNsPWctqDrV5Jk6HkHsVKwOOOtnLj/O2rOoX9KtzEwtpDF1aW7e1/K7Qt1gcoJCo/ lxww== X-Gm-Message-State: AOAM532ajARmJC2Sg7P63BDZia3/GH116Uq03tb3ecvDx1IEOVKlRAkJ aVMBWHc91dN1wT99BtoIvgkMdHKsDd98sPSYfa7sp1wxe0xMLQDMqphSwzhtsdwHemz/ucgpfF+ g48FpmDbB6OoVeql/2hWq0XaSTFDpf908t7PSKyYzlC8+bwCiAHjgawm82zmGKI4= X-Google-Smtp-Source: ABdhPJxxEKHMFVa84Sj8gQlhRu0hArTENa713cCw2C4bSqBV+TEx4yXBkkJ67jV31zsTabD2XsdMLidz9RDPKg== X-Received: from ricarkol2.c.googlers.com ([fda3:e722:ac3:cc00:24:72f4:c0a8:62fe]) (user=ricarkol job=sendgmr) by 2002:a05:6a00:1950:b0:510:739f:a32c with SMTP id s16-20020a056a00195000b00510739fa32cmr17950017pfk.77.1652141797773; Mon, 09 May 2022 17:16:37 -0700 (PDT) Date: Mon, 9 May 2022 17:16:30 -0700 In-Reply-To: <20220510001633.552496-1-ricarkol@google.com> Message-Id: <20220510001633.552496-2-ricarkol@google.com> Mime-Version: 1.0 References: <20220510001633.552496-1-ricarkol@google.com> X-Mailer: git-send-email 2.36.0.512.ge40c2bad7a-goog Subject: [PATCH v3 1/4] KVM: arm64: vgic: Check that new ITEs could be saved in guest memory From: Ricardo Koller To: kvm@vger.kernel.org, kvmarm@lists.cs.columbia.edu Cc: pbonzini@redhat.com, maz@kernel.org, andre.przywara@arm.com, drjones@redhat.com, alexandru.elisei@arm.com, eric.auger@redhat.com, oupton@google.com, reijiw@google.com, pshier@google.com, Ricardo Koller Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org Try to improve the predictability of ITS save/restores by failing commands that would lead to failed saves. More specifically, fail any command that adds an entry into an ITS table that is not in guest memory, which would otherwise lead to a failed ITS save ioctl. There are already checks for collection and device entries, but not for ITEs. Add the corresponding check for the ITT when adding ITEs. Reviewed-by: Eric Auger Signed-off-by: Ricardo Koller --- arch/arm64/kvm/vgic/vgic-its.c | 47 +++++++++++++++++++++++++--------- 1 file changed, 35 insertions(+), 12 deletions(-) diff --git a/arch/arm64/kvm/vgic/vgic-its.c b/arch/arm64/kvm/vgic/vgic-its.c index 2e13402be3bd..93a5178374c9 100644 --- a/arch/arm64/kvm/vgic/vgic-its.c +++ b/arch/arm64/kvm/vgic/vgic-its.c @@ -894,6 +894,18 @@ static int vgic_its_cmd_handle_movi(struct kvm *kvm, struct vgic_its *its, return update_affinity(ite->irq, vcpu); } +static bool __is_visible_gfn_locked(struct vgic_its *its, gpa_t gpa) +{ + gfn_t gfn = gpa >> PAGE_SHIFT; + int idx; + bool ret; + + idx = srcu_read_lock(&its->dev->kvm->srcu); + ret = kvm_is_visible_gfn(its->dev->kvm, gfn); + srcu_read_unlock(&its->dev->kvm->srcu, idx); + return ret; +} + /* * Check whether an ID can be stored into the corresponding guest table. * For a direct table this is pretty easy, but gets a bit nasty for @@ -908,9 +920,7 @@ static bool vgic_its_check_id(struct vgic_its *its, u64 baser, u32 id, u64 indirect_ptr, type = GITS_BASER_TYPE(baser); phys_addr_t base = GITS_BASER_ADDR_48_to_52(baser); int esz = GITS_BASER_ENTRY_SIZE(baser); - int index, idx; - gfn_t gfn; - bool ret; + int index; switch (type) { case GITS_BASER_TYPE_DEVICE: @@ -933,12 +943,11 @@ static bool vgic_its_check_id(struct vgic_its *its, u64 baser, u32 id, return false; addr = base + id * esz; - gfn = addr >> PAGE_SHIFT; if (eaddr) *eaddr = addr; - goto out; + return __is_visible_gfn_locked(its, addr); } /* calculate and check the index into the 1st level */ @@ -964,16 +973,30 @@ static bool vgic_its_check_id(struct vgic_its *its, u64 baser, u32 id, /* Find the address of the actual entry */ index = id % (SZ_64K / esz); indirect_ptr += index * esz; - gfn = indirect_ptr >> PAGE_SHIFT; if (eaddr) *eaddr = indirect_ptr; -out: - idx = srcu_read_lock(&its->dev->kvm->srcu); - ret = kvm_is_visible_gfn(its->dev->kvm, gfn); - srcu_read_unlock(&its->dev->kvm->srcu, idx); - return ret; + return __is_visible_gfn_locked(its, indirect_ptr); +} + +/* + * Check whether an event ID can be stored in the corresponding Interrupt + * Translation Table, which starts at device->itt_addr. + */ +static bool vgic_its_check_event_id(struct vgic_its *its, struct its_device *device, + u32 event_id) +{ + const struct vgic_its_abi *abi = vgic_its_get_abi(its); + int ite_esz = abi->ite_esz; + gpa_t gpa; + + /* max table size is: BIT_ULL(device->num_eventid_bits) * ite_esz */ + if (event_id >= BIT_ULL(device->num_eventid_bits)) + return false; + + gpa = device->itt_addr + event_id * ite_esz; + return __is_visible_gfn_locked(its, gpa); } static int vgic_its_alloc_collection(struct vgic_its *its, @@ -1061,7 +1084,7 @@ static int vgic_its_cmd_handle_mapi(struct kvm *kvm, struct vgic_its *its, if (!device) return E_ITS_MAPTI_UNMAPPED_DEVICE; - if (event_id >= BIT_ULL(device->num_eventid_bits)) + if (!vgic_its_check_event_id(its, device, event_id)) return E_ITS_MAPTI_ID_OOR; if (its_cmd_get_command(its_cmd) == GITS_CMD_MAPTI) From patchwork Tue May 10 00:16:31 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ricardo Koller X-Patchwork-Id: 12844376 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 99FCFC433EF for ; Tue, 10 May 2022 00:16:48 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232550AbiEJAUm (ORCPT ); Mon, 9 May 2022 20:20:42 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53754 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233364AbiEJAUi (ORCPT ); Mon, 9 May 2022 20:20:38 -0400 Received: from mail-pl1-x649.google.com (mail-pl1-x649.google.com [IPv6:2607:f8b0:4864:20::649]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CB851532C6 for ; Mon, 9 May 2022 17:16:40 -0700 (PDT) Received: by mail-pl1-x649.google.com with SMTP id x4-20020a1709028ec400b0015e84d42eaaso9030347plo.7 for ; Mon, 09 May 2022 17:16:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=jtn+rVy5vFlg0k3tzksKYO7fwuFm1nz+SKgrvpccqO4=; b=fUGRpBAoCkqT7n74Z675y3/12Wkx7hwCvOmct9eVuSEwE1WW3AzyvgJIVesu6rtn3U XMmu3nIvouN5arf49cGMGlDIaM//Iua1rJiXyoo+s8MVOB5Q2HmRR8L4GWBINc3Md93G ot9MzsJYBKbsw02lO1VvvMNbmeIOaP1rY8E1/9bed6ZDRFvSdvtEDI+buwpuJwXsezdX A6gSAGwCNAMgoy9ZcsBE1p/5iX0Y1lhebLBMghyUfDWzc4MAUKDCq+nGg1BdGbqFHesI ltD+zY4r6alW5mse5VZcjAKlTmwhYO5YbwH1ut+P6e9pccep3WKVRoQLNzTqFwyZ45yZ OdAA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=jtn+rVy5vFlg0k3tzksKYO7fwuFm1nz+SKgrvpccqO4=; b=QK2rzOtQXTaau6yBBljLLS7pV5wYuUZN75ZytrTV4PJJ2f8gaWbiHTTQI3xuLXRlJc +GGjLrHIA4YFkl7Zu/9ql6FDsvJe9D/y4aC2BOjRq5yIRLoil4re8qbydNbToSiHTNK+ Xt8I/KbUadir2aMLdedBMEhODsC9tr/Bp/LGmwS347l7+WdxTUT1MTge0csM+c1KdiVR qFnvEIYm2mcB7bROAboqUa9IfIkRC1yh4q87riG4bajsgo+QCfROoBH1s1r0mzRYauHH zpHmjc2R82D2jjmqem5ZpBQ6clDAJlBJFB2OEjkvSUsNN+ybT1O3CYDpgd2N+sCshRcB lMOg== X-Gm-Message-State: AOAM5324Lylnl+1rDbHFcFqWUSZn4eF5g+xATC5+Sy58UAQirm02GqD1 87oHM+mOAkSHOrzz78KxrborFxMY8k+a8vyVN4Vua5LRskjMdVDUw4ivI8Yp0bWCOwoATGmD8vf Y1JfWSR54pp0XYZ7ynNrCzcCt4kLM59xERGrrdrJbOJBUHiTpQJd7b4UC/v/FEv4= X-Google-Smtp-Source: ABdhPJw75WhU7x216GZ5pXYXnYnVOqapAJKG1SX2v5lk7tXXUt3ABvyI99lLinSyLV51ay6xX6wWq0nuPuuF0A== X-Received: from ricarkol2.c.googlers.com ([fda3:e722:ac3:cc00:24:72f4:c0a8:62fe]) (user=ricarkol job=sendgmr) by 2002:a17:902:b418:b0:15f:713:c914 with SMTP id x24-20020a170902b41800b0015f0713c914mr9990362plr.171.1652141799472; Mon, 09 May 2022 17:16:39 -0700 (PDT) Date: Mon, 9 May 2022 17:16:31 -0700 In-Reply-To: <20220510001633.552496-1-ricarkol@google.com> Message-Id: <20220510001633.552496-3-ricarkol@google.com> Mime-Version: 1.0 References: <20220510001633.552496-1-ricarkol@google.com> X-Mailer: git-send-email 2.36.0.512.ge40c2bad7a-goog Subject: [PATCH v3 2/4] KVM: arm64: vgic: Add more checks when restoring ITS tables From: Ricardo Koller To: kvm@vger.kernel.org, kvmarm@lists.cs.columbia.edu Cc: pbonzini@redhat.com, maz@kernel.org, andre.przywara@arm.com, drjones@redhat.com, alexandru.elisei@arm.com, eric.auger@redhat.com, oupton@google.com, reijiw@google.com, pshier@google.com, Ricardo Koller Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org Try to improve the predictability of ITS save/restores (and debuggability of failed ITS saves) by failing early on restore when trying to read corrupted tables. Restoring the ITS tables does some checks for corrupted tables, but not as many as in a save: an overflowing device ID will be detected on save but not on restore. The consequence is that restoring a corrupted table won't be detected until the next save; including the ITS not working as expected after the restore. As an example, if the guest sets tables overlapping each other, which would most likely result in some corrupted table, this is what we would see from the host point of view: guest sets base addresses that overlap each other save ioctl restore ioctl save ioctl (fails) Ideally, we would like the first save to fail, but overlapping tables could actually be intended by the guest. So, let's at least fail on the restore with some checks: like checking that device and event IDs don't overflow their tables. Signed-off-by: Ricardo Koller --- arch/arm64/kvm/vgic/vgic-its.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/arch/arm64/kvm/vgic/vgic-its.c b/arch/arm64/kvm/vgic/vgic-its.c index 93a5178374c9..8a7db839e3bf 100644 --- a/arch/arm64/kvm/vgic/vgic-its.c +++ b/arch/arm64/kvm/vgic/vgic-its.c @@ -2198,6 +2198,9 @@ static int vgic_its_restore_ite(struct vgic_its *its, u32 event_id, if (!collection) return -EINVAL; + if (!vgic_its_check_event_id(its, dev, event_id)) + return -EINVAL; + ite = vgic_its_alloc_ite(dev, collection, event_id); if (IS_ERR(ite)) return PTR_ERR(ite); @@ -2319,6 +2322,7 @@ static int vgic_its_restore_dte(struct vgic_its *its, u32 id, void *ptr, void *opaque) { struct its_device *dev; + u64 baser = its->baser_device_table; gpa_t itt_addr; u8 num_eventid_bits; u64 entry = *(u64 *)ptr; @@ -2339,6 +2343,9 @@ static int vgic_its_restore_dte(struct vgic_its *its, u32 id, /* dte entry is valid */ offset = (entry & KVM_ITS_DTE_NEXT_MASK) >> KVM_ITS_DTE_NEXT_SHIFT; + if (!vgic_its_check_id(its, baser, id, NULL)) + return -EINVAL; + dev = vgic_its_alloc_device(its, id, itt_addr, num_eventid_bits); if (IS_ERR(dev)) return PTR_ERR(dev); From patchwork Tue May 10 00:16:32 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ricardo Koller X-Patchwork-Id: 12844377 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id D207BC433FE for ; Tue, 10 May 2022 00:16:49 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233429AbiEJAUn (ORCPT ); Mon, 9 May 2022 20:20:43 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53906 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233454AbiEJAUj (ORCPT ); Mon, 9 May 2022 20:20:39 -0400 Received: from mail-pj1-x1049.google.com (mail-pj1-x1049.google.com [IPv6:2607:f8b0:4864:20::1049]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1EDA954FA3 for ; Mon, 9 May 2022 17:16:42 -0700 (PDT) Received: by mail-pj1-x1049.google.com with SMTP id o7-20020a17090a0a0700b001d93c491131so385594pjo.6 for ; Mon, 09 May 2022 17:16:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=rkv0UauUR6p03Dq1oOC6MKynCcxjdK6th2r+Nlj5lMs=; b=CyK0DiJcTkSvuONwaO9vVOUUH2lhx7PKmRb9sC0FrS19+ikf4P41ERsVXz6VZQVuuj e4Q+Qd+icPsnWPOb26TRdScSj846bFxmn8r+lxGiYCOvQq8Q0GcuS0IWdxMXBOOtucq4 SJq3suLyFsV3HU/CgVyzxXigFpx00/Kkysvuq0DGJYcpBTMMc/P2zhGTmISit/0LmPm4 8DqBQ4x2JVUDWwa9pMBasBteKAX282IYlfooc3Ua4/JQc/a7CrbbGszGONr/i5u2a9wD isbstQ3pMsn+wWBzd3flbDdyvthUOTCd0/S8yZ5rUV9mKTZmSul6jPVDhyu93LPrh/jc Gtxw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=rkv0UauUR6p03Dq1oOC6MKynCcxjdK6th2r+Nlj5lMs=; b=n1sJ33lAJKkcDY2aNLgN9m/mf+ubDpAjixZOvuNNHe/ko96b8kVWvrzlzKgp1kUCJ1 vVSosVOCa0YBRiyri4Rn0kM5siymzMViEljCfxYf+oN0qlMGf4Z3UL9Wo0krKlcYEdnw dkF6C3d9+Ao7hUSZSDOPuKnqvw46LPG4LqDc/50E14mR0GjAGtugy0wr44M75v+hLVNB pa06p7lAT//bwAZl15LNwV0p4XgozhKbQd7jtvFt4/UP0pUxVKGTZSdO4N8otD9PAU6r EkdiIGP1yk6E3m82IrFJz1CaSxwwGnBmZaSvw8ZwHYqQ2/JE8TJok8cOEpno07PwR2yK ZJOw== X-Gm-Message-State: AOAM532IcOBMuyl+qEzLCLsIWlHg1Y9yPLPN+TsndbmE2WgXd96m5yWz NXxa2q9BubJgjQdvH9XgbKic9p7gDj9f894Jn+0wiA8UVSSaHkdkuWtVg6jQA8m7dBhdeFDriVd 9wrQ7m0vrAYM8luVVp7rjuVAnhal4QvqzbknVQQvgUBmXo/0Mf6DCwIiWM9pYXts= X-Google-Smtp-Source: ABdhPJxtlJoplMzPFA/LKy0HiYryHf5lEVcj3OtAa3tTvRquT7Dxfslm1eQlVsRiELeYI5ewixkBPH5e3qU5cA== X-Received: from ricarkol2.c.googlers.com ([fda3:e722:ac3:cc00:24:72f4:c0a8:62fe]) (user=ricarkol job=sendgmr) by 2002:a17:90a:e510:b0:1d9:ee23:9fa1 with SMTP id t16-20020a17090ae51000b001d9ee239fa1mr16828pjy.0.1652141800839; Mon, 09 May 2022 17:16:40 -0700 (PDT) Date: Mon, 9 May 2022 17:16:32 -0700 In-Reply-To: <20220510001633.552496-1-ricarkol@google.com> Message-Id: <20220510001633.552496-4-ricarkol@google.com> Mime-Version: 1.0 References: <20220510001633.552496-1-ricarkol@google.com> X-Mailer: git-send-email 2.36.0.512.ge40c2bad7a-goog Subject: [PATCH v3 3/4] KVM: arm64: vgic: Do not ignore vgic_its_restore_cte failures From: Ricardo Koller To: kvm@vger.kernel.org, kvmarm@lists.cs.columbia.edu Cc: pbonzini@redhat.com, maz@kernel.org, andre.przywara@arm.com, drjones@redhat.com, alexandru.elisei@arm.com, eric.auger@redhat.com, oupton@google.com, reijiw@google.com, pshier@google.com, Ricardo Koller Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org Restoring a corrupted collection entry (like an out of range ID) is being ignored and treated as success. More specifically, a vgic_its_restore_cte failure is treated as success by vgic_its_restore_collection_table. vgic_its_restore_cte uses positive and negative numbers to return error, and +1 to return success. The caller then uses "ret > 0" to check for success. Fix this by having vgic_its_restore_cte only return negative numbers on error. Do this by changing alloc_collection return codes to only return negative numbers on error. Signed-off-by: Ricardo Koller --- arch/arm64/kvm/vgic/vgic-its.c | 27 +++++++++++++++++++++++---- 1 file changed, 23 insertions(+), 4 deletions(-) diff --git a/arch/arm64/kvm/vgic/vgic-its.c b/arch/arm64/kvm/vgic/vgic-its.c index 8a7db839e3bf..f34e09cc86dc 100644 --- a/arch/arm64/kvm/vgic/vgic-its.c +++ b/arch/arm64/kvm/vgic/vgic-its.c @@ -999,15 +999,16 @@ static bool vgic_its_check_event_id(struct vgic_its *its, struct its_device *dev return __is_visible_gfn_locked(its, gpa); } +/* + * Add a new collection into the ITS collection table. + * Returns 0 on success, and a negative error value for generic errors. + */ static int vgic_its_alloc_collection(struct vgic_its *its, struct its_collection **colp, u32 coll_id) { struct its_collection *collection; - if (!vgic_its_check_id(its, its->baser_coll_table, coll_id, NULL)) - return E_ITS_MAPC_COLLECTION_OOR; - collection = kzalloc(sizeof(*collection), GFP_KERNEL_ACCOUNT); if (!collection) return -ENOMEM; @@ -1101,7 +1102,12 @@ static int vgic_its_cmd_handle_mapi(struct kvm *kvm, struct vgic_its *its, collection = find_collection(its, coll_id); if (!collection) { - int ret = vgic_its_alloc_collection(its, &collection, coll_id); + int ret; + + if (!vgic_its_check_id(its, its->baser_coll_table, coll_id, NULL)) + return E_ITS_MAPC_COLLECTION_OOR; + + ret = vgic_its_alloc_collection(its, &collection, coll_id); if (ret) return ret; new_coll = collection; @@ -1256,6 +1262,10 @@ static int vgic_its_cmd_handle_mapc(struct kvm *kvm, struct vgic_its *its, if (!collection) { int ret; + if (!vgic_its_check_id(its, its->baser_coll_table, + coll_id, NULL)) + return E_ITS_MAPC_COLLECTION_OOR; + ret = vgic_its_alloc_collection(its, &collection, coll_id); if (ret) @@ -2491,6 +2501,11 @@ static int vgic_its_save_cte(struct vgic_its *its, return kvm_write_guest_lock(its->dev->kvm, gpa, &val, esz); } +/* + * Restore a collection entry into the ITS collection table. + * Return +1 on success, 0 if the entry was invalid (which should be + * interpreted as end-of-table), and a negative error value for generic errors. + */ static int vgic_its_restore_cte(struct vgic_its *its, gpa_t gpa, int esz) { struct its_collection *collection; @@ -2517,6 +2532,10 @@ static int vgic_its_restore_cte(struct vgic_its *its, gpa_t gpa, int esz) collection = find_collection(its, coll_id); if (collection) return -EEXIST; + + if (!vgic_its_check_id(its, its->baser_coll_table, coll_id, NULL)) + return -EINVAL; + ret = vgic_its_alloc_collection(its, &collection, coll_id); if (ret) return ret; From patchwork Tue May 10 00:16:33 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ricardo Koller X-Patchwork-Id: 12844378 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id EC1E3C433F5 for ; Tue, 10 May 2022 00:16:52 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233470AbiEJAUo (ORCPT ); Mon, 9 May 2022 20:20:44 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53652 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233430AbiEJAUk (ORCPT ); Mon, 9 May 2022 20:20:40 -0400 Received: from mail-pg1-x549.google.com (mail-pg1-x549.google.com [IPv6:2607:f8b0:4864:20::549]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E932B50E39 for ; Mon, 9 May 2022 17:16:43 -0700 (PDT) Received: by mail-pg1-x549.google.com with SMTP id s68-20020a637747000000b003aaff19b95bso8053309pgc.1 for ; Mon, 09 May 2022 17:16:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=QD0NrA0rKRp0pec8KTI6IW9xj1xL+jmM30atKcgc1k8=; b=IsPJS7H00adX3QCpXSD/mei1YnsTS2t4N0eGi1xaHGFE9rvLkH7wtUefVUaJfrzn2p 10u5MV81UqQWp3TpHepR6qIEBLGeFmlK0kDu2Kt0BEc1l5jB+ODl1tq//5JLEFO4wbaT 7KRRS+4714+Dzjthcko2VpxIjKNWkKbe7MEf1NPZoCBOzC7ijO+aAvZSqhnQr9JcxpYF +TZ9CyIGWmQXW6DZt9E+Ggsp1F88nhlZhYws0RTap6rjuNvr9klcWR2CgcYO2rS9wxtz SgY/DIZ1ud9YikCUqrQPR2gp6+hlA1XGmcXhy+0266rdssKkbAp8XzxMvoK4snDkZciU Jmkg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=QD0NrA0rKRp0pec8KTI6IW9xj1xL+jmM30atKcgc1k8=; b=O2CoD6jsV70COx4yZ+G0V3TbhBZJlk2tIrxoh32x1RoGo2QPu/TtcYRyij7XOz5o+2 4QGv62KBbHbFU/G1Zj9kOw1KLZKV1vYtEU6IOZ5N9Ry+uXguqwT5xN9jQheUMfoDoe9C jUumy7wdlp+jDiNSp9oxnAlIpzcOda+c6veIUaAvADtQDZq4Wu/eVZ8m4oml++hf/afh 7POugaJWDWn4yU08HoXNtkcjOUwqA+NuI+DH5cFAgtXHs/UvA0N/5jptmH6fEJYFOFaJ IUHS+4dRITcYxeyO6YflnQkzeLdIrVwyFOlwH45GCbZHU7Tp4qhyI/jnNT6ZSakRG+n+ OofQ== X-Gm-Message-State: AOAM530OtwGFBbK4lwPGpVVt/gtzGmn7xBlW0sDnL7VGbu8DPQiOoNYQ utd9eULaW624EImO260ncbW4bEkI91fHN9nrjBUUtIrmzfcyfcpO5CwEl3jrYTSVQY9syGr9VpN E41Xn+Lj5hnx9TJOVLoth5TJ5+WJr4UV3yQb4eGi97wAtaEJ/ZhoUEWvKvxyqUew= X-Google-Smtp-Source: ABdhPJxEsqmOiWFXOmG9gfTVXmnMY2awFbxdCsS4fVflAyYeQ7zgfAEbrQ7Klo1c6Bx3gWtqokF0wyTe4W0ZOQ== X-Received: from ricarkol2.c.googlers.com ([fda3:e722:ac3:cc00:24:72f4:c0a8:62fe]) (user=ricarkol job=sendgmr) by 2002:a05:6a00:15c2:b0:510:6d56:730 with SMTP id o2-20020a056a0015c200b005106d560730mr18178625pfu.62.1652141802619; Mon, 09 May 2022 17:16:42 -0700 (PDT) Date: Mon, 9 May 2022 17:16:33 -0700 In-Reply-To: <20220510001633.552496-1-ricarkol@google.com> Message-Id: <20220510001633.552496-5-ricarkol@google.com> Mime-Version: 1.0 References: <20220510001633.552496-1-ricarkol@google.com> X-Mailer: git-send-email 2.36.0.512.ge40c2bad7a-goog Subject: [PATCH v3 4/4] KVM: arm64: vgic: Undo work in failed ITS restores From: Ricardo Koller To: kvm@vger.kernel.org, kvmarm@lists.cs.columbia.edu Cc: pbonzini@redhat.com, maz@kernel.org, andre.przywara@arm.com, drjones@redhat.com, alexandru.elisei@arm.com, eric.auger@redhat.com, oupton@google.com, reijiw@google.com, pshier@google.com, Ricardo Koller Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org Failed ITS restores should clean up all state restored until the failure. There is some cleanup already present when failing to restore some tables, but it's not complete. Add the missing cleanup. Note that this changes the behavior in case of a failed restore of the device tables. restore ioctl: 1. restore collection tables 2. restore device tables With this commit, failures in 2. clean up everything created so far, including state created by 1. Reviewed-by: Eric Auger Signed-off-by: Ricardo Koller --- arch/arm64/kvm/vgic/vgic-its.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/arch/arm64/kvm/vgic/vgic-its.c b/arch/arm64/kvm/vgic/vgic-its.c index f34e09cc86dc..b50542c98d79 100644 --- a/arch/arm64/kvm/vgic/vgic-its.c +++ b/arch/arm64/kvm/vgic/vgic-its.c @@ -2219,8 +2219,10 @@ static int vgic_its_restore_ite(struct vgic_its *its, u32 event_id, vcpu = kvm_get_vcpu(kvm, collection->target_addr); irq = vgic_add_lpi(kvm, lpi_id, vcpu); - if (IS_ERR(irq)) + if (IS_ERR(irq)) { + its_free_ite(kvm, ite); return PTR_ERR(irq); + } ite->irq = irq; return offset; @@ -2485,6 +2487,9 @@ static int vgic_its_restore_device_tables(struct vgic_its *its) if (ret > 0) ret = 0; + if (ret < 0) + vgic_its_free_device_list(its->dev->kvm, its); + return ret; } @@ -2615,6 +2620,9 @@ static int vgic_its_restore_collection_table(struct vgic_its *its) if (ret > 0) return 0; + if (ret < 0) + vgic_its_free_collection_list(its->dev->kvm, its); + return ret; } @@ -2646,7 +2654,10 @@ static int vgic_its_restore_tables_v0(struct vgic_its *its) if (ret) return ret; - return vgic_its_restore_device_tables(its); + ret = vgic_its_restore_device_tables(its); + if (ret) + vgic_its_free_collection_list(its->dev->kvm, its); + return ret; } static int vgic_its_commit_v0(struct vgic_its *its)