From patchwork Sat Apr 8 12:17:31 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Oliver Upton X-Patchwork-Id: 13205684 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id F3371C7619A for ; Sat, 8 Apr 2023 12:18:04 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230006AbjDHMSD (ORCPT ); Sat, 8 Apr 2023 08:18:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56092 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229640AbjDHMSC (ORCPT ); Sat, 8 Apr 2023 08:18:02 -0400 Received: from out-37.mta0.migadu.com (out-37.mta0.migadu.com [IPv6:2001:41d0:1004:224b::25]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 757EE4C17 for ; Sat, 8 Apr 2023 05:18:00 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1680956278; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=U+hYMZNznSbG1YCea6EGTFnYeO7WZjTjg6+8yW/fTI8=; b=QKLEyvNv7qaECKmkECulfJi/E7f5QBkoEKNgXB285efOdqpMCRj1+Izuw2gKUFRsB8EXkH jUFt8cThP0SuyHE4FzGs6VGTujH/mBougBxwsKjesVFf97i2GdQoqBq2jy2N4SNnBe1tdR evX5d+HOzv/PNZwIFc459kAh2M6APm0= From: Oliver Upton To: kvmarm@lists.linux.dev Cc: kvm@vger.kernel.org, Marc Zyngier , James Morse , Suzuki K Poulose , Zenghui Yu , Oliver Upton Subject: [PATCH 1/2] KVM: arm64: Prevent userspace from handling SMC64 arch range Date: Sat, 8 Apr 2023 12:17:31 +0000 Message-Id: <20230408121732.3411329-2-oliver.upton@linux.dev> In-Reply-To: <20230408121732.3411329-1-oliver.upton@linux.dev> References: <20230408121732.3411329-1-oliver.upton@linux.dev> MIME-Version: 1.0 X-Migadu-Flow: FLOW_OUT Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org Though presently unused, there is an SMC64 view of the Arm architecture calls defined by the SMCCC. The documentation of the SMCCC filter states that the SMC64 range is reserved, but nothing actually prevents userspace from applying a filter to the range. Insert a range with the HANDLE action for the SMC64 arch range, thereby preventing userspace from imposing filtering/forwarding on it. Fixes: fb88707dd39b ("KVM: arm64: Use a maple tree to represent the SMCCC filter") Signed-off-by: Oliver Upton --- arch/arm64/kvm/hypercalls.c | 25 +++++++++++++++++++------ 1 file changed, 19 insertions(+), 6 deletions(-) diff --git a/arch/arm64/kvm/hypercalls.c b/arch/arm64/kvm/hypercalls.c index baf1c4e4a4dc..2e16fc7b31bf 100644 --- a/arch/arm64/kvm/hypercalls.c +++ b/arch/arm64/kvm/hypercalls.c @@ -121,11 +121,17 @@ static bool kvm_smccc_test_fw_bmap(struct kvm_vcpu *vcpu, u32 func_id) } } -#define SMCCC_ARCH_RANGE_BEGIN ARM_SMCCC_VERSION_FUNC_ID -#define SMCCC_ARCH_RANGE_END \ - ARM_SMCCC_CALL_VAL(ARM_SMCCC_FAST_CALL, \ - ARM_SMCCC_SMC_32, \ - 0, ARM_SMCCC_FUNC_MASK) +#define SMC32_ARCH_RANGE_BEGIN ARM_SMCCC_VERSION_FUNC_ID +#define SMC32_ARCH_RANGE_END ARM_SMCCC_CALL_VAL(ARM_SMCCC_FAST_CALL, \ + ARM_SMCCC_SMC_32, \ + 0, ARM_SMCCC_FUNC_MASK) + +#define SMC64_ARCH_RANGE_BEGIN ARM_SMCCC_CALL_VAL(ARM_SMCCC_FAST_CALL, \ + ARM_SMCCC_SMC_64, \ + 0, 0) +#define SMC64_ARCH_RANGE_END ARM_SMCCC_CALL_VAL(ARM_SMCCC_FAST_CALL, \ + ARM_SMCCC_SMC_64, \ + 0, ARM_SMCCC_FUNC_MASK) static void init_smccc_filter(struct kvm *kvm) { @@ -139,10 +145,17 @@ static void init_smccc_filter(struct kvm *kvm) * to the guest. */ r = mtree_insert_range(&kvm->arch.smccc_filter, - SMCCC_ARCH_RANGE_BEGIN, SMCCC_ARCH_RANGE_END, + SMC32_ARCH_RANGE_BEGIN, SMC32_ARCH_RANGE_END, xa_mk_value(KVM_SMCCC_FILTER_HANDLE), GFP_KERNEL_ACCOUNT); WARN_ON_ONCE(r); + + r = mtree_insert_range(&kvm->arch.smccc_filter, + SMC64_ARCH_RANGE_BEGIN, SMC64_ARCH_RANGE_END, + xa_mk_value(KVM_SMCCC_FILTER_HANDLE), + GFP_KERNEL_ACCOUNT); + WARN_ON_ONCE(r); + } static int kvm_smccc_set_filter(struct kvm *kvm, struct kvm_smccc_filter __user *uaddr) From patchwork Sat Apr 8 12:17:32 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Oliver Upton X-Patchwork-Id: 13205685 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 743C9C77B61 for ; Sat, 8 Apr 2023 12:18:06 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229935AbjDHMSF (ORCPT ); Sat, 8 Apr 2023 08:18:05 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56168 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229996AbjDHMSD (ORCPT ); Sat, 8 Apr 2023 08:18:03 -0400 Received: from out-1.mta0.migadu.com (out-1.mta0.migadu.com [91.218.175.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 30638F4 for ; Sat, 8 Apr 2023 05:18:02 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1680956280; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=STkeLKB55+cZfutVbkwWVnPvD/91QpSTelEyuTYWFUM=; b=EcZ8q6rkMKf8id5X3qfkqnB9XJ9J+v+tuzMw6JWYeTz9nfo1/DbCAXV+VC5BU26HYek6vX ZclJN78SA1NKyLOtxzWmmdLSfuqrYk+Kcn81iUiwbHkalK2vMfF554QcSaJtIq02PHVe7M bPCMotmBLDCyGpp437i1FrK0eQ8bb5Y= From: Oliver Upton To: kvmarm@lists.linux.dev Cc: kvm@vger.kernel.org, Marc Zyngier , James Morse , Suzuki K Poulose , Zenghui Yu , Oliver Upton Subject: [PATCH 2/2] KVM: arm64: Test that SMC64 arch calls are reserved Date: Sat, 8 Apr 2023 12:17:32 +0000 Message-Id: <20230408121732.3411329-3-oliver.upton@linux.dev> In-Reply-To: <20230408121732.3411329-1-oliver.upton@linux.dev> References: <20230408121732.3411329-1-oliver.upton@linux.dev> MIME-Version: 1.0 X-Migadu-Flow: FLOW_OUT Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org Assert that the SMC64 view of the Arm architecture range is reserved by KVM and cannot be filtered by userspace. Signed-off-by: Oliver Upton --- tools/testing/selftests/kvm/aarch64/smccc_filter.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/tools/testing/selftests/kvm/aarch64/smccc_filter.c b/tools/testing/selftests/kvm/aarch64/smccc_filter.c index 0f9db0641847..dab671fdf239 100644 --- a/tools/testing/selftests/kvm/aarch64/smccc_filter.c +++ b/tools/testing/selftests/kvm/aarch64/smccc_filter.c @@ -99,6 +99,7 @@ static void test_filter_reserved_range(void) { struct kvm_vcpu *vcpu; struct kvm_vm *vm = setup_vm(&vcpu); + uint32_t smc64_fn; int r; r = __set_smccc_filter(vm, ARM_SMCCC_ARCH_WORKAROUND_1, @@ -106,6 +107,13 @@ static void test_filter_reserved_range(void) TEST_ASSERT(r < 0 && errno == EEXIST, "Attempt to filter reserved range should return EEXIST"); + smc64_fn = ARM_SMCCC_CALL_VAL(ARM_SMCCC_FAST_CALL, ARM_SMCCC_SMC_64, + 0, 0); + + r = __set_smccc_filter(vm, smc64_fn, 1, KVM_SMCCC_FILTER_DENY); + TEST_ASSERT(r < 0 && errno == EEXIST, + "Attempt to filter reserved range should return EEXIST"); + kvm_vm_free(vm); }