From: George-Aurelian Popescu <georgepope@google.com>
To: maz@kernel.org, catalin.marinas@arm.com, will@kernel.org,
masahiroy@kernel.org, michal.lkml@markovi.net
Cc: linux-arm-kernel@lists.infradead.org,
kvmarm@lists.cs.columbia.edu, linux-kernel@vger.kernel.org,
linux-kbuild@vger.kernel.org, clang-built-linux@googlegroups.com,
james.morse@arm.com, julien.thierry.kdev@gmail.com,
suzuki.poulose@arm.com, natechancellor@gmail.com,
ndesaulniers@google.com, dbrazdil@google.com, broonie@kernel.org,
maskray@google.com, ascull@google.com, keescook@chromium.org,
akpm@linux-foundation.org, dvyukov@google.com, elver@google.com,
tglx@linutronix.de, arnd@arndb.de,
George-Aurelian Popescu <georgepope@google.com>
Subject: [PATCH 00/14] UBSan Enablement for hyp/nVHE code
Date: Mon, 14 Sep 2020 17:27:36 +0000 [thread overview]
Message-ID: <20200914172750.852684-1-georgepope@google.com> (raw)
The main problem solved is logging from hyp/nVHE. Because the nVHE code is
independent from the Linux kernel the logging mechanisms aren’t working.
For this purpose a generic kvm_debug_buffer is designed. It is composed
from a statically allocated array and a writing index and comes with a set
of macros to facilitate it’s usage. To avoid concurrency problems between
cores, the kvm_debug_buffer is defined per_cpu. The buffer is checked every
time when the code returns from an hvc call, by modifying the kvm_call_hyp
and kvm_call_hyp_ret macros. The buffer’s writing index is reseted to zero
inside of the el1_sync entry.
Since UBSan’s handlers are living inside the kernel, they can not be called
inside hyp/nVHE. To enable UBSan new handlers had to be defined there. To
store the data from the handler, the kvm_ubsan_buff is defined. It can store
logging data from the handlers in a new defined struct called struct
kvm_ubsan_info. Each handler has to encapsulate it’s data inside the new
struct and write it into the buffer. The kvm_debug_buffer.c file is
responsible for decapsulating the data and calling the kernel handlers.
To check if UBSan works correctly inside hyp/nVHE the last patch comes
with a test mechanism, that calls UBSan when the hyp is initialized.
George Popescu (14):
KVM: arm64: Enable UBSan instrumentation in nVHE hyp code
KVM: arm64: Define a macro for storing a value inside a per_cpu
variable
KVM: arm64: Add support for creating and checking a logging buffer
inside hyp/nVHE
KVM: arm64: Add support for buffer usage
KVM: arm64: Define a buffer that can pass UBSan data from hyp/nVHE to
kernel
Fix CFLAGS for UBSAN_BOUNDS on Clang
KVM: arm64: Enable UBSAN_BOUNDS for the both the kernel and hyp/nVHE
KVM: arm64: Enable UBsan check for unreachable code inside hyp/nVHE
code
KVM: arm64: Enable shift out of bounds undefined behaviour check for
hyp/nVHE
KVM: arm64: __ubsan_handle_load_invalid_value hyp/nVHE implementation.
KVM: arm64: Detect type mismatch undefined behaviour from hyp/nVHE
code
KVM: arm64: Detect arithmetic overflow is inside hyp/nVHE.
KVM: arm64: Enable the CONFIG_TEST UBSan for PKVM.
DO NOT MERGE: Enable configs to test the patch series
arch/arm64/include/asm/kvm_asm.h | 8 ++
arch/arm64/include/asm/kvm_debug_buffer.h | 61 ++++++++
arch/arm64/include/asm/kvm_host.h | 12 ++
arch/arm64/include/asm/kvm_ubsan.h | 53 +++++++
arch/arm64/kvm/Kconfig | 3 +
arch/arm64/kvm/Makefile | 4 +
arch/arm64/kvm/arm.c | 46 +++++-
arch/arm64/kvm/hyp/hyp-entry.S | 6 +-
arch/arm64/kvm/hyp/nvhe/Makefile | 5 +-
arch/arm64/kvm/hyp/nvhe/ubsan.c | 164 ++++++++++++++++++++++
arch/arm64/kvm/hyp/nvhe/ubsan_test.c | 115 +++++++++++++++
arch/arm64/kvm/kvm_ubsan_buffer.c | 75 ++++++++++
lib/Kconfig.ubsan | 5 +-
scripts/Makefile.ubsan | 9 +-
14 files changed, 561 insertions(+), 5 deletions(-)
create mode 100644 arch/arm64/include/asm/kvm_debug_buffer.h
create mode 100644 arch/arm64/include/asm/kvm_ubsan.h
create mode 100644 arch/arm64/kvm/hyp/nvhe/ubsan.c
create mode 100644 arch/arm64/kvm/hyp/nvhe/ubsan_test.c
create mode 100644 arch/arm64/kvm/kvm_ubsan_buffer.c
--
2.28.0.618.gf4bc123cb7-goog
WARNING: multiple messages have this Message-ID (diff)
From: George-Aurelian Popescu <georgepope@google.com>
To: maz@kernel.org, catalin.marinas@arm.com, will@kernel.org,
masahiroy@kernel.org, michal.lkml@markovi.net
Cc: arnd@arndb.de, elver@google.com, tglx@linutronix.de,
keescook@chromium.org, maskray@google.com,
linux-kbuild@vger.kernel.org, ndesaulniers@google.com,
linux-kernel@vger.kernel.org, akpm@linux-foundation.org,
clang-built-linux@googlegroups.com, broonie@kernel.org,
dvyukov@google.com, natechancellor@gmail.com,
kvmarm@lists.cs.columbia.edu,
linux-arm-kernel@lists.infradead.org
Subject: [PATCH 00/14] UBSan Enablement for hyp/nVHE code
Date: Mon, 14 Sep 2020 17:27:36 +0000 [thread overview]
Message-ID: <20200914172750.852684-1-georgepope@google.com> (raw)
The main problem solved is logging from hyp/nVHE. Because the nVHE code is
independent from the Linux kernel the logging mechanisms aren’t working.
For this purpose a generic kvm_debug_buffer is designed. It is composed
from a statically allocated array and a writing index and comes with a set
of macros to facilitate it’s usage. To avoid concurrency problems between
cores, the kvm_debug_buffer is defined per_cpu. The buffer is checked every
time when the code returns from an hvc call, by modifying the kvm_call_hyp
and kvm_call_hyp_ret macros. The buffer’s writing index is reseted to zero
inside of the el1_sync entry.
Since UBSan’s handlers are living inside the kernel, they can not be called
inside hyp/nVHE. To enable UBSan new handlers had to be defined there. To
store the data from the handler, the kvm_ubsan_buff is defined. It can store
logging data from the handlers in a new defined struct called struct
kvm_ubsan_info. Each handler has to encapsulate it’s data inside the new
struct and write it into the buffer. The kvm_debug_buffer.c file is
responsible for decapsulating the data and calling the kernel handlers.
To check if UBSan works correctly inside hyp/nVHE the last patch comes
with a test mechanism, that calls UBSan when the hyp is initialized.
George Popescu (14):
KVM: arm64: Enable UBSan instrumentation in nVHE hyp code
KVM: arm64: Define a macro for storing a value inside a per_cpu
variable
KVM: arm64: Add support for creating and checking a logging buffer
inside hyp/nVHE
KVM: arm64: Add support for buffer usage
KVM: arm64: Define a buffer that can pass UBSan data from hyp/nVHE to
kernel
Fix CFLAGS for UBSAN_BOUNDS on Clang
KVM: arm64: Enable UBSAN_BOUNDS for the both the kernel and hyp/nVHE
KVM: arm64: Enable UBsan check for unreachable code inside hyp/nVHE
code
KVM: arm64: Enable shift out of bounds undefined behaviour check for
hyp/nVHE
KVM: arm64: __ubsan_handle_load_invalid_value hyp/nVHE implementation.
KVM: arm64: Detect type mismatch undefined behaviour from hyp/nVHE
code
KVM: arm64: Detect arithmetic overflow is inside hyp/nVHE.
KVM: arm64: Enable the CONFIG_TEST UBSan for PKVM.
DO NOT MERGE: Enable configs to test the patch series
arch/arm64/include/asm/kvm_asm.h | 8 ++
arch/arm64/include/asm/kvm_debug_buffer.h | 61 ++++++++
arch/arm64/include/asm/kvm_host.h | 12 ++
arch/arm64/include/asm/kvm_ubsan.h | 53 +++++++
arch/arm64/kvm/Kconfig | 3 +
arch/arm64/kvm/Makefile | 4 +
arch/arm64/kvm/arm.c | 46 +++++-
arch/arm64/kvm/hyp/hyp-entry.S | 6 +-
arch/arm64/kvm/hyp/nvhe/Makefile | 5 +-
arch/arm64/kvm/hyp/nvhe/ubsan.c | 164 ++++++++++++++++++++++
arch/arm64/kvm/hyp/nvhe/ubsan_test.c | 115 +++++++++++++++
arch/arm64/kvm/kvm_ubsan_buffer.c | 75 ++++++++++
lib/Kconfig.ubsan | 5 +-
scripts/Makefile.ubsan | 9 +-
14 files changed, 561 insertions(+), 5 deletions(-)
create mode 100644 arch/arm64/include/asm/kvm_debug_buffer.h
create mode 100644 arch/arm64/include/asm/kvm_ubsan.h
create mode 100644 arch/arm64/kvm/hyp/nvhe/ubsan.c
create mode 100644 arch/arm64/kvm/hyp/nvhe/ubsan_test.c
create mode 100644 arch/arm64/kvm/kvm_ubsan_buffer.c
--
2.28.0.618.gf4bc123cb7-goog
_______________________________________________
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
WARNING: multiple messages have this Message-ID (diff)
From: George-Aurelian Popescu <georgepope@google.com>
To: maz@kernel.org, catalin.marinas@arm.com, will@kernel.org,
masahiroy@kernel.org, michal.lkml@markovi.net
Cc: arnd@arndb.de, elver@google.com, tglx@linutronix.de,
keescook@chromium.org, maskray@google.com,
linux-kbuild@vger.kernel.org, suzuki.poulose@arm.com,
ndesaulniers@google.com, linux-kernel@vger.kernel.org,
akpm@linux-foundation.org,
George-Aurelian Popescu <georgepope@google.com>,
clang-built-linux@googlegroups.com, broonie@kernel.org,
james.morse@arm.com, julien.thierry.kdev@gmail.com,
dvyukov@google.com, natechancellor@gmail.com,
dbrazdil@google.com, kvmarm@lists.cs.columbia.edu,
linux-arm-kernel@lists.infradead.org, ascull@google.com
Subject: [PATCH 00/14] UBSan Enablement for hyp/nVHE code
Date: Mon, 14 Sep 2020 17:27:36 +0000 [thread overview]
Message-ID: <20200914172750.852684-1-georgepope@google.com> (raw)
The main problem solved is logging from hyp/nVHE. Because the nVHE code is
independent from the Linux kernel the logging mechanisms aren’t working.
For this purpose a generic kvm_debug_buffer is designed. It is composed
from a statically allocated array and a writing index and comes with a set
of macros to facilitate it’s usage. To avoid concurrency problems between
cores, the kvm_debug_buffer is defined per_cpu. The buffer is checked every
time when the code returns from an hvc call, by modifying the kvm_call_hyp
and kvm_call_hyp_ret macros. The buffer’s writing index is reseted to zero
inside of the el1_sync entry.
Since UBSan’s handlers are living inside the kernel, they can not be called
inside hyp/nVHE. To enable UBSan new handlers had to be defined there. To
store the data from the handler, the kvm_ubsan_buff is defined. It can store
logging data from the handlers in a new defined struct called struct
kvm_ubsan_info. Each handler has to encapsulate it’s data inside the new
struct and write it into the buffer. The kvm_debug_buffer.c file is
responsible for decapsulating the data and calling the kernel handlers.
To check if UBSan works correctly inside hyp/nVHE the last patch comes
with a test mechanism, that calls UBSan when the hyp is initialized.
George Popescu (14):
KVM: arm64: Enable UBSan instrumentation in nVHE hyp code
KVM: arm64: Define a macro for storing a value inside a per_cpu
variable
KVM: arm64: Add support for creating and checking a logging buffer
inside hyp/nVHE
KVM: arm64: Add support for buffer usage
KVM: arm64: Define a buffer that can pass UBSan data from hyp/nVHE to
kernel
Fix CFLAGS for UBSAN_BOUNDS on Clang
KVM: arm64: Enable UBSAN_BOUNDS for the both the kernel and hyp/nVHE
KVM: arm64: Enable UBsan check for unreachable code inside hyp/nVHE
code
KVM: arm64: Enable shift out of bounds undefined behaviour check for
hyp/nVHE
KVM: arm64: __ubsan_handle_load_invalid_value hyp/nVHE implementation.
KVM: arm64: Detect type mismatch undefined behaviour from hyp/nVHE
code
KVM: arm64: Detect arithmetic overflow is inside hyp/nVHE.
KVM: arm64: Enable the CONFIG_TEST UBSan for PKVM.
DO NOT MERGE: Enable configs to test the patch series
arch/arm64/include/asm/kvm_asm.h | 8 ++
arch/arm64/include/asm/kvm_debug_buffer.h | 61 ++++++++
arch/arm64/include/asm/kvm_host.h | 12 ++
arch/arm64/include/asm/kvm_ubsan.h | 53 +++++++
arch/arm64/kvm/Kconfig | 3 +
arch/arm64/kvm/Makefile | 4 +
arch/arm64/kvm/arm.c | 46 +++++-
arch/arm64/kvm/hyp/hyp-entry.S | 6 +-
arch/arm64/kvm/hyp/nvhe/Makefile | 5 +-
arch/arm64/kvm/hyp/nvhe/ubsan.c | 164 ++++++++++++++++++++++
arch/arm64/kvm/hyp/nvhe/ubsan_test.c | 115 +++++++++++++++
arch/arm64/kvm/kvm_ubsan_buffer.c | 75 ++++++++++
lib/Kconfig.ubsan | 5 +-
scripts/Makefile.ubsan | 9 +-
14 files changed, 561 insertions(+), 5 deletions(-)
create mode 100644 arch/arm64/include/asm/kvm_debug_buffer.h
create mode 100644 arch/arm64/include/asm/kvm_ubsan.h
create mode 100644 arch/arm64/kvm/hyp/nvhe/ubsan.c
create mode 100644 arch/arm64/kvm/hyp/nvhe/ubsan_test.c
create mode 100644 arch/arm64/kvm/kvm_ubsan_buffer.c
--
2.28.0.618.gf4bc123cb7-goog
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next reply other threads:[~2020-09-14 17:29 UTC|newest]
Thread overview: 98+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-14 17:27 George-Aurelian Popescu [this message]
2020-09-14 17:27 ` [PATCH 00/14] UBSan Enablement for hyp/nVHE code George-Aurelian Popescu
2020-09-14 17:27 ` George-Aurelian Popescu
2020-09-14 17:27 ` [PATCH 01/14] KVM: arm64: Enable UBSan instrumentation in nVHE hyp code George-Aurelian Popescu
2020-09-14 17:27 ` George-Aurelian Popescu
2020-09-14 17:27 ` George-Aurelian Popescu
2020-09-14 17:27 ` [PATCH 02/14] KVM: arm64: Define a macro for storing a value inside a per_cpu variable George-Aurelian Popescu
2020-09-14 17:27 ` George-Aurelian Popescu
2020-09-14 17:27 ` George-Aurelian Popescu
2020-09-14 17:27 ` [PATCH 03/14] KVM: arm64: Add support for creating and checking a logging buffer inside hyp/nVHE George-Aurelian Popescu
2020-09-14 17:27 ` George-Aurelian Popescu
2020-09-14 17:27 ` George-Aurelian Popescu
2020-10-01 10:07 ` Andrew Scull
2020-10-01 10:07 ` Andrew Scull
2020-10-01 10:07 ` Andrew Scull
2020-09-14 17:27 ` [PATCH 04/14] KVM: arm64: Add support for buffer usage George-Aurelian Popescu
2020-09-14 17:27 ` George-Aurelian Popescu
2020-09-14 17:27 ` George-Aurelian Popescu
2020-09-14 17:27 ` [PATCH 05/14] KVM: arm64: Define a buffer that can pass UBSan data from hyp/nVHE to kernel George-Aurelian Popescu
2020-09-14 17:27 ` George-Aurelian Popescu
2020-09-14 17:27 ` George-Aurelian Popescu
2020-09-15 13:25 ` George Popescu
2020-09-15 13:25 ` George Popescu
2020-09-15 13:25 ` George Popescu
2020-10-01 10:51 ` Andrew Scull
2020-10-01 10:51 ` Andrew Scull
2020-10-01 10:51 ` Andrew Scull
2020-09-14 17:27 ` [PATCH 06/14] Fix CFLAGS for UBSAN_BOUNDS on Clang George-Aurelian Popescu
2020-09-14 17:27 ` George-Aurelian Popescu
2020-09-14 17:27 ` George-Aurelian Popescu
2020-09-14 21:17 ` Nick Desaulniers
2020-09-14 21:17 ` Nick Desaulniers
2020-09-14 21:17 ` Nick Desaulniers
2020-09-14 22:13 ` Kees Cook
2020-09-14 22:13 ` Kees Cook
2020-09-14 22:13 ` Kees Cook
2020-09-15 10:24 ` George Popescu
2020-09-15 10:24 ` George Popescu
2020-09-15 10:24 ` George Popescu
2020-09-15 11:18 ` Marco Elver
2020-09-15 11:18 ` Marco Elver
2020-09-15 11:18 ` Marco Elver
2020-09-15 12:01 ` George Popescu
2020-09-15 12:01 ` George Popescu
2020-09-15 12:01 ` George Popescu
2020-09-15 17:32 ` Marco Elver
2020-09-15 17:32 ` Marco Elver
2020-09-15 17:32 ` Marco Elver
2020-09-16 7:40 ` George Popescu
2020-09-16 7:40 ` George Popescu
2020-09-16 7:40 ` George Popescu
2020-09-16 8:32 ` Marco Elver
2020-09-16 8:32 ` Marco Elver
2020-09-16 8:32 ` Marco Elver
2020-09-16 12:14 ` George Popescu
2020-09-16 12:14 ` George Popescu
2020-09-16 13:40 ` Marco Elver
2020-09-16 13:40 ` Marco Elver
2020-09-16 13:40 ` Marco Elver
2020-09-17 6:37 ` Marco Elver
2020-09-17 6:37 ` Marco Elver
2020-09-17 6:37 ` Marco Elver
2020-09-17 11:35 ` George Popescu
2020-09-17 11:35 ` George Popescu
2020-09-17 11:35 ` George Popescu
2020-09-17 22:21 ` Kees Cook
2020-09-17 22:21 ` Kees Cook
2020-09-17 22:21 ` Kees Cook
2020-09-17 22:17 ` Kees Cook
2020-09-17 22:17 ` Kees Cook
2020-09-17 22:17 ` Kees Cook
2020-09-14 17:27 ` [PATCH 07/14] KVM: arm64: Enable UBSAN_BOUNDS for the both the kernel and hyp/nVHE George-Aurelian Popescu
2020-09-14 17:27 ` George-Aurelian Popescu
2020-09-14 17:27 ` George-Aurelian Popescu
2020-10-01 10:57 ` Andrew Scull
2020-10-01 10:57 ` Andrew Scull
2020-10-01 10:57 ` Andrew Scull
2020-09-14 17:27 ` [PATCH 08/14] KVM: arm64: Enable UBsan check for unreachable code inside hyp/nVHE code George-Aurelian Popescu
2020-09-14 17:27 ` George-Aurelian Popescu
2020-09-14 17:27 ` George-Aurelian Popescu
2020-09-14 17:27 ` [PATCH 09/14] KVM: arm64: Enable shift out of bounds undefined behaviour check for hyp/nVHE George-Aurelian Popescu
2020-09-14 17:27 ` George-Aurelian Popescu
2020-09-14 17:27 ` George-Aurelian Popescu
2020-09-14 17:27 ` [PATCH 10/14] KVM: arm64: __ubsan_handle_load_invalid_value hyp/nVHE implementation George-Aurelian Popescu
2020-09-14 17:27 ` George-Aurelian Popescu
2020-09-14 17:27 ` George-Aurelian Popescu
2020-09-14 17:27 ` [PATCH 11/14] KVM: arm64: Detect type mismatch undefined behaviour from hyp/nVHE code George-Aurelian Popescu
2020-09-14 17:27 ` George-Aurelian Popescu
2020-09-14 17:27 ` George-Aurelian Popescu
2020-09-14 17:27 ` [PATCH 12/14] KVM: arm64: Detect arithmetic overflow is inside hyp/nVHE George-Aurelian Popescu
2020-09-14 17:27 ` George-Aurelian Popescu
2020-09-14 17:27 ` George-Aurelian Popescu
2020-09-14 17:27 ` [PATCH 13/14] KVM: arm64: Enable the CONFIG_TEST UBSan for PKVM George-Aurelian Popescu
2020-09-14 17:27 ` George-Aurelian Popescu
2020-09-14 17:27 ` George-Aurelian Popescu
2020-09-14 17:27 ` [PATCH 14/14] DO NOT MERGE: Enable configs to test the patch series George-Aurelian Popescu
2020-09-14 17:27 ` George-Aurelian Popescu
2020-09-14 17:27 ` George-Aurelian Popescu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200914172750.852684-1-georgepope@google.com \
--to=georgepope@google.com \
--cc=akpm@linux-foundation.org \
--cc=arnd@arndb.de \
--cc=ascull@google.com \
--cc=broonie@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=clang-built-linux@googlegroups.com \
--cc=dbrazdil@google.com \
--cc=dvyukov@google.com \
--cc=elver@google.com \
--cc=james.morse@arm.com \
--cc=julien.thierry.kdev@gmail.com \
--cc=keescook@chromium.org \
--cc=kvmarm@lists.cs.columbia.edu \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kbuild@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=masahiroy@kernel.org \
--cc=maskray@google.com \
--cc=maz@kernel.org \
--cc=michal.lkml@markovi.net \
--cc=natechancellor@gmail.com \
--cc=ndesaulniers@google.com \
--cc=suzuki.poulose@arm.com \
--cc=tglx@linutronix.de \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.