From: Ricardo Koller <ricarkol@google.com>
To: kvm@vger.kernel.org, maz@kernel.org,
kvmarm@lists.cs.columbia.edu, drjones@redhat.com,
eric.auger@redhat.com, alexandru.elisei@arm.com
Cc: Paolo Bonzini <pbonzini@redhat.com>,
oupton@google.com, james.morse@arm.com, suzuki.poulose@arm.com,
shuah@kernel.org, jingzhangos@google.com, pshier@google.com,
rananta@google.com, reijiw@google.com,
Ricardo Koller <ricarkol@google.com>
Subject: [PATCH v4 02/11] KVM: arm64: vgic-v3: Check redist region is not above the VM IPA size
Date: Mon, 4 Oct 2021 18:19:12 -0700 [thread overview]
Message-ID: <20211005011921.437353-3-ricarkol@google.com> (raw)
In-Reply-To: <20211005011921.437353-1-ricarkol@google.com>
Verify that the redistributor regions do not extend beyond the
VM-specified IPA range (phys_size). This can happen when using
KVM_VGIC_V3_ADDR_TYPE_REDIST or KVM_VGIC_V3_ADDR_TYPE_REDIST_REGIONS
with:
base + size > phys_size AND base < phys_size
Add the missing check into vgic_v3_alloc_redist_region() which is called
when setting the regions, and into vgic_v3_check_base() which is called
when attempting the first vcpu-run. The vcpu-run check does not apply to
KVM_VGIC_V3_ADDR_TYPE_REDIST_REGIONS because the regions size is known
before the first vcpu-run. Note that using the REDIST_REGIONS API
results in a different check, which already exists, at first vcpu run:
that the number of redist regions is enough for all vcpus.
Finally, this patch also enables some extra tests in
vgic_v3_alloc_redist_region() by calculating "size" early for the legacy
redist api: like checking that the REDIST region can fit all the already
created vcpus.
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Ricardo Koller <ricarkol@google.com>
---
arch/arm64/kvm/vgic/vgic-mmio-v3.c | 6 ++++--
arch/arm64/kvm/vgic/vgic-v3.c | 6 ++++--
2 files changed, 8 insertions(+), 4 deletions(-)
diff --git a/arch/arm64/kvm/vgic/vgic-mmio-v3.c b/arch/arm64/kvm/vgic/vgic-mmio-v3.c
index a09cdc0b953c..a9642fc71fdf 100644
--- a/arch/arm64/kvm/vgic/vgic-mmio-v3.c
+++ b/arch/arm64/kvm/vgic/vgic-mmio-v3.c
@@ -796,7 +796,9 @@ static int vgic_v3_alloc_redist_region(struct kvm *kvm, uint32_t index,
struct vgic_dist *d = &kvm->arch.vgic;
struct vgic_redist_region *rdreg;
struct list_head *rd_regions = &d->rd_regions;
- size_t size = count * KVM_VGIC_V3_REDIST_SIZE;
+ int nr_vcpus = atomic_read(&kvm->online_vcpus);
+ size_t size = count ? count * KVM_VGIC_V3_REDIST_SIZE
+ : nr_vcpus * KVM_VGIC_V3_REDIST_SIZE;
int ret;
/* cross the end of memory ? */
@@ -840,7 +842,7 @@ static int vgic_v3_alloc_redist_region(struct kvm *kvm, uint32_t index,
rdreg->base = VGIC_ADDR_UNDEF;
- ret = vgic_check_ioaddr(kvm, &rdreg->base, base, SZ_64K);
+ ret = vgic_check_iorange(kvm, rdreg->base, base, SZ_64K, size);
if (ret)
goto free;
diff --git a/arch/arm64/kvm/vgic/vgic-v3.c b/arch/arm64/kvm/vgic/vgic-v3.c
index 21a6207fb2ee..960f51a8691f 100644
--- a/arch/arm64/kvm/vgic/vgic-v3.c
+++ b/arch/arm64/kvm/vgic/vgic-v3.c
@@ -483,8 +483,10 @@ bool vgic_v3_check_base(struct kvm *kvm)
return false;
list_for_each_entry(rdreg, &d->rd_regions, list) {
- if (rdreg->base + vgic_v3_rd_region_size(kvm, rdreg) <
- rdreg->base)
+ size_t sz = vgic_v3_rd_region_size(kvm, rdreg);
+
+ if (vgic_check_iorange(kvm, VGIC_ADDR_UNDEF,
+ rdreg->base, SZ_64K, sz))
return false;
}
--
2.33.0.800.g4c38ced690-goog
WARNING: multiple messages have this Message-ID (diff)
From: Ricardo Koller <ricarkol@google.com>
To: kvm@vger.kernel.org, maz@kernel.org,
kvmarm@lists.cs.columbia.edu, drjones@redhat.com,
eric.auger@redhat.com, alexandru.elisei@arm.com
Cc: pshier@google.com, Paolo Bonzini <pbonzini@redhat.com>, shuah@kernel.org
Subject: [PATCH v4 02/11] KVM: arm64: vgic-v3: Check redist region is not above the VM IPA size
Date: Mon, 4 Oct 2021 18:19:12 -0700 [thread overview]
Message-ID: <20211005011921.437353-3-ricarkol@google.com> (raw)
In-Reply-To: <20211005011921.437353-1-ricarkol@google.com>
Verify that the redistributor regions do not extend beyond the
VM-specified IPA range (phys_size). This can happen when using
KVM_VGIC_V3_ADDR_TYPE_REDIST or KVM_VGIC_V3_ADDR_TYPE_REDIST_REGIONS
with:
base + size > phys_size AND base < phys_size
Add the missing check into vgic_v3_alloc_redist_region() which is called
when setting the regions, and into vgic_v3_check_base() which is called
when attempting the first vcpu-run. The vcpu-run check does not apply to
KVM_VGIC_V3_ADDR_TYPE_REDIST_REGIONS because the regions size is known
before the first vcpu-run. Note that using the REDIST_REGIONS API
results in a different check, which already exists, at first vcpu run:
that the number of redist regions is enough for all vcpus.
Finally, this patch also enables some extra tests in
vgic_v3_alloc_redist_region() by calculating "size" early for the legacy
redist api: like checking that the REDIST region can fit all the already
created vcpus.
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Ricardo Koller <ricarkol@google.com>
---
arch/arm64/kvm/vgic/vgic-mmio-v3.c | 6 ++++--
arch/arm64/kvm/vgic/vgic-v3.c | 6 ++++--
2 files changed, 8 insertions(+), 4 deletions(-)
diff --git a/arch/arm64/kvm/vgic/vgic-mmio-v3.c b/arch/arm64/kvm/vgic/vgic-mmio-v3.c
index a09cdc0b953c..a9642fc71fdf 100644
--- a/arch/arm64/kvm/vgic/vgic-mmio-v3.c
+++ b/arch/arm64/kvm/vgic/vgic-mmio-v3.c
@@ -796,7 +796,9 @@ static int vgic_v3_alloc_redist_region(struct kvm *kvm, uint32_t index,
struct vgic_dist *d = &kvm->arch.vgic;
struct vgic_redist_region *rdreg;
struct list_head *rd_regions = &d->rd_regions;
- size_t size = count * KVM_VGIC_V3_REDIST_SIZE;
+ int nr_vcpus = atomic_read(&kvm->online_vcpus);
+ size_t size = count ? count * KVM_VGIC_V3_REDIST_SIZE
+ : nr_vcpus * KVM_VGIC_V3_REDIST_SIZE;
int ret;
/* cross the end of memory ? */
@@ -840,7 +842,7 @@ static int vgic_v3_alloc_redist_region(struct kvm *kvm, uint32_t index,
rdreg->base = VGIC_ADDR_UNDEF;
- ret = vgic_check_ioaddr(kvm, &rdreg->base, base, SZ_64K);
+ ret = vgic_check_iorange(kvm, rdreg->base, base, SZ_64K, size);
if (ret)
goto free;
diff --git a/arch/arm64/kvm/vgic/vgic-v3.c b/arch/arm64/kvm/vgic/vgic-v3.c
index 21a6207fb2ee..960f51a8691f 100644
--- a/arch/arm64/kvm/vgic/vgic-v3.c
+++ b/arch/arm64/kvm/vgic/vgic-v3.c
@@ -483,8 +483,10 @@ bool vgic_v3_check_base(struct kvm *kvm)
return false;
list_for_each_entry(rdreg, &d->rd_regions, list) {
- if (rdreg->base + vgic_v3_rd_region_size(kvm, rdreg) <
- rdreg->base)
+ size_t sz = vgic_v3_rd_region_size(kvm, rdreg);
+
+ if (vgic_check_iorange(kvm, VGIC_ADDR_UNDEF,
+ rdreg->base, SZ_64K, sz))
return false;
}
--
2.33.0.800.g4c38ced690-goog
_______________________________________________
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
next prev parent reply other threads:[~2021-10-05 1:19 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-05 1:19 [PATCH v4 00/11] KVM: arm64: vgic: Missing checks for REDIST/CPU and ITS regions above the VM IPA size Ricardo Koller
2021-10-05 1:19 ` Ricardo Koller
2021-10-05 1:19 ` [PATCH v4 01/11] kvm: arm64: vgic: Introduce vgic_check_iorange Ricardo Koller
2021-10-05 1:19 ` Ricardo Koller
2021-10-05 1:19 ` Ricardo Koller [this message]
2021-10-05 1:19 ` [PATCH v4 02/11] KVM: arm64: vgic-v3: Check redist region is not above the VM IPA size Ricardo Koller
2021-10-05 1:19 ` [PATCH v4 03/11] KVM: arm64: vgic-v2: Check cpu interface " Ricardo Koller
2021-10-05 1:19 ` Ricardo Koller
2021-10-05 1:19 ` [PATCH v4 04/11] KVM: arm64: vgic-v3: Check ITS " Ricardo Koller
2021-10-05 1:19 ` Ricardo Koller
2021-10-05 1:19 ` [PATCH v4 05/11] KVM: arm64: vgic: Drop vgic_check_ioaddr() Ricardo Koller
2021-10-05 1:19 ` Ricardo Koller
2021-10-05 7:56 ` Eric Auger
2021-10-05 7:56 ` Eric Auger
2021-10-05 1:19 ` [PATCH v4 06/11] KVM: arm64: selftests: Make vgic_init gic version agnostic Ricardo Koller
2021-10-05 1:19 ` Ricardo Koller
2021-10-06 9:46 ` Andrew Jones
2021-10-06 9:46 ` Andrew Jones
2021-10-05 1:19 ` [PATCH v4 07/11] KVM: arm64: selftests: Make vgic_init/vm_gic_create " Ricardo Koller
2021-10-05 1:19 ` Ricardo Koller
2021-10-06 9:47 ` Andrew Jones
2021-10-06 9:47 ` Andrew Jones
2021-10-05 1:19 ` [PATCH v4 08/11] KVM: arm64: selftests: Add some tests for GICv2 in vgic_init Ricardo Koller
2021-10-05 1:19 ` Ricardo Koller
2021-10-05 8:09 ` Eric Auger
2021-10-05 8:09 ` Eric Auger
2021-10-06 9:52 ` Andrew Jones
2021-10-06 9:52 ` Andrew Jones
2021-10-05 1:19 ` [PATCH v4 09/11] KVM: arm64: selftests: Add tests for GIC redist/cpuif partially above IPA range Ricardo Koller
2021-10-05 1:19 ` Ricardo Koller
2021-10-05 8:12 ` Eric Auger
2021-10-05 8:12 ` Eric Auger
2021-10-06 10:07 ` Andrew Jones
2021-10-06 10:07 ` Andrew Jones
2021-10-05 1:19 ` [PATCH v4 10/11] KVM: arm64: selftests: Add test for legacy GICv3 REDIST base " Ricardo Koller
2021-10-05 1:19 ` Ricardo Koller
2021-10-06 10:12 ` Andrew Jones
2021-10-06 10:12 ` Andrew Jones
2021-10-05 1:19 ` [PATCH v4 11/11] KVM: arm64: selftests: Add init ITS device test Ricardo Koller
2021-10-05 1:19 ` Ricardo Koller
2021-10-05 8:06 ` Eric Auger
2021-10-05 8:06 ` Eric Auger
2021-10-06 10:13 ` Andrew Jones
2021-10-06 10:13 ` Andrew Jones
2021-10-11 8:43 ` [PATCH v4 00/11] KVM: arm64: vgic: Missing checks for REDIST/CPU and ITS regions above the VM IPA size Marc Zyngier
2021-10-11 8:43 ` Marc Zyngier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211005011921.437353-3-ricarkol@google.com \
--to=ricarkol@google.com \
--cc=alexandru.elisei@arm.com \
--cc=drjones@redhat.com \
--cc=eric.auger@redhat.com \
--cc=james.morse@arm.com \
--cc=jingzhangos@google.com \
--cc=kvm@vger.kernel.org \
--cc=kvmarm@lists.cs.columbia.edu \
--cc=maz@kernel.org \
--cc=oupton@google.com \
--cc=pbonzini@redhat.com \
--cc=pshier@google.com \
--cc=rananta@google.com \
--cc=reijiw@google.com \
--cc=shuah@kernel.org \
--cc=suzuki.poulose@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.