linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	stable@vger.kernel.org, Ricardo Koller <ricarkol@google.com>,
	Marc Zyngier <maz@kernel.org>
Subject: [PATCH 4.19 54/58] KVM: arm64: Fix debug register indexing
Date: Tue,  8 Jun 2021 20:27:35 +0200	[thread overview]
Message-ID: <20210608175934.054225351@linuxfoundation.org> (raw)
In-Reply-To: <20210608175932.263480586@linuxfoundation.org>

From: Marc Zyngier <maz@kernel.org>

commit cb853ded1d25e5b026ce115dbcde69e3d7e2e831 upstream.

Commit 03fdfb2690099 ("KVM: arm64: Don't write junk to sysregs on
reset") flipped the register number to 0 for all the debug registers
in the sysreg table, hereby indicating that these registers live
in a separate shadow structure.

However, the author of this patch failed to realise that all the
accessors are using that particular index instead of the register
encoding, resulting in all the registers hitting index 0. Not quite
a valid implementation of the architecture...

Address the issue by fixing all the accessors to use the CRm field
of the encoding, which contains the debug register index.

Fixes: 03fdfb2690099 ("KVM: arm64: Don't write junk to sysregs on reset")
Reported-by: Ricardo Koller <ricarkol@google.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 arch/arm64/kvm/sys_regs.c |   42 +++++++++++++++++++++---------------------
 1 file changed, 21 insertions(+), 21 deletions(-)

--- a/arch/arm64/kvm/sys_regs.c
+++ b/arch/arm64/kvm/sys_regs.c
@@ -426,14 +426,14 @@ static bool trap_bvr(struct kvm_vcpu *vc
 		     struct sys_reg_params *p,
 		     const struct sys_reg_desc *rd)
 {
-	u64 *dbg_reg = &vcpu->arch.vcpu_debug_state.dbg_bvr[rd->reg];
+	u64 *dbg_reg = &vcpu->arch.vcpu_debug_state.dbg_bvr[rd->CRm];
 
 	if (p->is_write)
 		reg_to_dbg(vcpu, p, dbg_reg);
 	else
 		dbg_to_reg(vcpu, p, dbg_reg);
 
-	trace_trap_reg(__func__, rd->reg, p->is_write, *dbg_reg);
+	trace_trap_reg(__func__, rd->CRm, p->is_write, *dbg_reg);
 
 	return true;
 }
@@ -441,7 +441,7 @@ static bool trap_bvr(struct kvm_vcpu *vc
 static int set_bvr(struct kvm_vcpu *vcpu, const struct sys_reg_desc *rd,
 		const struct kvm_one_reg *reg, void __user *uaddr)
 {
-	__u64 *r = &vcpu->arch.vcpu_debug_state.dbg_bvr[rd->reg];
+	__u64 *r = &vcpu->arch.vcpu_debug_state.dbg_bvr[rd->CRm];
 
 	if (copy_from_user(r, uaddr, KVM_REG_SIZE(reg->id)) != 0)
 		return -EFAULT;
@@ -451,7 +451,7 @@ static int set_bvr(struct kvm_vcpu *vcpu
 static int get_bvr(struct kvm_vcpu *vcpu, const struct sys_reg_desc *rd,
 	const struct kvm_one_reg *reg, void __user *uaddr)
 {
-	__u64 *r = &vcpu->arch.vcpu_debug_state.dbg_bvr[rd->reg];
+	__u64 *r = &vcpu->arch.vcpu_debug_state.dbg_bvr[rd->CRm];
 
 	if (copy_to_user(uaddr, r, KVM_REG_SIZE(reg->id)) != 0)
 		return -EFAULT;
@@ -461,21 +461,21 @@ static int get_bvr(struct kvm_vcpu *vcpu
 static void reset_bvr(struct kvm_vcpu *vcpu,
 		      const struct sys_reg_desc *rd)
 {
-	vcpu->arch.vcpu_debug_state.dbg_bvr[rd->reg] = rd->val;
+	vcpu->arch.vcpu_debug_state.dbg_bvr[rd->CRm] = rd->val;
 }
 
 static bool trap_bcr(struct kvm_vcpu *vcpu,
 		     struct sys_reg_params *p,
 		     const struct sys_reg_desc *rd)
 {
-	u64 *dbg_reg = &vcpu->arch.vcpu_debug_state.dbg_bcr[rd->reg];
+	u64 *dbg_reg = &vcpu->arch.vcpu_debug_state.dbg_bcr[rd->CRm];
 
 	if (p->is_write)
 		reg_to_dbg(vcpu, p, dbg_reg);
 	else
 		dbg_to_reg(vcpu, p, dbg_reg);
 
-	trace_trap_reg(__func__, rd->reg, p->is_write, *dbg_reg);
+	trace_trap_reg(__func__, rd->CRm, p->is_write, *dbg_reg);
 
 	return true;
 }
@@ -483,7 +483,7 @@ static bool trap_bcr(struct kvm_vcpu *vc
 static int set_bcr(struct kvm_vcpu *vcpu, const struct sys_reg_desc *rd,
 		const struct kvm_one_reg *reg, void __user *uaddr)
 {
-	__u64 *r = &vcpu->arch.vcpu_debug_state.dbg_bcr[rd->reg];
+	__u64 *r = &vcpu->arch.vcpu_debug_state.dbg_bcr[rd->CRm];
 
 	if (copy_from_user(r, uaddr, KVM_REG_SIZE(reg->id)) != 0)
 		return -EFAULT;
@@ -494,7 +494,7 @@ static int set_bcr(struct kvm_vcpu *vcpu
 static int get_bcr(struct kvm_vcpu *vcpu, const struct sys_reg_desc *rd,
 	const struct kvm_one_reg *reg, void __user *uaddr)
 {
-	__u64 *r = &vcpu->arch.vcpu_debug_state.dbg_bcr[rd->reg];
+	__u64 *r = &vcpu->arch.vcpu_debug_state.dbg_bcr[rd->CRm];
 
 	if (copy_to_user(uaddr, r, KVM_REG_SIZE(reg->id)) != 0)
 		return -EFAULT;
@@ -504,22 +504,22 @@ static int get_bcr(struct kvm_vcpu *vcpu
 static void reset_bcr(struct kvm_vcpu *vcpu,
 		      const struct sys_reg_desc *rd)
 {
-	vcpu->arch.vcpu_debug_state.dbg_bcr[rd->reg] = rd->val;
+	vcpu->arch.vcpu_debug_state.dbg_bcr[rd->CRm] = rd->val;
 }
 
 static bool trap_wvr(struct kvm_vcpu *vcpu,
 		     struct sys_reg_params *p,
 		     const struct sys_reg_desc *rd)
 {
-	u64 *dbg_reg = &vcpu->arch.vcpu_debug_state.dbg_wvr[rd->reg];
+	u64 *dbg_reg = &vcpu->arch.vcpu_debug_state.dbg_wvr[rd->CRm];
 
 	if (p->is_write)
 		reg_to_dbg(vcpu, p, dbg_reg);
 	else
 		dbg_to_reg(vcpu, p, dbg_reg);
 
-	trace_trap_reg(__func__, rd->reg, p->is_write,
-		vcpu->arch.vcpu_debug_state.dbg_wvr[rd->reg]);
+	trace_trap_reg(__func__, rd->CRm, p->is_write,
+		vcpu->arch.vcpu_debug_state.dbg_wvr[rd->CRm]);
 
 	return true;
 }
@@ -527,7 +527,7 @@ static bool trap_wvr(struct kvm_vcpu *vc
 static int set_wvr(struct kvm_vcpu *vcpu, const struct sys_reg_desc *rd,
 		const struct kvm_one_reg *reg, void __user *uaddr)
 {
-	__u64 *r = &vcpu->arch.vcpu_debug_state.dbg_wvr[rd->reg];
+	__u64 *r = &vcpu->arch.vcpu_debug_state.dbg_wvr[rd->CRm];
 
 	if (copy_from_user(r, uaddr, KVM_REG_SIZE(reg->id)) != 0)
 		return -EFAULT;
@@ -537,7 +537,7 @@ static int set_wvr(struct kvm_vcpu *vcpu
 static int get_wvr(struct kvm_vcpu *vcpu, const struct sys_reg_desc *rd,
 	const struct kvm_one_reg *reg, void __user *uaddr)
 {
-	__u64 *r = &vcpu->arch.vcpu_debug_state.dbg_wvr[rd->reg];
+	__u64 *r = &vcpu->arch.vcpu_debug_state.dbg_wvr[rd->CRm];
 
 	if (copy_to_user(uaddr, r, KVM_REG_SIZE(reg->id)) != 0)
 		return -EFAULT;
@@ -547,21 +547,21 @@ static int get_wvr(struct kvm_vcpu *vcpu
 static void reset_wvr(struct kvm_vcpu *vcpu,
 		      const struct sys_reg_desc *rd)
 {
-	vcpu->arch.vcpu_debug_state.dbg_wvr[rd->reg] = rd->val;
+	vcpu->arch.vcpu_debug_state.dbg_wvr[rd->CRm] = rd->val;
 }
 
 static bool trap_wcr(struct kvm_vcpu *vcpu,
 		     struct sys_reg_params *p,
 		     const struct sys_reg_desc *rd)
 {
-	u64 *dbg_reg = &vcpu->arch.vcpu_debug_state.dbg_wcr[rd->reg];
+	u64 *dbg_reg = &vcpu->arch.vcpu_debug_state.dbg_wcr[rd->CRm];
 
 	if (p->is_write)
 		reg_to_dbg(vcpu, p, dbg_reg);
 	else
 		dbg_to_reg(vcpu, p, dbg_reg);
 
-	trace_trap_reg(__func__, rd->reg, p->is_write, *dbg_reg);
+	trace_trap_reg(__func__, rd->CRm, p->is_write, *dbg_reg);
 
 	return true;
 }
@@ -569,7 +569,7 @@ static bool trap_wcr(struct kvm_vcpu *vc
 static int set_wcr(struct kvm_vcpu *vcpu, const struct sys_reg_desc *rd,
 		const struct kvm_one_reg *reg, void __user *uaddr)
 {
-	__u64 *r = &vcpu->arch.vcpu_debug_state.dbg_wcr[rd->reg];
+	__u64 *r = &vcpu->arch.vcpu_debug_state.dbg_wcr[rd->CRm];
 
 	if (copy_from_user(r, uaddr, KVM_REG_SIZE(reg->id)) != 0)
 		return -EFAULT;
@@ -579,7 +579,7 @@ static int set_wcr(struct kvm_vcpu *vcpu
 static int get_wcr(struct kvm_vcpu *vcpu, const struct sys_reg_desc *rd,
 	const struct kvm_one_reg *reg, void __user *uaddr)
 {
-	__u64 *r = &vcpu->arch.vcpu_debug_state.dbg_wcr[rd->reg];
+	__u64 *r = &vcpu->arch.vcpu_debug_state.dbg_wcr[rd->CRm];
 
 	if (copy_to_user(uaddr, r, KVM_REG_SIZE(reg->id)) != 0)
 		return -EFAULT;
@@ -589,7 +589,7 @@ static int get_wcr(struct kvm_vcpu *vcpu
 static void reset_wcr(struct kvm_vcpu *vcpu,
 		      const struct sys_reg_desc *rd)
 {
-	vcpu->arch.vcpu_debug_state.dbg_wcr[rd->reg] = rd->val;
+	vcpu->arch.vcpu_debug_state.dbg_wcr[rd->CRm] = rd->val;
 }
 
 static void reset_amair_el1(struct kvm_vcpu *vcpu, const struct sys_reg_desc *r)



  parent reply	other threads:[~2021-06-08 18:43 UTC|newest]

Thread overview: 69+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-06-08 18:26 [PATCH 4.19 00/58] 4.19.194-rc1 review Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 4.19 01/58] net: usb: cdc_ncm: dont spew notifications Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 4.19 02/58] ALSA: usb: update old-style static const declaration Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 4.19 03/58] nl80211: validate key indexes for cfg80211_registered_device Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 4.19 04/58] efi: Allow EFI_MEMORY_XP and EFI_MEMORY_RO both to be cleared Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 4.19 05/58] efi: cper: fix snprintf() use in cper_dimm_err_location() Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 4.19 06/58] vfio/pci: Fix error return code in vfio_ecap_init() Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 4.19 07/58] vfio/pci: zap_vma_ptes() needs MMU Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 4.19 08/58] samples: vfio-mdev: fix error handing in mdpy_fb_probe() Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 4.19 09/58] vfio/platform: fix module_put call in error flow Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 4.19 10/58] ipvs: ignore IP_VS_SVC_F_HASHED flag when adding service Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 4.19 11/58] HID: pidff: fix error return code in hid_pidff_init() Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 4.19 12/58] HID: i2c-hid: fix format string mismatch Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 4.19 13/58] netfilter: nfnetlink_cthelper: hit EBUSY on updates if size mismatches Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 4.19 14/58] ieee802154: fix error return code in ieee802154_add_iface() Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 4.19 15/58] ieee802154: fix error return code in ieee802154_llsec_getparams() Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 4.19 16/58] ixgbevf: add correct exception tracing for XDP Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 4.19 17/58] tipc: add extack messages for bearer/media failure Greg Kroah-Hartman
2021-06-08 18:26 ` [PATCH 4.19 18/58] tipc: fix unique bearer names sanity check Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.19 19/58] Bluetooth: fix the erroneous flush_work() order Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.19 20/58] Bluetooth: use correct lock to prevent UAF of hdev object Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.19 21/58] net: caif: added cfserl_release function Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.19 22/58] net: caif: add proper error handling Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.19 23/58] net: caif: fix memory leak in caif_device_notify Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.19 24/58] net: caif: fix memory leak in cfusbl_device_notify Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.19 25/58] HID: multitouch: require Finger field to mark Win8 reports as MT Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.19 26/58] ALSA: timer: Fix master timer notification Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.19 27/58] ALSA: hda: Fix for mute key LED for HP Pavilion 15-CK0xx Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.19 28/58] ARM: dts: imx6q-dhcom: Add PU,VDD1P1,VDD2P5 regulators Greg Kroah-Hartman
2021-06-08 19:09   ` Sudip Mukherjee
2021-06-09  6:25     ` Greg Kroah-Hartman
2021-06-08 19:13   ` Naresh Kamboju
2021-06-09  6:25     ` Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.19 29/58] ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.19 30/58] usb: dwc2: Fix build in periphal-only mode Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.19 31/58] pid: take a reference when initializing `cad_pid` Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.19 32/58] ocfs2: fix data corruption by fallocate Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.19 33/58] nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.19 34/58] x86/apic: Mark _all_ legacy interrupts when IO/APIC is missing Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.19 35/58] btrfs: mark ordered extent and inode with error if we fail to finish Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.19 36/58] btrfs: fix error handling in btrfs_del_csums Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.19 37/58] btrfs: return errors from btrfs_del_csums in cleanup_ref_head Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.19 38/58] btrfs: fixup error handling in fixup_inode_link_counts Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.19 39/58] mm, hugetlb: fix simple resv_huge_pages underflow on UFFDIO_COPY Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.19 40/58] bpf: fix test suite to enable all unpriv program types Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.19 41/58] bpf: test make sure to run unpriv test cases in test_verifier Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.19 42/58] selftests/bpf: Generalize dummy program types Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.19 43/58] bpf: Add BPF_F_ANY_ALIGNMENT Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.19 44/58] bpf: Adjust F_NEEDS_EFFICIENT_UNALIGNED_ACCESS handling in test_verifier.c Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.19 45/58] bpf: Make more use of any alignment " Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.19 46/58] bpf: Apply F_NEEDS_EFFICIENT_UNALIGNED_ACCESS to more ACCEPT test cases Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.19 47/58] selftests/bpf: add "any alignment" annotation for some tests Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.19 48/58] selftests/bpf: Avoid running unprivileged tests with alignment requirements Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.19 49/58] bnxt_en: Remove the setting of dev_port Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.19 50/58] perf/cgroups: Dont rotate events for cgroups unnecessarily Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.19 51/58] perf/core: Fix corner case in perf_rotate_context() Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.19 52/58] btrfs: fix unmountable seed device after fstrim Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.19 53/58] KVM: SVM: Truncate GPR value for DR and CR accesses in !64-bit mode Greg Kroah-Hartman
2021-06-08 18:27 ` Greg Kroah-Hartman [this message]
2021-06-08 18:27 ` [PATCH 4.19 55/58] ACPI: probe ECDT before loading AML tables regardless of module-level code flag Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.19 56/58] ACPI: EC: Look for ECDT EC after calling acpi_load_tables() Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.19 57/58] sched/fair: Optimize select_idle_cpu Greg Kroah-Hartman
2021-06-08 18:27 ` [PATCH 4.19 58/58] xen-pciback: redo VF placement in the virtual topology Greg Kroah-Hartman
2021-06-08 18:45 ` [PATCH 4.19 00/58] 4.19.194-rc1 review Naresh Kamboju
2021-06-08 22:41   ` Pavel Machek
2021-06-09  6:25     ` Greg Kroah-Hartman
2021-06-10 11:40       ` Marek Vasut
2021-06-11  7:28         ` Greg Kroah-Hartman
2021-06-09  2:55 ` Shuah Khan

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210608175934.054225351@linuxfoundation.org \
    --to=gregkh@linuxfoundation.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=maz@kernel.org \
    --cc=ricarkol@google.com \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).