From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Will Deacon <will@kernel.org>, Andrew Scull <ascull@google.com>,
Quentin Perret <qperret@google.com>,
Marc Zyngier <maz@kernel.org>, Sasha Levin <sashal@kernel.org>,
linux-arm-kernel@lists.infradead.org,
kvmarm@lists.cs.columbia.edu
Subject: [PATCH AUTOSEL 5.14 13/32] KVM: arm64: Make hyp_panic() more robust when protected mode is enabled
Date: Sat, 11 Sep 2021 09:11:30 -0400 [thread overview]
Message-ID: <20210911131149.284397-13-sashal@kernel.org> (raw)
In-Reply-To: <20210911131149.284397-1-sashal@kernel.org>
From: Will Deacon <will@kernel.org>
[ Upstream commit ccac96977243d7916053550f62e6489760ad0adc ]
When protected mode is enabled, the host is unable to access most parts
of the EL2 hypervisor image, including 'hyp_physvirt_offset' and the
contents of the hypervisor's '.rodata.str' section. Unfortunately,
nvhe_hyp_panic_handler() tries to read from both of these locations when
handling a BUG() triggered at EL2; the former for converting the ELR to
a physical address and the latter for displaying the name of the source
file where the BUG() occurred.
Hack the EL2 panic asm to pass both physical and virtual ELR values to
the host and utilise the newly introduced CONFIG_NVHE_EL2_DEBUG so that
we disable stage-2 protection for the host before returning to the EL1
panic handler. If the debug option is not enabled, display the address
instead of the source file:line information.
Cc: Andrew Scull <ascull@google.com>
Cc: Quentin Perret <qperret@google.com>
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20210813130336.8139-1-will@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/kvm/handle_exit.c | 23 ++++++++++++++---------
arch/arm64/kvm/hyp/nvhe/host.S | 21 +++++++++++++++++----
2 files changed, 31 insertions(+), 13 deletions(-)
diff --git a/arch/arm64/kvm/handle_exit.c b/arch/arm64/kvm/handle_exit.c
index 6f48336b1d86..04ebab299aa4 100644
--- a/arch/arm64/kvm/handle_exit.c
+++ b/arch/arm64/kvm/handle_exit.c
@@ -292,11 +292,12 @@ void handle_exit_early(struct kvm_vcpu *vcpu, int exception_index)
kvm_handle_guest_serror(vcpu, kvm_vcpu_get_esr(vcpu));
}
-void __noreturn __cold nvhe_hyp_panic_handler(u64 esr, u64 spsr, u64 elr,
+void __noreturn __cold nvhe_hyp_panic_handler(u64 esr, u64 spsr,
+ u64 elr_virt, u64 elr_phys,
u64 par, uintptr_t vcpu,
u64 far, u64 hpfar) {
- u64 elr_in_kimg = __phys_to_kimg(__hyp_pa(elr));
- u64 hyp_offset = elr_in_kimg - kaslr_offset() - elr;
+ u64 elr_in_kimg = __phys_to_kimg(elr_phys);
+ u64 hyp_offset = elr_in_kimg - kaslr_offset() - elr_virt;
u64 mode = spsr & PSR_MODE_MASK;
/*
@@ -309,20 +310,24 @@ void __noreturn __cold nvhe_hyp_panic_handler(u64 esr, u64 spsr, u64 elr,
kvm_err("Invalid host exception to nVHE hyp!\n");
} else if (ESR_ELx_EC(esr) == ESR_ELx_EC_BRK64 &&
(esr & ESR_ELx_BRK64_ISS_COMMENT_MASK) == BUG_BRK_IMM) {
- struct bug_entry *bug = find_bug(elr_in_kimg);
const char *file = NULL;
unsigned int line = 0;
/* All hyp bugs, including warnings, are treated as fatal. */
- if (bug)
- bug_get_file_line(bug, &file, &line);
+ if (!is_protected_kvm_enabled() ||
+ IS_ENABLED(CONFIG_NVHE_EL2_DEBUG)) {
+ struct bug_entry *bug = find_bug(elr_in_kimg);
+
+ if (bug)
+ bug_get_file_line(bug, &file, &line);
+ }
if (file)
kvm_err("nVHE hyp BUG at: %s:%u!\n", file, line);
else
- kvm_err("nVHE hyp BUG at: %016llx!\n", elr + hyp_offset);
+ kvm_err("nVHE hyp BUG at: %016llx!\n", elr_virt + hyp_offset);
} else {
- kvm_err("nVHE hyp panic at: %016llx!\n", elr + hyp_offset);
+ kvm_err("nVHE hyp panic at: %016llx!\n", elr_virt + hyp_offset);
}
/*
@@ -334,5 +339,5 @@ void __noreturn __cold nvhe_hyp_panic_handler(u64 esr, u64 spsr, u64 elr,
kvm_err("Hyp Offset: 0x%llx\n", hyp_offset);
panic("HYP panic:\nPS:%08llx PC:%016llx ESR:%08llx\nFAR:%016llx HPFAR:%016llx PAR:%016llx\nVCPU:%016lx\n",
- spsr, elr, esr, far, hpfar, par, vcpu);
+ spsr, elr_virt, esr, far, hpfar, par, vcpu);
}
diff --git a/arch/arm64/kvm/hyp/nvhe/host.S b/arch/arm64/kvm/hyp/nvhe/host.S
index 2b23400e0fb3..4b652ffb591d 100644
--- a/arch/arm64/kvm/hyp/nvhe/host.S
+++ b/arch/arm64/kvm/hyp/nvhe/host.S
@@ -7,6 +7,7 @@
#include <linux/linkage.h>
#include <asm/assembler.h>
+#include <asm/kvm_arm.h>
#include <asm/kvm_asm.h>
#include <asm/kvm_mmu.h>
@@ -85,12 +86,24 @@ SYM_FUNC_START(__hyp_do_panic)
mov x29, x0
+#ifdef CONFIG_NVHE_EL2_DEBUG
+ /* Ensure host stage-2 is disabled */
+ mrs x0, hcr_el2
+ bic x0, x0, #HCR_VM
+ msr hcr_el2, x0
+ isb
+ tlbi vmalls12e1
+ dsb nsh
+#endif
+
/* Load the panic arguments into x0-7 */
mrs x0, esr_el2
- get_vcpu_ptr x4, x5
- mrs x5, far_el2
- mrs x6, hpfar_el2
- mov x7, xzr // Unused argument
+ mov x4, x3
+ mov x3, x2
+ hyp_pa x3, x6
+ get_vcpu_ptr x5, x6
+ mrs x6, far_el2
+ mrs x7, hpfar_el2
/* Enter the host, conditionally restoring the host context. */
cbz x29, __host_enter_without_restoring
--
2.30.2
next prev parent reply other threads:[~2021-09-11 13:12 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-11 13:11 [PATCH AUTOSEL 5.14 01/32] dt-bindings: mtd: gpmc: Fix the ECC bytes vs. OOB bytes equation Sasha Levin
2021-09-11 13:11 ` [PATCH AUTOSEL 5.14 02/32] remoteproc: qcom: wcnss: Fix race with iris probe Sasha Levin
2021-09-11 13:11 ` [PATCH AUTOSEL 5.14 03/32] mfd: db8500-prcmu: Adjust map to reality Sasha Levin
2021-09-11 13:11 ` [PATCH AUTOSEL 5.14 04/32] PCI: Add ACS quirks for NXP LX2xx0 and LX2xx2 platforms Sasha Levin
2021-09-11 13:11 ` [PATCH AUTOSEL 5.14 05/32] fuse: fix use after free in fuse_read_interrupt() Sasha Levin
2021-09-11 13:11 ` [PATCH AUTOSEL 5.14 06/32] PCI: tegra194: Fix handling BME_CHGED event Sasha Levin
2021-09-11 13:11 ` [PATCH AUTOSEL 5.14 07/32] PCI: tegra194: Fix MSI-X programming Sasha Levin
2021-09-11 13:11 ` [PATCH AUTOSEL 5.14 08/32] PCI: tegra: Fix OF node reference leak Sasha Levin
2021-09-11 13:11 ` [PATCH AUTOSEL 5.14 09/32] mfd: Don't use irq_create_mapping() to resolve a mapping Sasha Levin
2021-09-11 13:11 ` [PATCH AUTOSEL 5.14 10/32] PCI: rcar: Fix runtime PM imbalance in rcar_pcie_ep_probe() Sasha Levin
2021-09-11 13:11 ` [PATCH AUTOSEL 5.14 11/32] riscv: fix the global name pfn_base confliction error Sasha Levin
2021-09-11 13:11 ` [PATCH AUTOSEL 5.14 12/32] PCI: rcar: Add L1 link state fix into data abort hook Sasha Levin
2021-09-11 16:05 ` Marek Vasut
2021-09-20 12:12 ` Sasha Levin
2021-09-11 13:11 ` Sasha Levin [this message]
2021-09-11 13:11 ` [PATCH AUTOSEL 5.14 14/32] tracing/probes: Reject events which have the same name of existing one Sasha Levin
2021-09-11 13:11 ` [PATCH AUTOSEL 5.14 15/32] PCI: cadence: Use bitfield for *quirk_retrain_flag* instead of bool Sasha Levin
2021-09-11 13:11 ` [PATCH AUTOSEL 5.14 16/32] PCI: cadence: Add quirk flag to set minimum delay in LTSSM Detect.Quiet state Sasha Levin
2021-09-11 13:11 ` [PATCH AUTOSEL 5.14 17/32] PCI: j721e: Add PCIe support for J7200 Sasha Levin
2021-09-11 13:11 ` [PATCH AUTOSEL 5.14 18/32] PCI: j721e: Add PCIe support for AM64 Sasha Levin
2021-09-11 13:11 ` [PATCH AUTOSEL 5.14 19/32] PCI: Add ACS quirks for Cavium multi-function devices Sasha Levin
2021-09-11 13:11 ` [PATCH AUTOSEL 5.14 20/32] watchdog: Start watchdog in watchdog_set_last_hw_keepalive only if appropriate Sasha Levin
2021-09-11 13:11 ` [PATCH AUTOSEL 5.14 21/32] octeontx2-af: Add additional register check to rvu_poll_reg() Sasha Levin
2021-09-11 13:11 ` [PATCH AUTOSEL 5.14 22/32] Set fc_nlinfo in nh_create_ipv4, nh_create_ipv6 Sasha Levin
2021-09-11 13:11 ` [PATCH AUTOSEL 5.14 23/32] flow: fix object-size-mismatch warning in flowi{4,6}_to_flowi_common() Sasha Levin
2021-09-11 13:11 ` [PATCH AUTOSEL 5.14 24/32] net: usb: cdc_mbim: avoid altsetting toggling for Telit LN920 Sasha Levin
2021-09-11 13:11 ` [PATCH AUTOSEL 5.14 25/32] block, bfq: honor already-setup queue merges Sasha Levin
2021-09-11 13:11 ` [PATCH AUTOSEL 5.14 26/32] PCI: ibmphp: Fix double unmap of io_mem Sasha Levin
2021-09-11 13:11 ` [PATCH AUTOSEL 5.14 27/32] loop: reduce the loop_ctl_mutex scope Sasha Levin
2021-09-11 13:11 ` [PATCH AUTOSEL 5.14 28/32] ethtool: Fix an error code in cxgb2.c Sasha Levin
2021-09-11 13:11 ` [PATCH AUTOSEL 5.14 29/32] NTB: Fix an error code in ntb_msit_probe() Sasha Levin
2021-09-11 13:11 ` [PATCH AUTOSEL 5.14 30/32] NTB: perf: Fix an error code in perf_setup_inbuf() Sasha Levin
2021-09-11 13:11 ` [PATCH AUTOSEL 5.14 31/32] stmmac: dwmac-loongson:Fix missing return value Sasha Levin
2021-09-11 13:11 ` [PATCH AUTOSEL 5.14 32/32] net: phylink: add suspend/resume support Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210911131149.284397-13-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=ascull@google.com \
--cc=kvmarm@lists.cs.columbia.edu \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=maz@kernel.org \
--cc=qperret@google.com \
--cc=stable@vger.kernel.org \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).