From patchwork Thu May 18 09:47:11 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Christoffer Dall <cdall@linaro.org>
X-Patchwork-Id: 100072
Delivered-To: patch@linaro.org
Received: by 10.140.96.100 with SMTP id j91csp634418qge;
 Thu, 18 May 2017 02:47:49 -0700 (PDT)
X-Received: by 10.84.198.36 with SMTP id o33mr3803259pld.145.1495100868408; 
 Thu, 18 May 2017 02:47:48 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1495100868; cv=none;
 d=google.com; s=arc-20160816;
 b=qioHQttOK4vNi2FbOwdkqoXfY3Hor1IT4GcQ9afKA+4NtQ+v8wTcGv7XsmoW9k3pou
 6uKsykM8jSR6Rjlc+Krx2y1+Yu6680/v6w6alm3EK3XHv+V89EvznR6FIZxPDR4XQ+hx
 BypmB18LrVtyPXY5JGIvUtzTuAe7tXZDHh/xEBSJ+qJ9DgGZLf1ORPVlNGDWm1e5StoG
 qAgwnkjDGIsvAF0K5cvPzR3xy5kIHTzTiJ1QnxgMBkgy08xGkmvx8WsQ5roB8urmPoOt
 wj0kGhrsCdmMmkpTohaKWck6eBzo6yqgHfzNi306L9ta3ccv/R4yUkCLO60v0hPE7/WF
 cwLg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=list-id:precedence:sender:references:in-reply-to:message-id:date
 :subject:cc:to:from:dkim-signature:arc-authentication-results;
 bh=xUJ0KNro7ANYTRNK6edAP2Tl+YVEY0vvxwAQ8eceEdo=;
 b=GQ5Budvkk7wm4TwtD/kJ846YDKrUtNP4am0U5XJTS69DvwauntG2s2vHlmJhLQCsJ5
 vjgi25EzNBmhP2XIrDjsDVeKBj44m7sizmMqoJ9hK0MvO5I2H6NpqSPUX7GB/NL3cvcg
 KE80wXqZ+b5Ftlgqhp21XZw2RYTqAZM6iY+lwwQNMTKX+1I6GS5KkDiXPM0P7sfSJg1F
 h3ujuoCPPQaN3LUppExbL17lHfVFwKBpoTUALtAettdH4ndT13mZyLOvokMBVb04kfYn
 MCqwDcIleZ0JDD2iZ6qNAlx9hhBZSPLMg9ml5C5ccrovAjEytYjW7h8KKbK9ZDcGLtKv
 ocrg==
ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org;
 spf=pass (google.com: best guess record for domain of
 stable-owner@vger.kernel.org designates 209.132.180.67 as
 permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; 
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <stable-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
 by mx.google.com with ESMTP id
 i35si4751361plg.102.2017.05.18.02.47.48; 
 Thu, 18 May 2017 02:47:48 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of
 stable-owner@vger.kernel.org designates 209.132.180.67 as
 permitted sender) client-ip=209.132.180.67; 
Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org;
 spf=pass (google.com: best guess record for domain of
 stable-owner@vger.kernel.org designates 209.132.180.67 as
 permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; 
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
 id S1754948AbdERJrm (ORCPT <rfc822;sumit.semwal@linaro.org>
 + 6 others); Thu, 18 May 2017 05:47:42 -0400
Received: from mail-wm0-f47.google.com ([74.125.82.47]:35880 "EHLO
 mail-wm0-f47.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
 with ESMTP id S1753743AbdERJrk (ORCPT
 <rfc822;stable@vger.kernel.org>); Thu, 18 May 2017 05:47:40 -0400
Received: by mail-wm0-f47.google.com with SMTP id 70so40076442wmq.1
 for <stable@vger.kernel.org>; Thu, 18 May 2017 02:47:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; 
 h=from:to:cc:subject:date:message-id:in-reply-to:references;
 bh=xUJ0KNro7ANYTRNK6edAP2Tl+YVEY0vvxwAQ8eceEdo=;
 b=Dq/vKVll46Ega3C2UVVs2KB+maYwXEA67JmwuIlPaxo+A2jNOFv53DORvMwkkuRKy+
 gxZhDKtEkh3QkXQjZ4N79p2qCyoXTh5kfDNtUM+S1R6brXMzuZG4oyB3EDUecHerPL9a
 dTz5HxV/BOObZI/YJI9vXFqlY1nzvUvWFva6Y=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references;
 bh=xUJ0KNro7ANYTRNK6edAP2Tl+YVEY0vvxwAQ8eceEdo=;
 b=chdV1Lpe05EUVbwhPf4t58MHgT0WDMzf7ZlABht8eco5vDAj1fFeBMFMBwbLtFLqSL
 OFbTMp+sF71kq/Xbt2tM3U+LtHrOCXmnIFra2FW2ap3FTFUfp0b0stT/GguNWiosZdky
 y7er0vGUwV0bPeiQw4PQeSX89HIqSY4pEeGHYVpvO86Etvl5G7F+njJparICHZ1v1dmN
 C6C5RzI1HCo+IhcxYhNUB86h6rBXazHF3DaS9NUFa20Vl+qxi38Srci2+Pfqq6+pWyrQ
 q6nxN9TtPE/kubvtTq4hS073rYO3d79D2OsarevCqiel6P6hEFP5b80rYw/trrefRdh1
 Cd+w==
X-Gm-Message-State: AODbwcBnK+PJ0eM4c9pyUNdYUTIJR70t+XHt4/WwRca6NMF/CFHX0ZlD
 DmnU1kmcuH9iL33J
X-Received: by 10.80.174.131 with SMTP id e3mr2516887edd.166.1495100858840; 
 Thu, 18 May 2017 02:47:38 -0700 (PDT)
Received: from localhost.localdomain (xd93ddc2d.cust.hiper.dk.
 [217.61.220.45]) by smtp.gmail.com with ESMTPSA id
 w15sm2377437edw.27.2017.05.18.02.47.37
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
 Thu, 18 May 2017 02:47:38 -0700 (PDT)
From: Christoffer Dall <cdall@linaro.org>
To: Paolo Bonzini <pbonzini@redhat.com>, =?utf-8?b?UmFkaW0gS3LEjW3DocWZ?=
 <rkrcmar@redhat.com>
Cc: Marc Zyngier <marc.zyngier@arm.com>, kvmarm@lists.cs.columbia.edu,
 kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org,
 stable@vger.kernel.org, Christoffer Dall <cdall@linaro.org>
Subject: [PULL 02/13] arm64: KVM: Do not use stack-protector to compile EL2
 code
Date: Thu, 18 May 2017 11:47:11 +0200
Message-Id: <20170518094722.9926-3-cdall@linaro.org>
X-Mailer: git-send-email 2.9.0
In-Reply-To: <20170518094722.9926-1-cdall@linaro.org>
References: <20170518094722.9926-1-cdall@linaro.org>
Sender: stable-owner@vger.kernel.org
Precedence: bulk
List-ID: <stable.vger.kernel.org>
X-Mailing-List: stable@vger.kernel.org

From: Marc Zyngier <marc.zyngier@arm.com>

We like living dangerously. Nothing explicitely forbids stack-protector
to be used in the EL2 code, while distributions routinely compile their
kernel with it. We're just lucky that no code actually triggers the
instrumentation.

Let's not try our luck for much longer, and disable stack-protector
for code living at EL2.

Cc: stable@vger.kernel.org
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Acked-by: Christoffer Dall <cdall@linaro.org>
Signed-off-by: Christoffer Dall <cdall@linaro.org>
---
 arch/arm64/kvm/hyp/Makefile | 2 ++
 1 file changed, 2 insertions(+)

-- 
2.9.0

diff --git a/arch/arm64/kvm/hyp/Makefile b/arch/arm64/kvm/hyp/Makefile
index aaf42ae..14c4e3b 100644
--- a/arch/arm64/kvm/hyp/Makefile
+++ b/arch/arm64/kvm/hyp/Makefile
@@ -2,6 +2,8 @@
 # Makefile for Kernel-based Virtual Machine module, HYP part
 #
 
+ccflags-y += -fno-stack-protector
+
 KVM=../../../../virt/kvm
 
 obj-$(CONFIG_KVM_ARM_HOST) += $(KVM)/arm/hyp/vgic-v2-sr.o

From patchwork Thu May 18 09:47:12 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Christoffer Dall <cdall@linaro.org>
X-Patchwork-Id: 100075
Delivered-To: patch@linaro.org
Received: by 10.140.96.100 with SMTP id j91csp634459qge;
 Thu, 18 May 2017 02:47:56 -0700 (PDT)
X-Received: by 10.84.178.129 with SMTP id z1mr3831923plb.44.1495100876142;
 Thu, 18 May 2017 02:47:56 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1495100876; cv=none;
 d=google.com; s=arc-20160816;
 b=QUBl5/vG/y/VIy480/4Z/YwyCllSEPJJet513/tfhXMX9I9QjcD1ZOdXER06E+aQI6
 Y6JWKRHYTTNnmTjB/ohNd003NsaMrw/JyJXBn5AxQ3FNsUGzF7eTlPhEA/5DG3a/B7gS
 TgkKwqiE0uvAXzj+u7qqtTPMLARx7lAFuOhtHCghY49+xafzGpQoc5wQ6Kxum0wewBbJ
 Fl1CoAbubo0jbk0SnTq66BkWkYe1y+TQtjTjeDbIVugma69LgM6H7vC7ahVAzgJNISW6
 k5hTkpQ/nrp1qk642GtTbncvfOOprWccCHm3ZSSEbvpxJJB5LQof5fkkilnFPkrdsGER
 ghkQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=list-id:precedence:sender:references:in-reply-to:message-id:date
 :subject:cc:to:from:dkim-signature:arc-authentication-results;
 bh=UiF4naM2eba60FJdhmDeH4sufkyHSYyWZZOKHuNV2uI=;
 b=cxvFDwProBD/l2dYGr/U1HIG5wy5SUwaabUliCgW4YkNrOuXcMVMNu7Y5w0Mnk/O8Z
 mCudQZYkuNDaROjwjpxa1H3yKZBMp7XNvmJPHK/yWfcXtSbEyFcqvjpDfqPHCLw+da8G
 SoDUa9GnLQTf3mWewtDZrpmkYJwzxmELKBK7XIs+Z1FMA0V2BLE0VRYS7hYBUZdUWAP3
 vd8vCSXx7qzAH0YxU0D+3CmLygDN0NnyP1/5WxkwevYcCymdA8juBbeWzFWAIDCvWDD5
 R1ms87Ch7x37xMh5i2nFWcSohcH8+CXbv0Q0hVTv0N2YieziOrd0Kq00xfLCtY/eJki+
 f7hQ==
ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org;
 spf=pass (google.com: best guess record for domain of
 stable-owner@vger.kernel.org designates 209.132.180.67 as
 permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; 
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <stable-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
 by mx.google.com with ESMTP id
 i35si4751361plg.102.2017.05.18.02.47.55; 
 Thu, 18 May 2017 02:47:56 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of
 stable-owner@vger.kernel.org designates 209.132.180.67 as
 permitted sender) client-ip=209.132.180.67; 
Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org;
 spf=pass (google.com: best guess record for domain of
 stable-owner@vger.kernel.org designates 209.132.180.67 as
 permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; 
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
 id S1755359AbdERJry (ORCPT <rfc822;sumit.semwal@linaro.org>
 + 6 others); Thu, 18 May 2017 05:47:54 -0400
Received: from mail-wm0-f51.google.com ([74.125.82.51]:34831 "EHLO
 mail-wm0-f51.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
 with ESMTP id S1754759AbdERJrl (ORCPT
 <rfc822;stable@vger.kernel.org>); Thu, 18 May 2017 05:47:41 -0400
Received: by mail-wm0-f51.google.com with SMTP id b84so195117357wmh.0
 for <stable@vger.kernel.org>; Thu, 18 May 2017 02:47:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; 
 h=from:to:cc:subject:date:message-id:in-reply-to:references;
 bh=UiF4naM2eba60FJdhmDeH4sufkyHSYyWZZOKHuNV2uI=;
 b=fWFyucFgZYb/JFVpXtdPzaENMb/1jmahoYp4Rb7DLNI9T3lTDdo7MKzkDcRyt8elCg
 1Fjj99+lPikaFUG4KHCsq4XN7rHTKYNuogDqtHE99U955eZ8zNgOgvg/8GuUqxuMsTst
 uB8pfJ2dBXfPrfC+Y7pT5gLLM8ZXhi2kP3hSc=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references;
 bh=UiF4naM2eba60FJdhmDeH4sufkyHSYyWZZOKHuNV2uI=;
 b=Gyuo8mBhT2VF6wtL+SlgRYx7XjcLnbRoZr7879HzJeJHrKkAJH+fYtGw1Uagx0R1zH
 gOFt1QdqiFIRle8wrjkZaD2jx24OF9ngGpljSbEbNUm5NZ6WHDD+ILL6qmtSRMKCECJ5
 Gjf8zP19fSkukvnIB58W9HkGJxLLIkMVw/75zBSOJKAhY1X8Taa21Zm60+VXtNBLaJ2e
 osATvSMnWZX2Y/hP1dealYqOee3IgpR1vzp9a/yrWqqp4fJ5haEgVvhTyA4p9KdvYdk3
 qOjTtOvjM+zA/cUeI8U9mdSwsnacqW7fVOsGwTocmnJxeKgfd6VJk5ztIfkXNC4ZxtYB
 HGcQ==
X-Gm-Message-State: AODbwcB8SKFDDo3hG4jZG5AHySJhzFpv8L/TLf2tNX7ZmIgtLkEomIGA
 CVsjCJ4YesORxWmz
X-Received: by 10.80.153.43 with SMTP id k40mr2561127edb.63.1495100859879;
 Thu, 18 May 2017 02:47:39 -0700 (PDT)
Received: from localhost.localdomain (xd93ddc2d.cust.hiper.dk.
 [217.61.220.45]) by smtp.gmail.com with ESMTPSA id
 w15sm2377437edw.27.2017.05.18.02.47.38
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
 Thu, 18 May 2017 02:47:39 -0700 (PDT)
From: Christoffer Dall <cdall@linaro.org>
To: Paolo Bonzini <pbonzini@redhat.com>, =?utf-8?b?UmFkaW0gS3LEjW3DocWZ?=
 <rkrcmar@redhat.com>
Cc: Marc Zyngier <marc.zyngier@arm.com>, kvmarm@lists.cs.columbia.edu,
 kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org,
 stable@vger.kernel.org, Christoffer Dall <cdall@linaro.org>
Subject: [PULL 03/13] arm: KVM: Do not use stack-protector to compile HYP code
Date: Thu, 18 May 2017 11:47:12 +0200
Message-Id: <20170518094722.9926-4-cdall@linaro.org>
X-Mailer: git-send-email 2.9.0
In-Reply-To: <20170518094722.9926-1-cdall@linaro.org>
References: <20170518094722.9926-1-cdall@linaro.org>
Sender: stable-owner@vger.kernel.org
Precedence: bulk
List-ID: <stable.vger.kernel.org>
X-Mailing-List: stable@vger.kernel.org

From: Marc Zyngier <marc.zyngier@arm.com>

We like living dangerously. Nothing explicitely forbids stack-protector
to be used in the HYP code, while distributions routinely compile their
kernel with it. We're just lucky that no code actually triggers the
instrumentation.

Let's not try our luck for much longer, and disable stack-protector
for code living at HYP.

Cc: stable@vger.kernel.org
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Acked-by: Christoffer Dall <cdall@linaro.org>
Signed-off-by: Christoffer Dall <cdall@linaro.org>
---
 arch/arm/kvm/hyp/Makefile | 2 ++
 1 file changed, 2 insertions(+)

-- 
2.9.0

diff --git a/arch/arm/kvm/hyp/Makefile b/arch/arm/kvm/hyp/Makefile
index 3023bb5..8679405 100644
--- a/arch/arm/kvm/hyp/Makefile
+++ b/arch/arm/kvm/hyp/Makefile
@@ -2,6 +2,8 @@
 # Makefile for Kernel-based Virtual Machine module, HYP part
 #
 
+ccflags-y += -fno-stack-protector
+
 KVM=../../../../virt/kvm
 
 obj-$(CONFIG_KVM_ARM_HOST) += $(KVM)/arm/hyp/vgic-v2-sr.o

From patchwork Thu May 18 09:47:13 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Christoffer Dall <cdall@linaro.org>
X-Patchwork-Id: 100074
Delivered-To: patch@linaro.org
Received: by 10.140.96.100 with SMTP id j91csp634442qge;
 Thu, 18 May 2017 02:47:52 -0700 (PDT)
X-Received: by 10.99.173.12 with SMTP id g12mr3364650pgf.225.1495100872710; 
 Thu, 18 May 2017 02:47:52 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1495100872; cv=none;
 d=google.com; s=arc-20160816;
 b=imXmHgp5G9We+hjYbgNtQDve6gLqCaGtqI+xlor9JYg9C/WYjBdoj98dUWIoalUHCK
 RW4KHIml6FWNxe+gVqaZsEcGKpPYZXJ5yEw6hLtSh7X5xRU8Wn1diiA4CJntRj4uFMGA
 6jp+H0R65VkMP0+4MqVlEYxpKmHiovf/YJevs9FXe2lPXlkbLhCM6K5R63Q7nNNNRteX
 GmAwkZ5NS9I5UamO4hQbm61AGnFnuEXIo5Y7RY/oM5K4OIaUAo4/E0Z5Lb2EI1Mek0oM
 UWgd6gQb4MfBxg1dz+6pKcQOY0K7kpq0cGb7WRql3WkvXkqj7TRcX03aiijKt5P/kdUG
 GyRQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=list-id:precedence:sender:references:in-reply-to:message-id:date
 :subject:cc:to:from:dkim-signature:arc-authentication-results;
 bh=+l2eDeYQRBSHmiv6JZQRzqPo5IYD0EKoP4jYyMv0IGw=;
 b=SibJC2aDcAAG3bQmXIYoVI+5p75UPgu6AP956fJVeWB29eT+g+f/fpOhzs6m2AywTR
 ne9FcvUQ6P7jTh3eyam/Hq3c7h90M7DJkMrhIuEee5w7JlA9mtNscSsNHSGKvovvufnk
 Slwk/y1DZEdQpDPX7Wd0cnZMSOXL7E5B+C+ouQSP8hK5sppqJV+MQL8Pk3MPKsnMkhsV
 LMp8lIW/vpiR8rPj30XlAiKcxVbJl2wV7IMtFaHFhPspK88snkYUNhKVmCPTQiZgTKMn
 uDUlcRczf/2Q75np16hvPL+kjJxWbWGU4wjZZq/CwbRda3cdn1saXbVNA4KJ+5i+YEO2
 AdtA==
ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org;
 spf=pass (google.com: best guess record for domain of
 stable-owner@vger.kernel.org designates 209.132.180.67 as
 permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; 
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <stable-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
 by mx.google.com with ESMTP id
 i35si4751361plg.102.2017.05.18.02.47.52; 
 Thu, 18 May 2017 02:47:52 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of
 stable-owner@vger.kernel.org designates 209.132.180.67 as
 permitted sender) client-ip=209.132.180.67; 
Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org;
 spf=pass (google.com: best guess record for domain of
 stable-owner@vger.kernel.org designates 209.132.180.67 as
 permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; 
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
 id S1755160AbdERJru (ORCPT <rfc822;sumit.semwal@linaro.org>
 + 6 others); Thu, 18 May 2017 05:47:50 -0400
Received: from mail-wm0-f47.google.com ([74.125.82.47]:35926 "EHLO
 mail-wm0-f47.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
 with ESMTP id S1754890AbdERJrm (ORCPT
 <rfc822;stable@vger.kernel.org>); Thu, 18 May 2017 05:47:42 -0400
Received: by mail-wm0-f47.google.com with SMTP id 70so40077465wmq.1
 for <stable@vger.kernel.org>; Thu, 18 May 2017 02:47:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; 
 h=from:to:cc:subject:date:message-id:in-reply-to:references;
 bh=+l2eDeYQRBSHmiv6JZQRzqPo5IYD0EKoP4jYyMv0IGw=;
 b=S186RXDBBpbdEVDZK47FZ6qRCyhOHFUnjbGoHYvaJJQuwJbMIBwHzVLqV36g435+wX
 luE5dAAqicz4PTLdZ6c5MTPkr/UkGyhXgnjnFVsO3l3HUoXt61+Apjf04XGjmvu6suXl
 FbFMZOTGFQ4rQeOsfPwOapCdXrO+xP5iMFTPw=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references;
 bh=+l2eDeYQRBSHmiv6JZQRzqPo5IYD0EKoP4jYyMv0IGw=;
 b=CguOdjyuGWRr1wmbcqUi+jr/Glq/DDSQ8JON90VMOA4TJvTVaiDeX61umih8HKk1UO
 Sp5xZsN9c1oCrQyXja5hJnKjEf6bsAdaPYv+grJwjJAQibiLell1Qfo+ZtxKUXwVlA7P
 vhIkHxuEJslTpmTb+kLBgbpBveJOxZnx98g1tULeSO2/A5WNM3U0CPJMdZ3y8+Icvpou
 8f/fvMq6tjPSVxVTIREiU7LnmCzrMGsR5qLF/2uUoguJMk+9/yJ71AbL4VIA2OWJCWhF
 kKUhjf8+8gW3V59+pUJKv2KjzbkJZynU/3MQvcmleyx+JV5RV5RbEDgShb7CWWT4jjTd
 0VRQ==
X-Gm-Message-State: AODbwcBdGIUSV+KGP6BeFuCqG0XRL9mR4HxOKENNXO33rhfmriYY/V1W
 2G+20/AZYRZN0QX0
X-Received: by 10.80.184.226 with SMTP id l89mr2571517ede.137.1495100860808; 
 Thu, 18 May 2017 02:47:40 -0700 (PDT)
Received: from localhost.localdomain (xd93ddc2d.cust.hiper.dk.
 [217.61.220.45]) by smtp.gmail.com with ESMTPSA id
 w15sm2377437edw.27.2017.05.18.02.47.39
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
 Thu, 18 May 2017 02:47:40 -0700 (PDT)
From: Christoffer Dall <cdall@linaro.org>
To: Paolo Bonzini <pbonzini@redhat.com>, =?utf-8?b?UmFkaW0gS3LEjW3DocWZ?=
 <rkrcmar@redhat.com>
Cc: Marc Zyngier <marc.zyngier@arm.com>, kvmarm@lists.cs.columbia.edu,
 kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org,
 stable@vger.kernel.org, Christoffer Dall <cdall@linaro.org>
Subject: [PULL 04/13] KVM: arm/arm64: vgic-v2: Do not use Active+Pending
 state for a HW interrupt
Date: Thu, 18 May 2017 11:47:13 +0200
Message-Id: <20170518094722.9926-5-cdall@linaro.org>
X-Mailer: git-send-email 2.9.0
In-Reply-To: <20170518094722.9926-1-cdall@linaro.org>
References: <20170518094722.9926-1-cdall@linaro.org>
Sender: stable-owner@vger.kernel.org
Precedence: bulk
List-ID: <stable.vger.kernel.org>
X-Mailing-List: stable@vger.kernel.org

From: Marc Zyngier <marc.zyngier@arm.com>

When an interrupt is injected with the HW bit set (indicating that
deactivation should be propagated to the physical distributor),
special care must be taken so that we never mark the corresponding
LR with the Active+Pending state (as the pending state is kept in
the physycal distributor).

Cc: stable@vger.kernel.org
Fixes: 140b086dd197 ("KVM: arm/arm64: vgic-new: Add GICv2 world switch backend")
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Reviewed-by: Christoffer Dall <cdall@linaro.org>
Signed-off-by: Christoffer Dall <cdall@linaro.org>
---
 virt/kvm/arm/vgic/vgic-v2.c | 7 +++++++
 1 file changed, 7 insertions(+)

-- 
2.9.0

diff --git a/virt/kvm/arm/vgic/vgic-v2.c b/virt/kvm/arm/vgic/vgic-v2.c
index a65757a..504b4bd 100644
--- a/virt/kvm/arm/vgic/vgic-v2.c
+++ b/virt/kvm/arm/vgic/vgic-v2.c
@@ -149,6 +149,13 @@ void vgic_v2_populate_lr(struct kvm_vcpu *vcpu, struct vgic_irq *irq, int lr)
 	if (irq->hw) {
 		val |= GICH_LR_HW;
 		val |= irq->hwintid << GICH_LR_PHYSID_CPUID_SHIFT;
+		/*
+		 * Never set pending+active on a HW interrupt, as the
+		 * pending state is kept at the physical distributor
+		 * level.
+		 */
+		if (irq->active && irq_is_pending(irq))
+			val &= ~GICH_LR_PENDING_BIT;
 	} else {
 		if (irq->config == VGIC_CONFIG_LEVEL)
 			val |= GICH_LR_EOI;

From patchwork Thu May 18 09:47:14 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Christoffer Dall <cdall@linaro.org>
X-Patchwork-Id: 100073
Delivered-To: patch@linaro.org
Received: by 10.140.96.100 with SMTP id j91csp634425qge;
 Thu, 18 May 2017 02:47:50 -0700 (PDT)
X-Received: by 10.99.96.70 with SMTP id u67mr3565233pgb.101.1495100870497;
 Thu, 18 May 2017 02:47:50 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1495100870; cv=none;
 d=google.com; s=arc-20160816;
 b=k4X0EgUW4wNXH4oTj0H9ZSP+1zpMLT0SaxPkiwNId9OpNPJuIkJ12WO5r3Y2hgc3K4
 9gBIwWfqtGO1V4VA/T4EDTYCE0Uli6NgamWt2AprkqVF8EsnIofqb+R3XeskUBQotgyL
 Hrcl+yzrseKNVRcRCUPrGIPqdBWLhvNtHJIZwaDo6oOJoNoVt6V8Gu5wRMJI1YpDqWnS
 SuyhvnTh24DauGiPVsd+pWAcgPyUddJj/BdHgEca+FSDjxOOEfiJvPr81lpMTb4lSLH3
 Mk0XASdEGutS1Wda19WRwbsn6g/bIF3AZ+2CY1y8tIe4BR8r3LPBr2sVUAroJPJO3Dby
 u2ag==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=list-id:precedence:sender:references:in-reply-to:message-id:date
 :subject:cc:to:from:dkim-signature:arc-authentication-results;
 bh=LcR5X+/y65yXGW3Z3jUfDsouRSLk6Wp0VA+ixUPV3zY=;
 b=OPDUVcoJ81l03EEINoAV0DArGzGtcB9yq6zceDlNpY6AlMwZPiVP7P5TS9S5BxeEIm
 Ba+d7A6Q/L0RYx8FcySSrLy23grLgnyL5jUkViIaPgslRzdRvC6jrn+5zNaZamBq2vN5
 2rq9YB58W8QGl8nzI2fImpYQopdVBgLCcacRwqXKKB0xatbr7Pkmy1NzKkKyM51xrNXA
 7dfNWU7AISCsfg6E78QpJt3WoQcg3KvQUp/aLt2Xbod6QXbne6vM7amMUpFe2s+q2/IC
 IBFX251CWtKHsqIbzD0e06vL3w9L1ayFLm9Rjc87OClK2vhmy9cfGA1XFcDcWzv+wYTT
 dkHw==
ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org;
 spf=pass (google.com: best guess record for domain of
 stable-owner@vger.kernel.org designates 209.132.180.67 as
 permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; 
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <stable-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
 by mx.google.com with ESMTP id
 i35si4751361plg.102.2017.05.18.02.47.50; 
 Thu, 18 May 2017 02:47:50 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of
 stable-owner@vger.kernel.org designates 209.132.180.67 as
 permitted sender) client-ip=209.132.180.67; 
Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org;
 spf=pass (google.com: best guess record for domain of
 stable-owner@vger.kernel.org designates 209.132.180.67 as
 permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; 
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
 id S1755298AbdERJrr (ORCPT <rfc822;sumit.semwal@linaro.org>
 + 6 others); Thu, 18 May 2017 05:47:47 -0400
Received: from mail-wm0-f47.google.com ([74.125.82.47]:34878 "EHLO
 mail-wm0-f47.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
 with ESMTP id S1753743AbdERJrn (ORCPT
 <rfc822;stable@vger.kernel.org>); Thu, 18 May 2017 05:47:43 -0400
Received: by mail-wm0-f47.google.com with SMTP id b84so195118414wmh.0
 for <stable@vger.kernel.org>; Thu, 18 May 2017 02:47:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; 
 h=from:to:cc:subject:date:message-id:in-reply-to:references;
 bh=LcR5X+/y65yXGW3Z3jUfDsouRSLk6Wp0VA+ixUPV3zY=;
 b=ktXwPtSbNtZYQiuRWXqLgCufO+PmpGZsDUDQ92He3VxHWEdoT2EGm8QsOAbWqsdPsH
 Fbo+U/QkBe4ZuGF+eYW0GGiPa2u6DAJXZ86YSQCeLCFOdtaN5HP8Yqmo9v39l8LXgM0Q
 RhYVlCjOrOIVLsyUlBsTGW2PXEalmNIq+F9bk=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references;
 bh=LcR5X+/y65yXGW3Z3jUfDsouRSLk6Wp0VA+ixUPV3zY=;
 b=jgqXC7l6wbhdpg2lhH9mknjAnH1O46/7JyIt8Y6QB2/Pihbt+qnb97VN/q+DXLAi1n
 iJmSfQvkBPEdReGUT+V9C3brTI5TlK/ys9a5PFqoFpb8Tbgfp/yD6KxOH3MkuAZXX994
 LU9YCM2ZoRIOBHbbBH3XsYLOiwEZs7uy2y4VsyGxmuWoiaBL394W3BO8siNFGkI3DdQN
 SnJvZN/idqFoI0TAROfaKlEeD1PZIpJd+MLKZ/1DAk/981mWp5zYQiwoO05mpoQ4LCe1
 kFTfukjBRyXv27bQIOu9KPrMeJEVnNx77tcATPJ0kZnAySchuJ97dVsYtRSb6GNhnzMm
 gsAw==
X-Gm-Message-State: AODbwcBKaMk7QhLJsOl36DXc2e1mYNW0AesxknZvZHttlY4g+GWSDP2I
 h4DbsPbLeTkzgvjP
X-Received: by 10.80.175.34 with SMTP id g31mr2588010edd.24.1495100861743;
 Thu, 18 May 2017 02:47:41 -0700 (PDT)
Received: from localhost.localdomain (xd93ddc2d.cust.hiper.dk.
 [217.61.220.45]) by smtp.gmail.com with ESMTPSA id
 w15sm2377437edw.27.2017.05.18.02.47.40
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
 Thu, 18 May 2017 02:47:41 -0700 (PDT)
From: Christoffer Dall <cdall@linaro.org>
To: Paolo Bonzini <pbonzini@redhat.com>, =?utf-8?b?UmFkaW0gS3LEjW3DocWZ?=
 <rkrcmar@redhat.com>
Cc: Marc Zyngier <marc.zyngier@arm.com>, kvmarm@lists.cs.columbia.edu,
 kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org,
 stable@vger.kernel.org, Christoffer Dall <cdall@linaro.org>
Subject: [PULL 05/13] KVM: arm/arm64: vgic-v3: Do not use Active+Pending
 state for a HW interrupt
Date: Thu, 18 May 2017 11:47:14 +0200
Message-Id: <20170518094722.9926-6-cdall@linaro.org>
X-Mailer: git-send-email 2.9.0
In-Reply-To: <20170518094722.9926-1-cdall@linaro.org>
References: <20170518094722.9926-1-cdall@linaro.org>
Sender: stable-owner@vger.kernel.org
Precedence: bulk
List-ID: <stable.vger.kernel.org>
X-Mailing-List: stable@vger.kernel.org

From: Marc Zyngier <marc.zyngier@arm.com>

When an interrupt is injected with the HW bit set (indicating that
deactivation should be propagated to the physical distributor),
special care must be taken so that we never mark the corresponding
LR with the Active+Pending state (as the pending state is kept in
the physycal distributor).

Cc: stable@vger.kernel.org
Fixes: 59529f69f504 ("KVM: arm/arm64: vgic-new: Add GICv3 world switch backend")
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Reviewed-by: Christoffer Dall <cdall@linaro.org>
Signed-off-by: Christoffer Dall <cdall@linaro.org>
---
 virt/kvm/arm/vgic/vgic-v3.c | 7 +++++++
 1 file changed, 7 insertions(+)

-- 
2.9.0

diff --git a/virt/kvm/arm/vgic/vgic-v3.c b/virt/kvm/arm/vgic/vgic-v3.c
index 8fa737e..6fe3f00 100644
--- a/virt/kvm/arm/vgic/vgic-v3.c
+++ b/virt/kvm/arm/vgic/vgic-v3.c
@@ -127,6 +127,13 @@ void vgic_v3_populate_lr(struct kvm_vcpu *vcpu, struct vgic_irq *irq, int lr)
 	if (irq->hw) {
 		val |= ICH_LR_HW;
 		val |= ((u64)irq->hwintid) << ICH_LR_PHYS_ID_SHIFT;
+		/*
+		 * Never set pending+active on a HW interrupt, as the
+		 * pending state is kept at the physical distributor
+		 * level.
+		 */
+		if (irq->active && irq_is_pending(irq))
+			val &= ~ICH_LR_PENDING_BIT;
 	} else {
 		if (irq->config == VGIC_CONFIG_LEVEL)
 			val |= ICH_LR_EOI;

From patchwork Thu May 18 09:47:17 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Christoffer Dall <cdall@linaro.org>
X-Patchwork-Id: 100078
Delivered-To: patch@linaro.org
Received: by 10.140.96.100 with SMTP id j91csp634578qge;
 Thu, 18 May 2017 02:48:19 -0700 (PDT)
X-Received: by 10.84.224.10 with SMTP id r10mr3795442plj.25.1495100899062;
 Thu, 18 May 2017 02:48:19 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1495100899; cv=none;
 d=google.com; s=arc-20160816;
 b=c5UZQat6mo1PGdbb0CIS8Z9fkSmJGu7POOUu2o2keJnZr6fy8wL15/sTp1HS0jVHDi
 HZVTJRiE7NLrVwWdVxq3cfjU4kx0UPaFLgtU6q62qhuchtwGHOWkFHrx2FgonT+GONgd
 3bd6iogsAXLuLVNUhRtoqTSp+Nn2VwbnqxTUn5U2LCNjKZQtRw2m4Dn/Tkel/WoV2g+e
 tAw8L7mHaOGS4bVrdIoOZRMQQueoiUuOHTqTqUNmbX3AfsS2fjh0IpkmLTD6fSyPLL3w
 aJPQ8Wy9aupu27qjIaQIKf01U9pINnoYOl+9mX1BIsD9my9ypo+avtLtbU+Om2ahv1Dq
 ZzbA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=list-id:precedence:sender:content-transfer-encoding:mime-version
 :references:in-reply-to:message-id:date:subject:cc:to:from
 :dkim-signature:arc-authentication-results;
 bh=K1WEH2iJnVWBs0DbSdUNh8yprlxphjcvnxLybUjCgU4=;
 b=ElT0/DB6ycq3uAEnnECdJCsQpQtXwRSze4Yj8sqewP5abAtmroHChCzahGjRrXbDys
 /nlZYfYOQ8akMW1NyLZZ3oCP8RyFJ9HO+2ouOcFpVpeTEZw9oMrE2cATd0VUHh1LOVwA
 j+8q73K1J9+6eHHB17gN85D3Vg0YNzrIlpw0KFIHsR7W9JFiHBAYKzgghyQDIN+2M4h5
 tiT6KBs+KyNgjW4A9bwYZWuUFxxCoqhxS81wyBtyRT/Kz1OJ0dXgUucX1n4Vc3gUZLwv
 8V8f70GoRftyR3D7ku+nI5EVSgQ0WeMvT6OXy0YZr4yE5gm6fVyrdMSfgvxS04ixsoeK
 3Urg==
ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org;
 spf=pass (google.com: best guess record for domain of
 stable-owner@vger.kernel.org designates 209.132.180.67 as
 permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; 
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <stable-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
 by mx.google.com with ESMTP id
 i35si4751361plg.102.2017.05.18.02.48.18; 
 Thu, 18 May 2017 02:48:19 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of
 stable-owner@vger.kernel.org designates 209.132.180.67 as
 permitted sender) client-ip=209.132.180.67; 
Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org;
 spf=pass (google.com: best guess record for domain of
 stable-owner@vger.kernel.org designates 209.132.180.67 as
 permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; 
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
 id S1754764AbdERJsS (ORCPT <rfc822;sumit.semwal@linaro.org>
 + 6 others); Thu, 18 May 2017 05:48:18 -0400
Received: from mail-wm0-f45.google.com ([74.125.82.45]:34955 "EHLO
 mail-wm0-f45.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
 with ESMTP id S1755425AbdERJsA (ORCPT
 <rfc822;stable@vger.kernel.org>); Thu, 18 May 2017 05:48:00 -0400
Received: by mail-wm0-f45.google.com with SMTP id b84so195120219wmh.0
 for <stable@vger.kernel.org>; Thu, 18 May 2017 02:47:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; 
 h=from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding;
 bh=K1WEH2iJnVWBs0DbSdUNh8yprlxphjcvnxLybUjCgU4=;
 b=iIDZtcRhDOEexgdwTVARvlMQTtMFVzwNm9aJ/OCztragyaSJUiCSxmoKeD6O+Lrr0c
 sSdQbna3v+7Y1SdoHGPDk7LBuLeZc3VVXVaPcNKAq0eo6VyTuY+ss5S4E4GkFF9wDL2W
 6romt7saT07KuDv3FTmkzysXne/++ovLzdLk4=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=K1WEH2iJnVWBs0DbSdUNh8yprlxphjcvnxLybUjCgU4=;
 b=ShUgj/BA7ecZNUVc/qbMGr9uW0+dmzvqCiZc7p/3gDHiVs2+pAZPcGTEmp9oW/Gkw4
 iINQW8PJcEa9NXvwK2LRhzfzZJ5hmx1GeD2puSQ7M1QhAi6JbV/j3Cv+pmw2gNeFd78S
 11ZUBDlu0HvkZjfjTuAwRON8tr6sSAZwqN/dXQv3NlQUPgtJ69nhB3A6EEe4HvF7REey
 BSPuCA35Ro4C7JW69juqtL7/ofJnHcblhncXU3mXCGi/R4mXReYpNmJemyP3laKRU3N7
 jhxmnoNFAkX9sS6HExnnwpNEkFBFmn29bKzatbSvShbjdHz5RwCvo80cacEuKHaPxsJl
 Qd+w==
X-Gm-Message-State: AODbwcA9vmGoeE1oAbdrUOO4RhHtZ7pOaNnu77vyw6M9hBxOqAtjdrLq
 3Audl+mdWDbtzkN4
X-Received: by 10.80.153.43 with SMTP id k40mr2561391edb.63.1495100865010;
 Thu, 18 May 2017 02:47:45 -0700 (PDT)
Received: from localhost.localdomain (xd93ddc2d.cust.hiper.dk.
 [217.61.220.45]) by smtp.gmail.com with ESMTPSA id
 w15sm2377437edw.27.2017.05.18.02.47.44
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
 Thu, 18 May 2017 02:47:44 -0700 (PDT)
From: Christoffer Dall <cdall@linaro.org>
To: Paolo Bonzini <pbonzini@redhat.com>, =?utf-8?b?UmFkaW0gS3LEjW3DocWZ?=
 <rkrcmar@redhat.com>
Cc: Marc Zyngier <marc.zyngier@arm.com>, kvmarm@lists.cs.columbia.edu,
 kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org, Zhichao Huang
 <zhichao.huang@linaro.org>,         stable@vger.kernel.org,
 =?utf-8?q?Alex_Benn=C3=A9e?= <alex.bennee@linaro.org>,
 Christoffer Dall <cdall@linaro.org>
Subject: [PULL 08/13] KVM: arm: plug potential guest hardware debug leakage
Date: Thu, 18 May 2017 11:47:17 +0200
Message-Id: <20170518094722.9926-9-cdall@linaro.org>
X-Mailer: git-send-email 2.9.0
In-Reply-To: <20170518094722.9926-1-cdall@linaro.org>
References: <20170518094722.9926-1-cdall@linaro.org>
MIME-Version: 1.0
Sender: stable-owner@vger.kernel.org
Precedence: bulk
List-ID: <stable.vger.kernel.org>
X-Mailing-List: stable@vger.kernel.org

From: Zhichao Huang <zhichao.huang@linaro.org>

Hardware debugging in guests is not intercepted currently, it means
that a malicious guest can bring down the entire machine by writing
to the debug registers.

This patch enable trapping of all debug registers, preventing the
guests to access the debug registers. This includes access to the
debug mode(DBGDSCR) in the guest world all the time which could
otherwise mess with the host state. Reads return 0 and writes are
ignored (RAZ_WI).

The result is the guest cannot detect any working hardware based debug
support. As debug exceptions are still routed to the guest normal
debug using software based breakpoints still works.

To support debugging using hardware registers we need to implement a
debug register aware world switch as well as special trapping for
registers that may affect the host state.

Cc: stable@vger.kernel.org
Signed-off-by: Zhichao Huang <zhichao.huang@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Christoffer Dall <cdall@linaro.org>
Signed-off-by: Christoffer Dall <cdall@linaro.org>
---
 arch/arm/include/asm/kvm_coproc.h |  3 +-
 arch/arm/kvm/coproc.c             | 77 ++++++++++++++++++++++++++++++---------
 arch/arm/kvm/handle_exit.c        |  4 +-
 arch/arm/kvm/hyp/switch.c         |  4 +-
 4 files changed, 66 insertions(+), 22 deletions(-)

-- 
2.9.0

diff --git a/arch/arm/include/asm/kvm_coproc.h b/arch/arm/include/asm/kvm_coproc.h
index 4917c2f..e74ab0f 100644
--- a/arch/arm/include/asm/kvm_coproc.h
+++ b/arch/arm/include/asm/kvm_coproc.h
@@ -31,7 +31,8 @@ void kvm_register_target_coproc_table(struct kvm_coproc_target_table *table);
 int kvm_handle_cp10_id(struct kvm_vcpu *vcpu, struct kvm_run *run);
 int kvm_handle_cp_0_13_access(struct kvm_vcpu *vcpu, struct kvm_run *run);
 int kvm_handle_cp14_load_store(struct kvm_vcpu *vcpu, struct kvm_run *run);
-int kvm_handle_cp14_access(struct kvm_vcpu *vcpu, struct kvm_run *run);
+int kvm_handle_cp14_32(struct kvm_vcpu *vcpu, struct kvm_run *run);
+int kvm_handle_cp14_64(struct kvm_vcpu *vcpu, struct kvm_run *run);
 int kvm_handle_cp15_32(struct kvm_vcpu *vcpu, struct kvm_run *run);
 int kvm_handle_cp15_64(struct kvm_vcpu *vcpu, struct kvm_run *run);
 
diff --git a/arch/arm/kvm/coproc.c b/arch/arm/kvm/coproc.c
index ac8d36d..1403ffb 100644
--- a/arch/arm/kvm/coproc.c
+++ b/arch/arm/kvm/coproc.c
@@ -112,12 +112,6 @@ int kvm_handle_cp14_load_store(struct kvm_vcpu *vcpu, struct kvm_run *run)
 	return 1;
 }
 
-int kvm_handle_cp14_access(struct kvm_vcpu *vcpu, struct kvm_run *run)
-{
-	kvm_inject_undefined(vcpu);
-	return 1;
-}
-
 static void reset_mpidr(struct kvm_vcpu *vcpu, const struct coproc_reg *r)
 {
 	/*
@@ -533,12 +527,7 @@ static int emulate_cp15(struct kvm_vcpu *vcpu,
 	return 1;
 }
 
-/**
- * kvm_handle_cp15_64 -- handles a mrrc/mcrr trap on a guest CP15 access
- * @vcpu: The VCPU pointer
- * @run:  The kvm_run struct
- */
-int kvm_handle_cp15_64(struct kvm_vcpu *vcpu, struct kvm_run *run)
+static struct coproc_params decode_64bit_hsr(struct kvm_vcpu *vcpu)
 {
 	struct coproc_params params;
 
@@ -552,9 +541,38 @@ int kvm_handle_cp15_64(struct kvm_vcpu *vcpu, struct kvm_run *run)
 	params.Rt2 = (kvm_vcpu_get_hsr(vcpu) >> 10) & 0xf;
 	params.CRm = 0;
 
+	return params;
+}
+
+/**
+ * kvm_handle_cp15_64 -- handles a mrrc/mcrr trap on a guest CP15 access
+ * @vcpu: The VCPU pointer
+ * @run:  The kvm_run struct
+ */
+int kvm_handle_cp15_64(struct kvm_vcpu *vcpu, struct kvm_run *run)
+{
+	struct coproc_params params = decode_64bit_hsr(vcpu);
+
 	return emulate_cp15(vcpu, &params);
 }
 
+/**
+ * kvm_handle_cp14_64 -- handles a mrrc/mcrr trap on a guest CP14 access
+ * @vcpu: The VCPU pointer
+ * @run:  The kvm_run struct
+ */
+int kvm_handle_cp14_64(struct kvm_vcpu *vcpu, struct kvm_run *run)
+{
+	struct coproc_params params = decode_64bit_hsr(vcpu);
+
+	/* raz_wi cp14 */
+	pm_fake(vcpu, &params, NULL);
+
+	/* handled */
+	kvm_skip_instr(vcpu, kvm_vcpu_trap_il_is32bit(vcpu));
+	return 1;
+}
+
 static void reset_coproc_regs(struct kvm_vcpu *vcpu,
 			      const struct coproc_reg *table, size_t num)
 {
@@ -565,12 +583,7 @@ static void reset_coproc_regs(struct kvm_vcpu *vcpu,
 			table[i].reset(vcpu, &table[i]);
 }
 
-/**
- * kvm_handle_cp15_32 -- handles a mrc/mcr trap on a guest CP15 access
- * @vcpu: The VCPU pointer
- * @run:  The kvm_run struct
- */
-int kvm_handle_cp15_32(struct kvm_vcpu *vcpu, struct kvm_run *run)
+static struct coproc_params decode_32bit_hsr(struct kvm_vcpu *vcpu)
 {
 	struct coproc_params params;
 
@@ -584,9 +597,37 @@ int kvm_handle_cp15_32(struct kvm_vcpu *vcpu, struct kvm_run *run)
 	params.Op2 = (kvm_vcpu_get_hsr(vcpu) >> 17) & 0x7;
 	params.Rt2 = 0;
 
+	return params;
+}
+
+/**
+ * kvm_handle_cp15_32 -- handles a mrc/mcr trap on a guest CP15 access
+ * @vcpu: The VCPU pointer
+ * @run:  The kvm_run struct
+ */
+int kvm_handle_cp15_32(struct kvm_vcpu *vcpu, struct kvm_run *run)
+{
+	struct coproc_params params = decode_32bit_hsr(vcpu);
 	return emulate_cp15(vcpu, &params);
 }
 
+/**
+ * kvm_handle_cp14_32 -- handles a mrc/mcr trap on a guest CP14 access
+ * @vcpu: The VCPU pointer
+ * @run:  The kvm_run struct
+ */
+int kvm_handle_cp14_32(struct kvm_vcpu *vcpu, struct kvm_run *run)
+{
+	struct coproc_params params = decode_32bit_hsr(vcpu);
+
+	/* raz_wi cp14 */
+	pm_fake(vcpu, &params, NULL);
+
+	/* handled */
+	kvm_skip_instr(vcpu, kvm_vcpu_trap_il_is32bit(vcpu));
+	return 1;
+}
+
 /******************************************************************************
  * Userspace API
  *****************************************************************************/
diff --git a/arch/arm/kvm/handle_exit.c b/arch/arm/kvm/handle_exit.c
index 5fd7968..f86a9aa 100644
--- a/arch/arm/kvm/handle_exit.c
+++ b/arch/arm/kvm/handle_exit.c
@@ -95,9 +95,9 @@ static exit_handle_fn arm_exit_handlers[] = {
 	[HSR_EC_WFI]		= kvm_handle_wfx,
 	[HSR_EC_CP15_32]	= kvm_handle_cp15_32,
 	[HSR_EC_CP15_64]	= kvm_handle_cp15_64,
-	[HSR_EC_CP14_MR]	= kvm_handle_cp14_access,
+	[HSR_EC_CP14_MR]	= kvm_handle_cp14_32,
 	[HSR_EC_CP14_LS]	= kvm_handle_cp14_load_store,
-	[HSR_EC_CP14_64]	= kvm_handle_cp14_access,
+	[HSR_EC_CP14_64]	= kvm_handle_cp14_64,
 	[HSR_EC_CP_0_13]	= kvm_handle_cp_0_13_access,
 	[HSR_EC_CP10_ID]	= kvm_handle_cp10_id,
 	[HSR_EC_HVC]		= handle_hvc,
diff --git a/arch/arm/kvm/hyp/switch.c b/arch/arm/kvm/hyp/switch.c
index 92678b7..624a510 100644
--- a/arch/arm/kvm/hyp/switch.c
+++ b/arch/arm/kvm/hyp/switch.c
@@ -48,7 +48,9 @@ static void __hyp_text __activate_traps(struct kvm_vcpu *vcpu, u32 *fpexc_host)
 	write_sysreg(HSTR_T(15), HSTR);
 	write_sysreg(HCPTR_TTA | HCPTR_TCP(10) | HCPTR_TCP(11), HCPTR);
 	val = read_sysreg(HDCR);
-	write_sysreg(val | HDCR_TPM | HDCR_TPMCR, HDCR);
+	val |= HDCR_TPM | HDCR_TPMCR; /* trap performance monitors */
+	val |= HDCR_TDRA | HDCR_TDOSA | HDCR_TDA; /* trap debug regs */
+	write_sysreg(val, HDCR);
 }
 
 static void __hyp_text __deactivate_traps(struct kvm_vcpu *vcpu)

From patchwork Thu May 18 09:47:19 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Christoffer Dall <cdall@linaro.org>
X-Patchwork-Id: 100077
Delivered-To: patch@linaro.org
Received: by 10.140.96.100 with SMTP id j91csp634564qge;
 Thu, 18 May 2017 02:48:17 -0700 (PDT)
X-Received: by 10.84.178.101 with SMTP id y92mr3766112plb.116.1495100896931; 
 Thu, 18 May 2017 02:48:16 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1495100896; cv=none;
 d=google.com; s=arc-20160816;
 b=MI/pbO2+hWLq6oAMUiW429ajkCBjF+721Mz+kaRZtavM1VuGJBekaXbO4D9QXAQHBm
 gJcZr0a67Zxf5o1mZmiaMPTKXoxeBXVMfySYMnxHxJ/1KMQtkwKfPd+RqwL4sPmFlavk
 zZQDEUi6EZxMdrZoIhoZkN60hTZNZYSF8SbeKi/eyJB+B5vN7ZMCrAKFnxpZDasHad6t
 mMJuJ4EXYtv3IkPJcSAjLx87TcEryOfF2qXvipHSEgvQRJ2gSiCcv4do+BHTZvKwgrp5
 0csaDP79opY1LjNCyWN071fDjzNwfvwiMvuJiuAc7wIdhwWVjpiPE7ORyDOrgcpge8AJ
 l9wg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=list-id:precedence:sender:references:in-reply-to:message-id:date
 :subject:cc:to:from:dkim-signature:arc-authentication-results;
 bh=McaI5ly91mGNKQ5VBUS8OAPElso0JMX7ICh0KQ7T3Q8=;
 b=fgPc5xJblLbnUu7HyBhnVfEXW88kZ4MLy8/ItK0TIgQtF+gDfZesfYM/6l9pQQ3+o5
 uJ5k/uWemIGrGMw+2XBz41MQn3An0fiKGFxRyXyQyuLThVGQ81Q9wG2bqcip7tWT6u5p
 Hc9nRavqrNl+IpBiBemp579K0L7l2YMlBjQyOoJbZv2eF9krH/9EB1EpkBmz4Pfks8kj
 nVyQ8xSV4FiXh+4+9gGkUiUHOykx/Eg7MH1R4/6X4DL9ifY3F2NusWXmB/dHByazlQdf
 IS6gbr/nTlXna/2+h0dJMzzuQfSCw4GQJLgKm7rvCvI55U3tgSLJlaG0VWrPT3O8GhY7
 o/BQ==
ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org;
 spf=pass (google.com: best guess record for domain of
 stable-owner@vger.kernel.org designates 209.132.180.67 as
 permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; 
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <stable-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
 by mx.google.com with ESMTP id
 i35si4751361plg.102.2017.05.18.02.48.16; 
 Thu, 18 May 2017 02:48:16 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of
 stable-owner@vger.kernel.org designates 209.132.180.67 as
 permitted sender) client-ip=209.132.180.67; 
Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org;
 spf=pass (google.com: best guess record for domain of
 stable-owner@vger.kernel.org designates 209.132.180.67 as
 permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; 
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
 id S1755414AbdERJsQ (ORCPT <rfc822;sumit.semwal@linaro.org>
 + 6 others); Thu, 18 May 2017 05:48:16 -0400
Received: from mail-wm0-f46.google.com ([74.125.82.46]:35006 "EHLO
 mail-wm0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
 with ESMTP id S1755410AbdERJr6 (ORCPT
 <rfc822;stable@vger.kernel.org>); Thu, 18 May 2017 05:47:58 -0400
Received: by mail-wm0-f46.google.com with SMTP id b84so195121467wmh.0
 for <stable@vger.kernel.org>; Thu, 18 May 2017 02:47:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; 
 h=from:to:cc:subject:date:message-id:in-reply-to:references;
 bh=McaI5ly91mGNKQ5VBUS8OAPElso0JMX7ICh0KQ7T3Q8=;
 b=NW3jWge0dEdJ7n2ZJ2KCJQM0ZQuZ4O2t5JSGhf47Ybt+NrEqR1KcGOSXSzn1VvxwyX
 dwFPKXMcOeUo+hQvWo2C0/pnW2a9rLkJa8Dc6ena+pcJZclTkMXdKBVj9brbPv0EHrLy
 xp0wg5RavqVYDvbutvR7xU+KYN3cTAdagVhxs=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references;
 bh=McaI5ly91mGNKQ5VBUS8OAPElso0JMX7ICh0KQ7T3Q8=;
 b=i6ytlGKttYMZr5OnOObPiVqV9AnF+Ck84nwRm3wHrx2MA7OQ3WeN878WGN5c4ZC/vI
 LhdqZwWPvM+R7hTCx0eEPJFEuCoQFvN0VZucpZ+Ym53YvBudGKi8n/x2Q35sTlqzNp/m
 zXLlSf5JG+GUAdiR35VmdCxZ/h3c0DBG+Vr6/KEMKTmh6S6mGmy83B7QPwmEl9XBHYZz
 IzA86t5pVliYtEErvTLF3i43uN3EbW9idcTdkK1wZCfnNINDjng/U0zusMaraM/+sBOR
 CKTU42b2BaXsVzllEvUv7ybcNhDCKSGS4zMQAmh8WQxPIQwIeZdrWyPF3G+FjCE9S4i/
 Uw9w==
X-Gm-Message-State: AODbwcDM8y1D1cZKQbPuOpO/YvxlQNylIEaVudr6pAiZfLHRxXJANvsH
 2BboJW+20PRjR6i/
X-Received: by 10.80.212.211 with SMTP id e19mr2558026edj.164.1495100867248; 
 Thu, 18 May 2017 02:47:47 -0700 (PDT)
Received: from localhost.localdomain (xd93ddc2d.cust.hiper.dk.
 [217.61.220.45]) by smtp.gmail.com with ESMTPSA id
 w15sm2377437edw.27.2017.05.18.02.47.46
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
 Thu, 18 May 2017 02:47:46 -0700 (PDT)
From: Christoffer Dall <cdall@linaro.org>
To: Paolo Bonzini <pbonzini@redhat.com>, =?utf-8?b?UmFkaW0gS3LEjW3DocWZ?=
 <rkrcmar@redhat.com>
Cc: Marc Zyngier <marc.zyngier@arm.com>, kvmarm@lists.cs.columbia.edu,
 kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org,
 Suzuki K Poulose <suzuki.poulose@arm.com>,
 stable@vger.kernel.org, Christoffer Dall <cdall@linaro.org>
Subject: [PULL 10/13] kvm: arm/arm64: Force reading uncached stage2 PGD
Date: Thu, 18 May 2017 11:47:19 +0200
Message-Id: <20170518094722.9926-11-cdall@linaro.org>
X-Mailer: git-send-email 2.9.0
In-Reply-To: <20170518094722.9926-1-cdall@linaro.org>
References: <20170518094722.9926-1-cdall@linaro.org>
Sender: stable-owner@vger.kernel.org
Precedence: bulk
List-ID: <stable.vger.kernel.org>
X-Mailing-List: stable@vger.kernel.org

From: Suzuki K Poulose <suzuki.poulose@arm.com>

Make sure we don't use a cached value of the KVM stage2 PGD while
resetting the PGD.

Cc: Marc Zyngier <marc.zyngier@arm.com>
Cc: stable@vger.kernel.org
Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Reviewed-by: Christoffer Dall <cdall@linaro.org>
Signed-off-by: Christoffer Dall <cdall@linaro.org>
---
 virt/kvm/arm/mmu.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

-- 
2.9.0

diff --git a/virt/kvm/arm/mmu.c b/virt/kvm/arm/mmu.c
index 909a1a7..704e35f 100644
--- a/virt/kvm/arm/mmu.c
+++ b/virt/kvm/arm/mmu.c
@@ -837,7 +837,7 @@ void kvm_free_stage2_pgd(struct kvm *kvm)
 	spin_lock(&kvm->mmu_lock);
 	if (kvm->arch.pgd) {
 		unmap_stage2_range(kvm, 0, KVM_PHYS_SIZE);
-		pgd = kvm->arch.pgd;
+		pgd = READ_ONCE(kvm->arch.pgd);
 		kvm->arch.pgd = NULL;
 	}
 	spin_unlock(&kvm->mmu_lock);

From patchwork Thu May 18 09:47:20 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Christoffer Dall <cdall@linaro.org>
X-Patchwork-Id: 100076
Delivered-To: patch@linaro.org
Received: by 10.140.96.100 with SMTP id j91csp634538qge;
 Thu, 18 May 2017 02:48:12 -0700 (PDT)
X-Received: by 10.99.126.20 with SMTP id z20mr3409792pgc.158.1495100892657; 
 Thu, 18 May 2017 02:48:12 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1495100892; cv=none;
 d=google.com; s=arc-20160816;
 b=ySBf2J/wWz+7mwmZtRNKv+Cd5/Fqevqh+tL2EdzQZVU+eHRu7JAYTb+9++22LlXmK8
 rFqd9qkgbuV6psBsNl6uCaehMrfIwlzqRMxiu3V4tf/i/qfG/59pLFX49jF9D0VE3dY+
 eJmvTVL1iBJ5Jmql5oTupBWBzKvjikzxtDwOc16ZAzGMDBdSFiQoVWro0LSQl8eJddDi
 fbY2HCpwtK9czdzXUa9jCXHiKgNEi7tSSLMZbuus7lEYHNTIjE/tcjRWXSoXjp9BLlxE
 LPohNnHAxBM6GcTMiRXtDybTbAImXkSsh5H4yxmljsUoxhoL1HyK4hunHfuVJo9nADzU
 5ndw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=list-id:precedence:sender:content-transfer-encoding:mime-version
 :references:in-reply-to:message-id:date:subject:cc:to:from
 :dkim-signature:arc-authentication-results;
 bh=UJ4ttGo1yIqZOj1ZDuN3LmBaUNvY9FDwdN8JzwZ8ZaM=;
 b=g2XLAR3VEeHi9KoiCE7/uZ5fW8IkJKtDP1XRN+2+P8HFLkFDX2Cvg125yDwMKZHouZ
 u4e54ton1P+TPGTHhBuZtTupIuO/aSWPG1ea6hmw4nvbzx7LhXSrZwTkBE957Apv4UXy
 9/xdUhjJmdwF7nP2MnG9TqGe1ZIKFbMEqOyZ8XcjpLo6yX2gWn0UeGzY+i80gV0TutZE
 gdc1u28QYAdzBUfRPFB+I9dusWQdiOOVNSt74IPWrMk7k47Wm5UmIssbEpWLS0kUYHry
 6htTM2asK+qjDkLWTvJvbgy9PNKmI0UC5wM6LwmoBSkOorLo1Rmvddn0YmmBqb9OIHSo
 0i4Q==
ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org;
 spf=pass (google.com: best guess record for domain of
 stable-owner@vger.kernel.org designates 209.132.180.67 as
 permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; 
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <stable-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
 by mx.google.com with ESMTP id
 i35si4751361plg.102.2017.05.18.02.48.12; 
 Thu, 18 May 2017 02:48:12 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of
 stable-owner@vger.kernel.org designates 209.132.180.67 as
 permitted sender) client-ip=209.132.180.67; 
Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org;
 spf=pass (google.com: best guess record for domain of
 stable-owner@vger.kernel.org designates 209.132.180.67 as
 permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; 
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
 id S1755317AbdERJsK (ORCPT <rfc822;sumit.semwal@linaro.org>
 + 6 others); Thu, 18 May 2017 05:48:10 -0400
Received: from mail-wm0-f49.google.com ([74.125.82.49]:38128 "EHLO
 mail-wm0-f49.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
 with ESMTP id S1755112AbdERJry (ORCPT
 <rfc822;stable@vger.kernel.org>); Thu, 18 May 2017 05:47:54 -0400
Received: by mail-wm0-f49.google.com with SMTP id v15so45997495wmv.1
 for <stable@vger.kernel.org>; Thu, 18 May 2017 02:47:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; 
 h=from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding;
 bh=UJ4ttGo1yIqZOj1ZDuN3LmBaUNvY9FDwdN8JzwZ8ZaM=;
 b=Z8e9bf0UyhhCkhzOTyUlFeTFe6k2zhNs5XHTwZ6huV/aKHUUAVpz6/jD/DLWOZCIIF
 0o56jSU/5V6P/rtekA07cHPThJhO5c7VwU1iKYgaJuI7pgHL5Y44qDXgbt25nx9nHPau
 mqlgFyqcTV1qo89/1bOIZEkgoUBHel+h5MsqE=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=UJ4ttGo1yIqZOj1ZDuN3LmBaUNvY9FDwdN8JzwZ8ZaM=;
 b=FEiqkBftcGQFRa/MO91CHBe9WLFIVp2hj3Wx413Ao9eOh3aBhexSz/j8jg4dIwBvR/
 11Q930KF3vg+Q/2qlcLRmlC94rOyHVd31dGWlSywfIaaPboHBkajMlLpR1D1kZCmczs8
 WGDDsgN+exiuy68Qxc1xtP7IFl2d7HXrLtog/CV9tJHLT56huNAo7Z1HIfmYtr3DyUGE
 J9GImzuIjRwMZIOpTCWcxMzZbicLK88WVsF4te204cD98Nh+xIPD1m0RQtgqPgdBvwrp
 wPc5GlOjU8Dp/fBQjRyuzQlPpE93xuiyGP874NaFAEavPZACSE47ne1bO8w08B4pICDt
 q0Yw==
X-Gm-Message-State: AODbwcAweM8Z04zv3t2O+2wxGnbLRWu5lophg+b7b7+/UoNu8olqMvbM
 6iX+MBEhhmXMa9pw
X-Received: by 10.80.138.34 with SMTP id i31mr2494083edi.145.1495100868357; 
 Thu, 18 May 2017 02:47:48 -0700 (PDT)
Received: from localhost.localdomain (xd93ddc2d.cust.hiper.dk.
 [217.61.220.45]) by smtp.gmail.com with ESMTPSA id
 w15sm2377437edw.27.2017.05.18.02.47.47
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
 Thu, 18 May 2017 02:47:47 -0700 (PDT)
From: Christoffer Dall <cdall@linaro.org>
To: Paolo Bonzini <pbonzini@redhat.com>, =?utf-8?b?UmFkaW0gS3LEjW3DocWZ?=
 <rkrcmar@redhat.com>
Cc: Marc Zyngier <marc.zyngier@arm.com>, kvmarm@lists.cs.columbia.edu,
 kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org,
 Suzuki K Poulose <suzuki.poulose@arm.com>,
 Mark Rutland <mark.rutland@arm.com>, andreyknvl@google.com,
 stable@vger.kernel.org, Christoffer Dall <cdall@linaro.org>
Subject: [PULL 11/13] kvm: arm/arm64: Fix use after free of stage2 page table
Date: Thu, 18 May 2017 11:47:20 +0200
Message-Id: <20170518094722.9926-12-cdall@linaro.org>
X-Mailer: git-send-email 2.9.0
In-Reply-To: <20170518094722.9926-1-cdall@linaro.org>
References: <20170518094722.9926-1-cdall@linaro.org>
MIME-Version: 1.0
Sender: stable-owner@vger.kernel.org
Precedence: bulk
List-ID: <stable.vger.kernel.org>
X-Mailing-List: stable@vger.kernel.org

From: Suzuki K Poulose <suzuki.poulose@arm.com>

We yield the kvm->mmu_lock occassionaly while performing an operation
(e.g, unmap or permission changes) on a large area of stage2 mappings.
However this could possibly cause another thread to clear and free up
the stage2 page tables while we were waiting for regaining the lock and
thus the original thread could end up in accessing memory that was
freed. This patch fixes the problem by making sure that the stage2
pagetable is still valid after we regain the lock. The fact that
mmu_notifer->release() could be called twice (via __mmu_notifier_release
and mmu_notifier_unregsister) enhances the possibility of hitting
this race where there are two threads trying to unmap the entire guest
shadow pages.

While at it, cleanup the redudant checks around cond_resched_lock in
stage2_wp_range(), as cond_resched_lock already does the same checks.

Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Radim Krčmář <rkrcmar@redhat.com>
Cc: andreyknvl@google.com
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: stable@vger.kernel.org
Acked-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Reviewed-by: Christoffer Dall <cdall@linaro.org>
Signed-off-by: Christoffer Dall <cdall@linaro.org>
---
 virt/kvm/arm/mmu.c | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

-- 
2.9.0

diff --git a/virt/kvm/arm/mmu.c b/virt/kvm/arm/mmu.c
index 704e35f..a2d6324 100644
--- a/virt/kvm/arm/mmu.c
+++ b/virt/kvm/arm/mmu.c
@@ -295,6 +295,13 @@ static void unmap_stage2_range(struct kvm *kvm, phys_addr_t start, u64 size)
 	assert_spin_locked(&kvm->mmu_lock);
 	pgd = kvm->arch.pgd + stage2_pgd_index(addr);
 	do {
+		/*
+		 * Make sure the page table is still active, as another thread
+		 * could have possibly freed the page table, while we released
+		 * the lock.
+		 */
+		if (!READ_ONCE(kvm->arch.pgd))
+			break;
 		next = stage2_pgd_addr_end(addr, end);
 		if (!stage2_pgd_none(*pgd))
 			unmap_stage2_puds(kvm, pgd, addr, next);
@@ -1170,11 +1177,13 @@ static void stage2_wp_range(struct kvm *kvm, phys_addr_t addr, phys_addr_t end)
 		 * large. Otherwise, we may see kernel panics with
 		 * CONFIG_DETECT_HUNG_TASK, CONFIG_LOCKUP_DETECTOR,
 		 * CONFIG_LOCKDEP. Additionally, holding the lock too long
-		 * will also starve other vCPUs.
+		 * will also starve other vCPUs. We have to also make sure
+		 * that the page tables are not freed while we released
+		 * the lock.
 		 */
-		if (need_resched() || spin_needbreak(&kvm->mmu_lock))
-			cond_resched_lock(&kvm->mmu_lock);
-
+		cond_resched_lock(&kvm->mmu_lock);
+		if (!READ_ONCE(kvm->arch.pgd))
+			break;
 		next = stage2_pgd_addr_end(addr, end);
 		if (stage2_pgd_present(*pgd))
 			stage2_wp_puds(pgd, addr, next);