NotificationsYou must be signed in to change notification settings
Fork0
Star2

Commitc4ad98e

Marc Zyngier

committed

KVM: arm64: Assume write fault on S1PTW permission fault on instruction fetch

KVM currently assumes that an instruction abort can never be a write.This is in general true, except when the abort is triggered bya S1PTW on instruction fetch that tries to update the S1 page tables(to set AF, for example).This can happen if the page tables have been paged out and broughtback in without seeing a direct write to them (they are thus markedread only), and the fault handling code will make the PT executable(!)instead of writable. The guest gets stuck forever.In these conditions, the permission fault must be considered asa write so that the Stage-1 update can take place. This is essentiallythe I-side equivalent of the problem fixed by60e21a0 ("arm64: KVM:Take S1 walks into account when determining S2 write faults").Update kvm_is_write_fault() to return true on IABT+S1PTW, and introducekvm_vcpu_trap_is_exec_fault() that only return true when no faultingon a S1 fault. Additionally, kvm_vcpu_dabt_iss1tw() is renamed tokvm_vcpu_abt_iss1tw(), as the above makes it plain that it isn'tspecific to data abort.Signed-off-by: Marc Zyngier <maz@kernel.org>Reviewed-by: Will Deacon <will@kernel.org>Cc: stable@vger.kernel.orgLink:https://lore.kernel.org/r/20200915104218.1284701-2-maz@kernel.org

1 parent7b75cd5 commitc4ad98eCopy full SHA for c4ad98e

File tree

3 files changed

+13

-5

lines changed

arch/arm64
- include/asm
  - kvm_emulate.h
- kvm
  - hyp/include/hyp
    - switch.h
  - mmu.c

3 files changed

+13

-5

lines changed

`‎arch/arm64/include/asm/kvm_emulate.h‎`

Lines changed: 10 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -298,15 +298,15 @@ static __always_inline int kvm_vcpu_dabt_get_rd(const struct kvm_vcpu *vcpu)`
`298`	`298`	`return (kvm_vcpu_get_esr(vcpu)&ESR_ELx_SRT_MASK) >>ESR_ELx_SRT_SHIFT;`
`299`	`299`	`}`
`300`	`300`
`301`		`-static__always_inlineboolkvm_vcpu_dabt_iss1tw(conststructkvm_vcpu*vcpu)`
	`301`	`+static__always_inlineboolkvm_vcpu_abt_iss1tw(conststructkvm_vcpu*vcpu)`
`302`	`302`	`{`
`303`	`303`	`return !!(kvm_vcpu_get_esr(vcpu)&ESR_ELx_S1PTW);`
`304`	`304`	`}`
`305`	`305`
`306`	`306`	`static__always_inlineboolkvm_vcpu_dabt_iswrite(conststructkvm_vcpu*vcpu)`
`307`	`307`	`{`
`308`	`308`	`return !!(kvm_vcpu_get_esr(vcpu)&ESR_ELx_WNR)\|\|`
`309`		`-kvm_vcpu_dabt_iss1tw(vcpu);/* AF/DBM update */`
	`309`	`+kvm_vcpu_abt_iss1tw(vcpu);/* AF/DBM update */`
`310`	`310`	`}`
`311`	`311`
`312`	`312`	`staticinlineboolkvm_vcpu_dabt_is_cm(conststructkvm_vcpu*vcpu)`
`@@ -335,6 +335,11 @@ static inline bool kvm_vcpu_trap_is_iabt(const struct kvm_vcpu *vcpu)`
`335`	`335`	`returnkvm_vcpu_trap_get_class(vcpu)==ESR_ELx_EC_IABT_LOW;`
`336`	`336`	`}`
`337`	`337`
	`338`	`+staticinlineboolkvm_vcpu_trap_is_exec_fault(conststructkvm_vcpu*vcpu)`
	`339`	`+{`
	`340`	`+returnkvm_vcpu_trap_is_iabt(vcpu)&& !kvm_vcpu_abt_iss1tw(vcpu);`
	`341`	`+}`
	`342`	`+`
`338`	`343`	`static__always_inlineu8kvm_vcpu_trap_get_fault(conststructkvm_vcpu*vcpu)`
`339`	`344`	`{`
`340`	`345`	`returnkvm_vcpu_get_esr(vcpu)&ESR_ELx_FSC;`
`@@ -372,6 +377,9 @@ static __always_inline int kvm_vcpu_sys_get_rt(struct kvm_vcpu *vcpu)`
`372`	`377`
`373`	`378`	`staticinlineboolkvm_is_write_fault(structkvm_vcpu*vcpu)`
`374`	`379`	`{`
	`380`	`+if (kvm_vcpu_abt_iss1tw(vcpu))`
	`381`	`+return true;`
	`382`	`+`
`375`	`383`	`if (kvm_vcpu_trap_is_iabt(vcpu))`
`376`	`384`	`return false;`
`377`	`385`

`‎arch/arm64/kvm/hyp/include/hyp/switch.h‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -445,7 +445,7 @@ static inline bool fixup_guest_exit(struct kvm_vcpu vcpu, u64 exit_code)`
`445`	`445`	`kvm_vcpu_trap_get_fault_type(vcpu)==FSC_FAULT&&`
`446`	`446`	`kvm_vcpu_dabt_isvalid(vcpu)&&`
`447`	`447`	`!kvm_vcpu_abt_issea(vcpu)&&`
`448`		`-!kvm_vcpu_dabt_iss1tw(vcpu);`
	`448`	`+!kvm_vcpu_abt_iss1tw(vcpu);`
`449`	`449`
`450`	`450`	`if (valid) {`
`451`	`451`	`intret=__vgic_v2_perform_cpuif_access(vcpu);`

`‎arch/arm64/kvm/mmu.c‎`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -1843,7 +1843,7 @@ static int user_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa,`
`1843`	`1843`	`structkvm_s2_mmu*mmu=vcpu->arch.hw_mmu;`
`1844`	`1844`
`1845`	`1845`	`write_fault=kvm_is_write_fault(vcpu);`
`1846`		`-exec_fault=kvm_vcpu_trap_is_iabt(vcpu);`
	`1846`	`+exec_fault=kvm_vcpu_trap_is_exec_fault(vcpu);`
`1847`	`1847`	`VM_BUG_ON(write_fault&&exec_fault);`
`1848`	`1848`
`1849`	`1849`	`if (fault_status==FSC_PERM&& !write_fault&& !exec_fault) {`
`@@ -2125,7 +2125,7 @@ int kvm_handle_guest_abort(struct kvm_vcpu *vcpu)`
`2125`	`2125`	`gotoout;`
`2126`	`2126`	`}`
`2127`	`2127`
`2128`		`-if (kvm_vcpu_dabt_iss1tw(vcpu)) {`
	`2128`	`+if (kvm_vcpu_abt_iss1tw(vcpu)) {`
`2129`	`2129`	`kvm_inject_dabt(vcpu,kvm_vcpu_get_hfar(vcpu));`
`2130`	`2130`	`ret=1;`
`2131`	`2131`	`gotoout_unlock;`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitc4ad98e

File tree

3 files changed

3 files changed

`‎arch/arm64/include/asm/kvm_emulate.h‎`

`‎arch/arm64/kvm/hyp/include/hyp/switch.h‎`

`‎arch/arm64/kvm/mmu.c‎`

0 commit comments