lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 15 Jan 2020 13:17:24 +0000
From:   Marc Zyngier <maz@...nel.org>
To:     Shaokun Zhang <zhangshaokun@...ilicon.com>
Cc:     kvmarm@...ts.cs.columbia.edu, linux-kernel@...r.kernel.org,
        Eric Auger <eric.auger@...hat.com>,
        James Morse <james.morse@....com>,
        Julien Thierry <julien.thierry.kdev@...il.com>,
        Suzuki K Poulose <suzuki.poulose@....com>,
        Thomas Gleixner <tglx@...utronix.de>,
        Jason Cooper <jason@...edaemon.net>,
        Lorenzo Pieralisi <lorenzo.pieralisi@....com>,
        Andrew Murray <Andrew.Murray@....com>,
        Zenghui Yu <yuzenghui@...wei.com>,
        Robert Richter <rrichter@...vell.com>,
        "Tangnianyao (ICT)" <tangnianyao@...wei.com>
Subject: Re: [PATCH v3 29/32] KVM: arm64: GICv4.1: Allow SGIs to switch
 between HW and SW interrupts

On 2020-01-15 02:49, Shaokun Zhang wrote:
> Hi Marc, [This is from Nianyao]
> 
> On 2019/12/24 19:10, Marc Zyngier wrote:
>> In order to let a guest buy in the new, active-less SGIs, we
>> need to be able to switch between the two modes.
>> 
>> Handle this by stopping all guest activity, transfer the state
>> from one mode to the other, and resume the guest.
>> 
>> Signed-off-by: Marc Zyngier <maz@...nel.org>
>> ---
>>  include/kvm/arm_vgic.h      |  3 ++
>>  virt/kvm/arm/vgic/vgic-v3.c |  2 +
>>  virt/kvm/arm/vgic/vgic-v4.c | 96 
>> +++++++++++++++++++++++++++++++++++++
>>  virt/kvm/arm/vgic/vgic.h    |  1 +
>>  4 files changed, 102 insertions(+)
>> 
>> diff --git a/include/kvm/arm_vgic.h b/include/kvm/arm_vgic.h
>> index 63457908c9c4..69f4164d6477 100644
>> --- a/include/kvm/arm_vgic.h
>> +++ b/include/kvm/arm_vgic.h
>> @@ -231,6 +231,9 @@ struct vgic_dist {
>>  	/* distributor enabled */
>>  	bool			enabled;
>> 
>> +	/* Wants SGIs without active state */
>> +	bool			nassgireq;
>> +
>>  	struct vgic_irq		*spis;
>> 
>>  	struct vgic_io_device	dist_iodev;
>> diff --git a/virt/kvm/arm/vgic/vgic-v3.c b/virt/kvm/arm/vgic/vgic-v3.c
>> index c2fdea201747..c79a251c4974 100644
>> --- a/virt/kvm/arm/vgic/vgic-v3.c
>> +++ b/virt/kvm/arm/vgic/vgic-v3.c
>> @@ -540,6 +540,8 @@ int vgic_v3_map_resources(struct kvm *kvm)
>>  		goto out;
>>  	}
>> 
>> +	if (kvm_vgic_global_state.has_gicv4_1)
>> +		vgic_v4_configure_vsgis(kvm);
>>  	dist->ready = true;
>> 
>>  out:
>> diff --git a/virt/kvm/arm/vgic/vgic-v4.c b/virt/kvm/arm/vgic/vgic-v4.c
>> index c2fcde104ea2..063785fd2dc7 100644
>> --- a/virt/kvm/arm/vgic/vgic-v4.c
>> +++ b/virt/kvm/arm/vgic/vgic-v4.c
>> @@ -97,6 +97,102 @@ static irqreturn_t vgic_v4_doorbell_handler(int 
>> irq, void *info)
>>  	return IRQ_HANDLED;
>>  }
>> 
>> +static void vgic_v4_sync_sgi_config(struct its_vpe *vpe, struct 
>> vgic_irq *irq)
>> +{
>> +	vpe->sgi_config[irq->intid].enabled	= irq->enabled;
>> +	vpe->sgi_config[irq->intid].group 	= irq->group;
>> +	vpe->sgi_config[irq->intid].priority	= irq->priority;
>> +}
>> +
>> +static void vgic_v4_enable_vsgis(struct kvm_vcpu *vcpu)
>> +{
>> +	struct its_vpe *vpe = &vcpu->arch.vgic_cpu.vgic_v3.its_vpe;
>> +	int i;
>> +
>> +	/*
>> +	 * With GICv4.1, every virtual SGI can be directly injected. So
>> +	 * let's pretend that they are HW interrupts, tied to a host
>> +	 * IRQ. The SGI code will do its magic.
>> +	 */
>> +	for (i = 0; i < VGIC_NR_SGIS; i++) {
>> +		struct vgic_irq *irq = vgic_get_irq(vcpu->kvm, vcpu, i);
>> +		struct irq_desc *desc;
>> +		int ret;
>> +
>> +		if (irq->hw) {
>> +			vgic_put_irq(vcpu->kvm, irq);
>> +			continue;
>> +		}
>> +
>> +		irq->hw = true;
>> +		irq->host_irq = irq_find_mapping(vpe->sgi_domain, i);
> 
> I think we need to check whether irq_find_mapping returns 0.

Why? its_alloc_vcpu_sgis() performs the allocation of all 16 SGIs
in one go. If that fails, we should error out. Conversely, we're
guaranteed that we have a mapping if it hasn't failed.

> 
>> +		vgic_v4_sync_sgi_config(vpe, irq);
>> +		/*
>> +		 * SGIs are initialised as disabled. Enable them if
>> +		 * required by the rest of the VGIC init code.
>> +		 */
>> +		desc = irq_to_desc(irq->host_irq);
>> +		ret = irq_domain_activate_irq(irq_desc_get_irq_data(desc),
>> +					      false);
> 
> If irq->host_irq is not valid , in irq_domain_activate_irq, it will
> trigger NULL pointer dereference in host kernel.
> I meet a problem here. When hw support GIC4.1, and host kernel is 
> started with
> kvm-arm.vgic_v4_enable=0, starting a virtual machine will trigger NULL 
> pointer
> dereference in host. The following is error info:

[...]

But the problem here is that we're trying to use GICv4.1 even if GICv4
is disabled. I don't think there is a point in trying to sidestep this
locally if we're doing the wrong thing at top-level, which seems to be
the case.

Thanks,

         M.
-- 
Jazz is not dead. It just smells funny...

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ