lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <d7263b50-adda-44c0-90de-0e0890722b92@sirena.org.uk>
Date: Wed, 10 Apr 2024 17:33:49 +0100
From: Mark Brown <broonie@...nel.org>
To: Marc Zyngier <maz@...nel.org>
Cc: Catalin Marinas <catalin.marinas@....com>,
	Will Deacon <will@...nel.org>,
	Oliver Upton <oliver.upton@...ux.dev>,
	James Morse <james.morse@....com>,
	Suzuki K Poulose <suzuki.poulose@....com>,
	Jonathan Corbet <corbet@....net>, Shuah Khan <shuah@...nel.org>,
	linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org,
	Dave Martin <Dave.Martin@....com>, kvmarm@...ts.linux.dev,
	linux-doc@...r.kernel.org, linux-kselftest@...r.kernel.org
Subject: Re: [PATCH v6 2/5] KVM: arm64: Add newly allocated ID registers to
 register descriptions

On Wed, Apr 10, 2024 at 11:32:02AM +0100, Marc Zyngier wrote:
> Mark Brown <broonie@...nel.org> wrote:
> > On Sun, Mar 31, 2024 at 11:59:06AM +0100, Marc Zyngier wrote:
> > > Mark Brown <broonie@...nel.org> wrote:

> And when it comes to CPA, there are additional controls in SCTLR2_ELx,
> which doesn't even gets context switched for EL1. What could possibly
> go wrong?

Yes, I'd missed those - they were rather buried in the XML
unfortunately.  I'd already disabled CPA in my local code, and I've also
refactored the exposure of FPMR to be in the patch that context switches
it.

> > > > -	ID_UNALLOCATED(6,3),
> > > > +	ID_WRITABLE(ID_AA64ISAR3_EL1, ~(ID_AA64ISAR2_EL1_RES0 |
> > > > +					ID_AA64ISAR3_EL1_PACM |

> > > >  	ID_UNALLOCATED(6,4),
> > > >  	ID_UNALLOCATED(6,5),
> > > >  	ID_UNALLOCATED(6,6),

> > > Where is the code that enforces the lack of support for MTEFAR,
> > > MTESTOREONLY, and MTEPERM for SCTLR_ELx, EnPACM and EnFPM in HCRX_EL2?

> > Could you please be more explicit regarding what you're expecting to see
> > here?

> I'm expecting you to add all the required masking and fine-grained
> disabling of features that are not explicitly advertised to the guest.

> This should translate into additional init code in kvm_init_sysreg(),
> kvm_init_nv_sysregs() and limit_nv_id_reg(). You also should update

I see that in limit_nv_id_reg() I am missing updates to expose the new
dpISA features to nested guests.  However from a first pass it looks
like kvm_init_nv_sysregs() already handles everything I'd expect it to,
AFAICT it's handling all known trap bits?  For kvm_init_sysreg() with
HCRX AFAICT we default to having all bits 0 with explicit relaxations
for supported features (currently FEAT_MOPS, also FEAT_FPMR with this
series) meaning that I'm still unclear what exactly the updates you're
looking for are.  For SCTLR unless I'm misunderstanding things we've got
an existing issue with not initialising the res0 and res1 fields in
kvm_init_nv_sysregs() but that doesn't seem right...  

> the exception triaging infrastructure in emulate-nested.c.

Again I am really struggling to identify which specific updates you are
looking for here.

> > > And I haven't checked whether TLBI VMALLWS2 can be trapped.

> > I didn't see anything but I might not be aware of where to look, there
> > doesn't seem to be anything for that specifically in HFGITR_EL2 or
> > HFGITR2_EL2 which would be the main places I'd expect to find
> > something.

> That's a really odd place to look. This is a S2 invalidation
> primitive, which by definition is under the sole control of EL2, and
> therefore cannot be trapped by any of the FGT registers, as they only
> affect lesser-privileged ELs.

> The instruction is described in the XML:

> https://developer.arm.com/documentation/ddi0601/2024-03/AArch64-Instructions/TLBI-VMALLWS2E1--TLB-Invalidate-stage-2-dirty-state-by-VMID--EL1-0

That's TLBI VMALLWSE1 which is a more specific instruction.  TBH I can't
remember exactly what I was looking for, I did go into the instruction
pseudocode a bit (I was going in via SYS at one point) but didn't find
anything so was also trawling sysregs looking for something.  If I'm
reading this right there are no traps?

Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ