lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID:
 <TYCPR01MB114635E18970432A5BDAAC476C3AC2@TYCPR01MB11463.jpnprd01.prod.outlook.com>
Date: Tue, 1 Apr 2025 06:54:32 +0000
From: "Emi Kisanuki (Fujitsu)" <fj0570is@...itsu.com>
To: 'Oliver Upton' <oliver.upton@...ux.dev>
CC: 'Steven Price' <steven.price@....com>, "'kvm@...r.kernel.org'"
	<kvm@...r.kernel.org>, "'kvmarm@...ts.linux.dev'" <kvmarm@...ts.linux.dev>,
	'Catalin Marinas' <catalin.marinas@....com>, 'Marc Zyngier' <maz@...nel.org>,
	'Will Deacon' <will@...nel.org>, 'James Morse' <james.morse@....com>, 'Suzuki
 K Poulose' <suzuki.poulose@....com>, 'Zenghui Yu' <yuzenghui@...wei.com>,
	"'linux-arm-kernel@...ts.infradead.org'"
	<linux-arm-kernel@...ts.infradead.org>, "'linux-kernel@...r.kernel.org'"
	<linux-kernel@...r.kernel.org>, 'Joey Gouly' <joey.gouly@....com>, 'Alexandru
 Elisei' <alexandru.elisei@....com>, 'Christoffer Dall'
	<christoffer.dall@....com>, 'Fuad Tabba' <tabba@...gle.com>,
	"'linux-coco@...ts.linux.dev'" <linux-coco@...ts.linux.dev>, 'Ganapatrao
 Kulkarni' <gankulkarni@...amperecomputing.com>, 'Gavin Shan'
	<gshan@...hat.com>, 'Shanker Donthineni' <sdonthineni@...dia.com>, 'Alper
 Gun' <alpergun@...gle.com>, "'Aneesh Kumar K . V'" <aneesh.kumar@...nel.org>
Subject: RE: [PATCH v7 00/45] arm64: Support for Arm CCA in KVM

> Hi Emi,
> 
> On Wed, Mar 26, 2025 at 02:14:35AM +0000, Emi Kisanuki (Fujitsu) wrote:
> > Hi all,
> >
> > I tested Linux-cca cca-host/v7 patch with our Internal simulator based on
> QEMU (with CCA and MPAM support).
> > A panic occurred when starting Realm, but I don't think this is a problem with the
> cca-host/v7 patch.
> > The location of the panic is [1].
> >
> > [1]https://lore.kernel.org/linux-arm-kernel/20241030160317.2528209-4-j
> > oey.gouly@....com diff --git a/arch/arm64/kernel/cpuinfo.c
> > b/arch/arm64/kernel/cpuinfo.c index 44718d0482b3..46ba30d42b9b 100644
> > --- a/arch/arm64/kernel/cpuinfo.c
> > +++ b/arch/arm64/kernel/cpuinfo.c
> > @@ -478,6 +478,9 @@ static void __cpuinfo_store_cpu(struct cpuinfo_arm64
> *info)
> >  	if (id_aa64pfr0_32bit_el0(info->reg_id_aa64pfr0))
> >  		__cpuinfo_store_cpu_32bit(&info->aarch32);
> >
> > +	if (id_aa64pfr0_mpam(info->reg_id_aa64pfr0))
> > +		info->reg_mpamidr = read_cpuid(MPAMIDR_EL1); ///////
> panic occurred here.
> > +
> >  	cpuinfo_detect_icache_policy(info);
> >  }
> >
> > There was no problem with the cca-host/v5 patch (based on v6.12).
> > This panic is caused by accessing MPAMIDR_EL1 when the chip supports
> MPAM.
> > This functionality was enabled when the cca host patch base version was
> rebased from v6.12 to v6.13.
> >
> > I am not familiar with TF-A, but I think this maybe a TF-A's bug.
> > Because It seems TF-A sets MPAM3_EL3.TRAPLOWER to 0 during normal
> guest boot in manage_extensions_nonsecure_per_world function[2].
> > However, TF-A does not set it to 0 during Realm guest boot in
> manage_extensions_secure_per_world function.
> > Therefore, a trap occurs against EL3 (TF-A), and it is likely being processed as
> an invalid instruction (Undef).
> 
> Your instinct is correct that this is *not* a kernel bug. It is the responsibility of the
> RMM to provide a consistent feature set to the Realm.
> 
> Looks like this was addressed recently in TF-RMM by hiding FEAT_MPAM:
> 
> https://github.com/TF-RMM/tf-rmm/commit/7b0874403726d215c40054abfd5d
> 8704049f8dac
> 
> Thanks,
> Oliver

Hi Oliver
Thank you. 
We will backport the patch you mentioned.

I have verified the following
1. Launching the realm VM using Internal simulator → Successfully launched by disabling MPAM support in the ID register.
2. Running kvm-unit-tests (with lkvm) → All tests passed except for PMU (as expected, since PMU is not supported by the Internal simulator).[1]

Tested-by: Emi Kisanuki <fj0570is@...itsu.com>
[1] https://gitlab.arm.com/linux-arm/kvm-unit-tests-cca cca/v3

Best Regards,
Emi Kisanuki

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ