| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <985e9c0d9079ea2a27114a8b088ddf10482e1f37.camel@arm.com>
Date: Mon, 27 Oct 2025 12:01:14 +0000
From: Sascha Bischoff <Sascha.Bischoff@....com>
To: "maz@...nel.org" <maz@...nel.org>, "sebott@...hat.com"
<sebott@...hat.com>, "oliver.upton@...ux.dev" <oliver.upton@...ux.dev>
CC: "yuzenghui@...wei.com" <yuzenghui@...wei.com>, Suzuki Poulose
<Suzuki.Poulose@....com>, nd <nd@....com>, "linux-kernel@...r.kernel.org"
<linux-kernel@...r.kernel.org>, "kvmarm@...ts.linux.dev"
<kvmarm@...ts.linux.dev>, "linux-arm-kernel@...ts.infradead.org"
<linux-arm-kernel@...ts.infradead.org>, "will@...nel.org" <will@...nel.org>,
Joey Gouly <Joey.Gouly@....com>
Subject: Re: Failing no-vgic-v3 test
On Mon, 2025-10-27 at 12:37 +0100, Sebastian Ott wrote:
> Hey,
>
> on an ampere altra I've got a sad selftest:
>
> [root@...tlab-arm11 kvm]# ./arm64/no-vgic-v3
> Random seed: 0x6b8b4567
> ==== Test Assertion Failure ====
> arm64/no-vgic-v3.c:66: handled
> pid=3793 tid=3793 errno=4 - Interrupted system call
> 1 0x0000000000402feb: test_run_vcpu at no-vgic-v3.c:128
> 2 0x000000000040214f: test_guest_no_gicv3 at no-vgic-v3.c:155
> (discriminator 17)
> 3 (inlined by) main at no-vgic-v3.c:174 (discriminator 17)
> 4 0x0000ffff873eb587: ?? ??:0
> 5 0x0000ffff873eb65f: ?? ??:0
> 6 0x00000000004022af: _start at ??:?
> ICC_PMR_EL1 no read trap
>
> This is a guest without VGICv3 on GICv3 HW. The test expects UNDEF on
> reg
> access - which is not happening since:
>
> 3193287ddffb KVM: arm64: gic-v3: Only set ICH_HCR traps for v2-on-v3
> or v3 guests
>
> As a local fix I've done:
> diff --git a/arch/arm64/kvm/vgic/vgic-v3.c
> b/arch/arm64/kvm/vgic/vgic-v3.c
> index 6fbb4b099855..1fe53a021926 100644
> --- a/arch/arm64/kvm/vgic/vgic-v3.c
> +++ b/arch/arm64/kvm/vgic/vgic-v3.c
> @@ -297,11 +297,15 @@ void vcpu_set_ich_hcr(struct kvm_vcpu *vcpu)
> {
> struct vgic_v3_cpu_if *vgic_v3 = &vcpu-
> >arch.vgic_cpu.vgic_v3;
>
> if (!vgic_is_v3(vcpu->kvm))
> return;
>
> /* Hide GICv3 sysreg if necessary */
> - if (vcpu->kvm->arch.vgic.vgic_model ==
> KVM_DEV_TYPE_ARM_VGIC_V2) {
> + if (!kvm_has_gicv3(vcpu->kvm) ||
> + vcpu->kvm->arch.vgic.vgic_model ==
> KVM_DEV_TYPE_ARM_VGIC_V2) {
> vgic_v3->vgic_hcr |= (ICH_HCR_EL2_TALL0 |
> ICH_HCR_EL2_TALL1 |
> ICH_HCR_EL2_TC);
> return;
>
>
> but following the intention of the patch above maybe we should do
> smth
> like:
> diff --git a/arch/arm64/kvm/vgic/vgic-v3.c
> b/arch/arm64/kvm/vgic/vgic-v3.c
> index 6fbb4b099855..1fe53a021926 100644
> --- a/arch/arm64/kvm/vgic/vgic-v3.c
> +++ b/arch/arm64/kvm/vgic/vgic-v3.c
> @@ -297,11 +297,15 @@ void vcpu_set_ich_hcr(struct kvm_vcpu *vcpu)
> {
> struct vgic_v3_cpu_if *vgic_v3 = &vcpu-
> >arch.vgic_cpu.vgic_v3;
>
> if (!vgic_is_v3(vcpu->kvm))
> return;
>
> /* Hide GICv3 sysreg if necessary */
> - if (vcpu->kvm->arch.vgic.vgic_model ==
> KVM_DEV_TYPE_ARM_VGIC_V2) {
> + if (kvm_has_feat(vcpu->kvm, ID_AA64PFR0_EL1, GIC, NI) ||
> + vcpu->kvm->arch.vgic.vgic_model ==
> KVM_DEV_TYPE_ARM_VGIC_V2) {
> vgic_v3->vgic_hcr |= (ICH_HCR_EL2_TALL0 |
> ICH_HCR_EL2_TALL1 |
> ICH_HCR_EL2_TC);
> return;
>
> Thoughts?
> Sebastian
>
Hi Sebastian.
Apologies - I broke that test by failing to consider that it is
possible to not create an in-kernel vgic. We need to trap all accesses
on a GICv3-compatible host if either we're running a GICv2 guest, or if
we don't have an in-kernel vgic at all (the case I'd missed).
I posted a fix for that the other day:
https://lore.kernel.org/all/20251021094358.1963807-1-sascha.bischoff@arm.com/
Could you please try the fix and confirm if it works for you?
Thanks,
Sascha
Powered by blists - more mailing lists