Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932160AbdHYIde (ORCPT ); Fri, 25 Aug 2017 04:33:34 -0400 Received: from mail-db5eur01on0042.outbound.protection.outlook.com ([104.47.2.42]:44352 "EHLO EUR01-DB5-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1755053AbdHYIdA (ORCPT ); Fri, 25 Aug 2017 04:33:00 -0400 Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Florent.Revest@arm.com; From: Florent Revest To: linux-arm-kernel@lists.infradead.org Cc: matt@codeblueprint.co.uk, ard.biesheuvel@linaro.org, pbonzini@redhat.com, rkrcmar@redhat.com, christoffer.dall@linaro.org, catalin.marinas@arm.com, will.deacon@arm.com, mark.rutland@arm.com, marc.zyngier@arm.com, linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, kvmarm@lists.cs.columbia.edu, leif.lindholm@arm.com, revestflo@gmail.com, Florent Revest Subject: [RFC 11/11] KVM, arm64: Don't trap internal VMs SMC calls Date: Fri, 25 Aug 2017 09:31:41 +0100 Message-Id: <1503649901-5834-12-git-send-email-florent.revest@arm.com> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1503649901-5834-1-git-send-email-florent.revest@arm.com> References: <1503649901-5834-1-git-send-email-florent.revest@arm.com> MIME-Version: 1.0 Content-Type: text/plain X-Originating-IP: [217.140.96.140] X-ClientProxiedBy: HE1PR09CA0051.eurprd09.prod.outlook.com (2603:10a6:7:3c::19) To HE1PR08MB0812.eurprd08.prod.outlook.com (2a01:111:e400:59b1::30) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: c2390000-b70a-4f29-036c-08d4eb93d600 X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(2017030254152)(48565401081)(300000503095)(300135400095)(201703131423075)(201703031133081)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095);SRVR:HE1PR08MB0812; X-Microsoft-Exchange-Diagnostics: 1;HE1PR08MB0812;3:KfoAuojTb2196YYH/NtEAk10f6WrgXNZarFor+6Vn9IHEYVnUeSAhb+ILtCcsZKm6Ybgy+12Qgb9YX/+mdVDvXcLba2PQyhSMh95dixGB29MfX/GmZzOOYhu+J5PpW81ZpGOG5Y6AOVE8+QFCb8GqKGd48y6nGVDICeHcpFt9jXzLMK8S5D2dluAZsDCE56kfQw7cB5/GfYUCglWtGg9VbtoDEjHS9psZMzDvxqAzk0pveQwRholA4DLVhDxFFyX;25:QGLzw+bl21MABCziKwZruKMLBO8VWPtmrKa68J4et1IgY+uG89VaS5OpxheMGaEumjTGUAb7RdumHN6suTvac8RtGTVwAnq5xmSMoByq3/xCpru+mXfq2Av8tRFDzmZdl9tldurENlAAr+zxe86Z/QR+FySEtG0089cEQjlQuP76ZzvZ1bQMhQuzTUy59EkHwykzGrYHMPUJLQBlGIbYosRV9j4JLqdVFJ4ZJTxf9tELtU4SGalKBxLRT3bv4dy1uLzJH0lyDEPlGTLd9xNom0p+4NcJ5dHC3+8YnA+o/dZoFZihgaRewcGZGrivXO765V4r651S3yBqRQacBmsv5A==;31:oQLTuh0Wz6nABsjpCOhShe2ZG99F4oECR459nnnKgiNOss+22tJEvyOKcltpQK7Y++g6RrhCiZUuImCMFMAjNVAaf8MT+HpOYuI6ngNSFXmPzhSxrWw6ZAaQfw70wEvS673ZuCV6uUzr23j98S8lcB3GjAHgmgNt76PJjtblmYE73s4l1l4N8RpN6JET8mwOnxyLorQ8LAWofqqCBJw4FQEdqPU50t7nrKMADxhsLUQ= X-MS-TrafficTypeDiagnostic: HE1PR08MB0812: X-Microsoft-Exchange-Diagnostics: 1;HE1PR08MB0812;20:FEAyI+19bJbg20tC4MX5PU31ivUszggKxGzritzPH/UspKOEKzaVhyca2tMDulWu7slhUWm8dZG2/FBM8g+IMXKU55cc0BEXgl5eyVC+Zrp5IdfrV+FT1G4garrDHTs09+NZHLWpMQ/j2zDX7cOxNOvFUhbacxxwJ5bbvOxVmLjl7wdaGPywq/PYnAvQDVb0QG5jctVHeiQbrdYaZ9pgUJJ7cIlByZ9BiDd3/OfGk1lkIQ3tc1ru96LGL66q4FKg3wn5G8zuTuS4wWZ7soiGJKRhsX06RXmSqUtIrgV9APOsKuRQs6x9VTM/WIjkTdUsKlybKnq4Rj1vpdTXU2HsSR3uBT9QCDywNtpIST6lZkSvhLLBKAdtJ/fWsv5BZ/4WiTy0rmRH2IjO6iRt4x1Nw9LDHHMZuoYOBlZV7TrSjAu6uZ3AY/OK5CIp5hDkpML1CS6aoOgoVqbfYQnYYc8xoCzx3Fwk1/1mLeSHvkAbgkVNp8NTejZ4HlLa01zoWnZh;4:yJeQnc0ybTBkAgWV5mnDfIgEoc53faybam69BDyhMrX74TZBooAX43/CX9nB/+6QoA0Zyo8dpTXLmTv4Eb8nBdC+4lAoFze0d+fKACrtLJDXdxToqporGPEIETRyUyJVFq5OCQhKJ9G1Gq3KaUKgncqaUI2EDJZoYt9crBE7E4JRulzT6oSFatW86cZmCQarkfuvf2ymZAAUsz8ASJMGRD+9bRNqkgzrFtOPP+/a7zmEqj/Z+OLoz+IyrJ0M3NmEpGsGQ5TbRdQFE2CIoIvwQX0kDO6qB+W/iNlUx8cyUkHbxFkWHlPmZTZlVyA18U5/deRmbXv9/b4jBLEFqjaDvEHBjTX2fY3YHlpORB35XyA= X-Exchange-Antispam-Report-Test: UriScan:(180628864354917)(192374486261705)(17755550239193); X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001)(93006095)(93001095)(100000703101)(100105400095)(6055026)(6041248)(20161123560025)(20161123558100)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123562025)(20161123564025)(20161123555025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095);SRVR:HE1PR08MB0812;BCL:0;PCL:0;RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095);SRVR:HE1PR08MB0812; X-Forefront-PRVS: 041032FF37 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(4630300001)(7370300001)(6009001)(39860400002)(199003)(40434004)(189002)(478600001)(68736007)(76176999)(25786009)(5660300001)(97736004)(36756003)(6486002)(50226002)(47776003)(50986999)(50466002)(4326008)(48376002)(7350300001)(110136004)(66066001)(7416002)(8676002)(189998001)(305945005)(5890100001)(6916009)(2351001)(105586002)(42186005)(6116002)(2361001)(8746002)(3846002)(86362001)(2906002)(72206003)(81156014)(81166006)(2950100002)(106356001)(6666003)(7736002)(33646002)(101416001)(5003940100001)(53936002);DIR:OUT;SFP:1101;SCL:1;SRVR:HE1PR08MB0812;H:e106757-lin.cambridge.arm.com;FPR:;SPF:None;PTR:InfoNoRecords;A:1;MX:1;LANG:en; X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1;HE1PR08MB0812;23:fUXDU9hGRNxMJBkYk4ZV6R2sP9JG/TXCIMRFcUAIe?= =?us-ascii?Q?o6T8jKrEtxMZfAvfgiDF2BoYoDdpfpIWpyVl049PK9o8zbk8qriV0pi2YWb4?= =?us-ascii?Q?l+wc3nUAvZ4KM97x2k66zMHXQk1dt7EhU0gfIOWNvCFohUyBt3bPuZfjKJe6?= =?us-ascii?Q?+lJz3OnhnGNOtP0pQ+TbF/lSfCkd5fXWiAxx7Q9puA+IzRTtmUnNfo1gaVaj?= =?us-ascii?Q?Yepvw2zpMznkfUcOM416dk9vcHTCcDhuYaE6UeOC3/Hu5pYrdPC2zTUyfJs3?= =?us-ascii?Q?ktOqNThAbzsUHF7xmTvc0xL/hYP++cB5Y+jViKftMiw6DoKemDxW9ufNyda5?= =?us-ascii?Q?8cffhMaY9nrHmdhxU3nQSko9utAJ80mHkdoJWQzTRSk9meCLGxmf52HRZdTk?= =?us-ascii?Q?wPpXHSw4Esh2zUCbeqmLS4nVtJa99GrRVUIHO7GsQAEG23O37MN1tYHhLqFG?= =?us-ascii?Q?aqY7BTf6X92roZQLA9ff0zL8QatRqJdUXOV6PKzdmyeJuZoPodVYU9T4Tqj7?= =?us-ascii?Q?bsbVm2RBscNmLoBBje767aXjRrFNbzaoF00tPIDKZoxug3rv9cmO2RYE1XED?= =?us-ascii?Q?Wyxk5+fPZYXKW+/nIuFcbno1/QlOG4f1C8Nu1pr0oWfWRR+VTAz7LH2r/z6u?= =?us-ascii?Q?o4omdn6pjZZDMucQYNhH20/eUAUgZm9zJMhoHNPKmy5ZDmr7E83ogEs2WfD0?= =?us-ascii?Q?yTiaMMOBvZPjWoSrqBNa8PpKImbxHDsWAmgnZXkXK4MirhdMK02t7J2j4isn?= =?us-ascii?Q?QJKDf1U1OBLL3GzCg7ksGUc8Pxa/w0qbI7hQjtaLh7kkVWfP+1a1xrA2zXZp?= =?us-ascii?Q?ujliKZQAKO2oSUZyeqhYNxeT7I6/WMwCaFLbhKOS63CvQljsl9G1UPVHXPUo?= =?us-ascii?Q?OjtrY/wZITdEluJHtCU7PW5ciEjoUmwoChHT7z1wADV0WYzzkkv7kecULH0t?= =?us-ascii?Q?7yrQqCq/IFYrQ11TWnunmGIXfFLpyw4W98QtYUx5QmSeW1YiMOAOM5eAeCw9?= =?us-ascii?Q?eDMgBqsn86KJwlnBagWcr/hOPUXEwEYFB/MWlLWcWNCbcL5tgDnljJl+JGPc?= =?us-ascii?Q?/70sNmqfAuX/vM3MvSJwxghYADVt3yeTDeSv3mvId4FIcV2FosB8CspkSBri?= =?us-ascii?Q?y3djSAZTQeodBJCTDcsBnyQy2q3A72B/0G1vt1FF7LCk7YKHwFjzIjJowfQO?= =?us-ascii?Q?2Ws9ihuLji4nDfF4ZEOzfu29gLk1TOOgX8nOVJPgSfN/7ICD+ygTE2BbQ=3D?= =?us-ascii?Q?=3D?= X-Microsoft-Exchange-Diagnostics: 1;HE1PR08MB0812;6:wDKxkcgK2aZxUbKvJMzkEVsfib5FexVDqFtRNoRlpyxzY1yimRDbxKYn7qfAkIVlCXDdSqrF1SSjSjgZG8ufofnFy5ubN+q0R/YiHhatNZeW8gUQvfZ0BBwHWAuxcwKDfaG5vdbY//YgqON/J9EiYav6mP/FOfdm7jGIR7mUU5z6sJYSf2uFFMfTBVbMYB98uuUiPtEbJr5x0BP7ag4oWNJ30nFVjzd5Auwh/9afu+gDpH0NVJZGL/7RNqarpNlcvNs/Ol5SztbkZeXkW4szNWpwrtT7JDExd0u65ZSm5uV3Xj3z2B4e2oKXNAzyEHJRRvXB3P8OJnsHBAVcRK2XHQ==;5:wGkkRCfvh+YDLcO4qX47dkBI9mJqItewB3mkzZ8hyM6vhaj1Af7hB5OPI5qV3dkHXcvZgz1So5cGSHw8f2S2iKe+pvtfiO6dEpU3ItAtfyZMwp0che18kBPOGGwhZ4S4sGsHXVd68OdnAYfVBCeHew==;24:gGAbTXvdZm6kb2MjC7N+aSZ1H/Cmv9ENFx2Xj5EsGCfrmm8aDV2ZYwbX79rm3TBFga6JHedRbWef+fLah+GemH5qqdqMT3J8TMqCRxXz4HI=;7:/TYkojGm2f0z837H4fGvlVYOASeEdWAycgnz9rWmgQaiAKuo/nyO/5+MORxy6NNjOf0wVC0Tq2Q8ZOkurxvAjhd/QUDbp1rA/6Q4T/x1H2UboAFbjXU6BZM5WWZH9HayDF1jX1CQfDJ/y3YxbTex/ccSvTswtoWbEUUF/VxdS9IeAUmVYyV/wfc+rHS3jLnwFlmaE7/cyiksRDcZAFs2tHpJ59C3JdoB1CU9Obd2tOM= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Aug 2017 08:32:33.8345 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR08MB0812 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by nfs id v7P8Xf1C009947 Content-Length: 1790 Lines: 38 Internal virtual machines can be used to sandbox code such as EFI Runtime Services. However, some implementations of those Runtime Services rely on handlers placed in the Secure World (e.g: SoftIron Overdrive 1000) and need access to SMC calls. This patch modifies the Hypervisor Configuration Register to avoid trapping SMC calls of internal virtual machines. Normal userspace VMs are not affected by this patch. Note: Letting Runtime Services VMs access EL3 without control can potentially be a security threat on its own. An alternative would be to forward SMC calls selectively from inside handle_smc. However, this would require some level of knowledge of the SMC calls arguments and EFI Runtime Services implementations. Signed-off-by: Florent Revest --- arch/arm64/include/asm/kvm_emulate.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/arm64/include/asm/kvm_emulate.h b/arch/arm64/include/asm/kvm_emulate.h index fe39e68..4b46cd0 100644 --- a/arch/arm64/include/asm/kvm_emulate.h +++ b/arch/arm64/include/asm/kvm_emulate.h @@ -49,6 +49,9 @@ static inline void vcpu_reset_hcr(struct kvm_vcpu *vcpu) vcpu->arch.hcr_el2 |= HCR_E2H; if (test_bit(KVM_ARM_VCPU_EL1_32BIT, vcpu->arch.features)) vcpu->arch.hcr_el2 &= ~HCR_RW; + + if (!vcpu->kvm->mm) + vcpu->arch.hcr_el2 &= ~HCR_TSC; } static inline unsigned long vcpu_get_hcr(struct kvm_vcpu *vcpu) -- 1.9.1 IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.