Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1754801AbdLGPoL (ORCPT <rfc822;w@1wt.eu>);
        Thu, 7 Dec 2017 10:44:11 -0500
Received: from smtp.codeaurora.org ([198.145.29.96]:54372 "EHLO
        smtp.codeaurora.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1754654AbdLGPoI (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 7 Dec 2017 10:44:08 -0500
DMARC-Filter: OpenDMARC Filter v1.3.2 smtp.codeaurora.org 424D860218
Authentication-Results: pdx-caf-mail.web.codeaurora.org; dmarc=none (p=none dis=none) header.from=codeaurora.org
Authentication-Results: pdx-caf-mail.web.codeaurora.org; spf=none smtp.mailfrom=nleeder@codeaurora.org
Cc: nleeder@codeaurora.org, Mark Rutland <mark.rutland@arm.com>,
        linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org,
        Mark Langsdorf <mlangsdo@redhat.com>, Mark Salter <msalter@redhat.com>,
        Jon Masters <jcm@redhat.com>, Timur Tabi <timur@codeaurora.org>,
        Mark Brown <broonie@kernel.org>
Subject: Re: [PATCH] perf: qcom_l2_pmu: don't allow guest access
To: Will Deacon <will.deacon@arm.com>
References: <1512575733-923-1-git-send-email-nleeder@codeaurora.org>
 <20171206161149.ezlzzcuvxbot5tio@lakrids.cambridge.arm.com>
 <bc650fac-702c-e554-43ca-9cd3cfed9696@codeaurora.org>
 <20171207133812.GG31900@arm.com>
From: "Leeder, Neil" <nleeder@codeaurora.org>
Message-ID: <d42a3430-a365-4fd3-bfd4-efa567f777a8@codeaurora.org>
Date: Thu, 7 Dec 2017 10:44:04 -0500
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101
 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <20171207133812.GG31900@arm.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1876
Lines: 43

On 12/7/2017 8:38 AM, Will Deacon wrote:
> On Wed, Dec 06, 2017 at 04:19:24PM -0500, Leeder, Neil wrote:
>> On 12/6/2017 11:11 AM, Mark Rutland wrote:
>>> On Wed, Dec 06, 2017 at 10:55:33AM -0500, Neil Leeder wrote:
>>>> Guests cannot access IMPDEF system registers, which are used
>>>> by this driver. Disable the driver if it's running in a guest VM.
>>>>
>>>> Signed-off-by: Neil Leeder <nleeder@codeaurora.org>
>>>> ---
>>>>  drivers/perf/qcom_l2_pmu.c | 4 ++++
>>>>  1 file changed, 4 insertions(+)
>>>
>>> I'm a little confused by this. Why is this hypervisor providing a
>>> QCOM8130 device to the guest that it cannot use?
>>>
>>> Could you elaborate on what's going on?
>>>
>>
>> While there's an argument that the guest shouldn't be loading the driver
>> in the first place, we can't control everyone's guest configuration or what
>> their hypervisor does.
> 
> Ok, but why is the hypervisor advertising a device that effectively doesn't
> exist? Most drivers trust the firmware tables they are given, so this makes
> it sound like we should start annotating all drivers for devices that we
> don't expect to see in a guest with is_hyp_mode_available() checks.
> 
> That doesn't feel quite right to me.

Hi Will,

I suspect that most mis-configured drivers don't fail until they're used, or are
otherwise Mostly Harmless. The problem here is that this driver uses IMPDEF system
registers in its init, and I'd guess only a minority of drivers do that. So it
crashed the kernel with an illegal instruction on boot. I'm trying to be a good
citizen here and not allow my driver to stop a kernel from booting because someone
misconfigured something out of my control.

Neil
-- 
Qualcomm Datacenter Technologies, Inc. as an affiliate of Qualcomm Technologies Inc.
Qualcomm Technologies, Inc. is a member of the Code Aurora Forum,
a Linux Foundation Collaborative Project.