Received: by 10.213.65.68 with SMTP id h4csp382327imn; Tue, 13 Mar 2018 07:23:02 -0700 (PDT) X-Google-Smtp-Source: AG47ELvFK/9C2qs09wTRgHs1loRWRtqSvwGuxJdddiJlpvX4TNy2QvRzvntWzULK4Q9HcufF/R3i X-Received: by 10.99.120.201 with SMTP id t192mr650270pgc.39.1520950982518; Tue, 13 Mar 2018 07:23:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1520950982; cv=none; d=google.com; s=arc-20160816; b=MF7bRrxcWgG2WUlEY54xvPgQxTdzJvWiV+BfoeyeVoGm9bIEEpF4/QndQnCIxBrl8P UHFPajIj7YA32klc98yJJMe4h9XhP2Cd9iIouEhYIs/NJSbEl/bzaA0iUQGuQzlxahtd PWK+2Nr5uUPFV1ohWTC5rxNNq4Z9bdwRqx566SJOihlGfzZKH1fsc74+U8QR0o7dhroB T0ftcOnjdZcC1NmQBpHnZoW14b36Cz+eB2wMzDiodveJ4Whabotkj/HF705SCkYpMRl1 sSFoYyGsuntCjpLgPANRDzXa3LQ+CrvzVjj7XRHNxNusLMba6RsFzTnBJSwNeiTUFunm cTNw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:organization:from:references:cc:to:subject :arc-authentication-results; bh=vY7yc8YaMP/Rzxamj7/78iHMDsbAmG2fjAbkQ5qvmxk=; b=pzFVUjNMliNx348Ub2wC4w6H/D1haFlpwfbn82n3YmIMEM3MMSFpLuUiu7pboBIlyH xgZl0C5BLbKpQvF4vQ5053l8Oy/9oXDeLlQ/Gy6zQPbR851g25AwH48yWPEmMedslRKW guFHvSbucC4eJGIEN3/8svI2tomgANAGLyVQjlvg6gJzLZSeoSHnw/LauZhFesLS4Fwl lNP/5s5x5CTp89nDiIQvlHki7FoC9npEEK2iLtZd8VCzBW7hTtqPK9c63Cqt9IvdMmgI +Dl0HKUNQKBRY6kUZsf2CT+1N0nCzW/tFMF0pDZnL/DgLtQtlcWIfNu8YLyn7KMs5oof oReA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n6si168454pgc.801.2018.03.13.07.22.46; Tue, 13 Mar 2018 07:23:02 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752332AbeCMOVy (ORCPT + 99 others); Tue, 13 Mar 2018 10:21:54 -0400 Received: from foss.arm.com ([217.140.101.70]:39038 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751740AbeCMOVw (ORCPT ); Tue, 13 Mar 2018 10:21:52 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id A92A315AB; Tue, 13 Mar 2018 07:21:52 -0700 (PDT) Received: from [10.1.207.62] (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id B74A63F53D; Tue, 13 Mar 2018 07:21:51 -0700 (PDT) Subject: Re: [3/3] irqchip/gic-v3: Bounds check redistributor accesses To: Lokesh Vutla , Punit Agrawal , linux-kernel@vger.kernel.org Cc: linux-arm-kernel@lists.infradead.org, "Menon, Nishanth" References: <20171011094148.15674-4-punit.agrawal@arm.com> <28f9c1cd-e1df-f4db-32b4-c9ca0f0f256a@ti.com> From: Marc Zyngier Organization: ARM Ltd Message-ID: <8366ba39-a5a1-7734-752e-f3dce18e8007@arm.com> Date: Tue, 13 Mar 2018 14:21:50 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <28f9c1cd-e1df-f4db-32b4-c9ca0f0f256a@ti.com> Content-Type: text/plain; charset=windows-1252 Content-Language: en-GB Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Lokesh, On 13/03/18 13:38, Lokesh Vutla wrote: > Hi All, > > On Wednesday 11 October 2017 03:11 PM, Punit Agrawal wrote: >> The kernel crashes while iterating over a redistributor that is >> in-correctly sized by the platform firmware or doesn't contain the last >> record. >> >> Prevent the crash by checking accesses against the size of the region >> provided by the firmware. While we are at it, warn the user about >> incorrect region size. >> >> Signed-off-by: Punit Agrawal >> Cc: Marc Zyngier > > Sorry to bring up an old thread. Just wanted to check what is the status > on this series. So far, I wasn't inclined to merge it, as it only allowed you to detect a broken system, as opposed to help with a working one. > This will also be useful when we try to boot linux + hypervisor with > less number of cores than the SoC supports. For example: > - SoC has 4 cores and Linux tries to boot with 2 cores. > - then a type-2 hypervisor gets installed. > - Hypervisor tries to boot a VM with linux on core 1. > > Now the VM boot will fail while it iterates over all the GICR regions > till GICR_TYPER is found. Hypervisor will trap any accesses to GICR > regions of any invalid cpus(cpu 2, cpu 3 in this case). It you're passing the redistributors to a guest, you're doing something terribly wrong. You're putting the guest in a position to do a DoS on the hypervisor (disabling its timer interrupt, for example). Not the greatest move. There is a number of other gotchas with this approach (virtual interrupts, distributor virtualization...). > If the $patch is not the right approach, can you suggest on how to > handle the above scenario? The proper way to handle this is to virtualize the distributor and redistributor by trap/emulate. The only thing you can safely pass to a guest is the CPU interface, either as system registers or in its MMIO form (if you have the GICv2 compatibility interface). Thanks, M. -- Jazz is not dead. It just smells funny...