Received: by 10.213.65.68 with SMTP id h4csp525698imn; Tue, 13 Mar 2018 11:51:24 -0700 (PDT) X-Google-Smtp-Source: AG47ELvY20wF0NSIkiqzFM6JhLRcP4P373UIWS1TTSF6VDK/HEThgw5NgwY/15PcW1L1vJAHhF+2 X-Received: by 2002:a17:902:9a4a:: with SMTP id x10-v6mr1525404plv.256.1520967084152; Tue, 13 Mar 2018 11:51:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1520967084; cv=none; d=google.com; s=arc-20160816; b=1HiOfOeb55eu1qHsVukTty3lpb/VN1mNOiq8/bDc6cfhbdwfCIKEN9Y3q1Dden8AdI mHzFB1XxU89ms81DbO/dToxTfhrZvAAJpw9E1/SanSuKGe1qwOOYpsx/re9O7+ufjEG6 riGBipvGEW28/eyYIdUp2JjRhnnObu2dUiATyfzO1ryl76i1ASNAzhtcm8dzsEoey8hG lT/3g+dj/RA8EvaCzqCFminGdWBnoHRtP7qw3TEKxrQRWm3ycbFpG8ASdLXAHEICkS5v vDiqdSME88IBOQdtBMTi0QDm/JszIwkTYGxzKtXkmbrXb+fFxI0wcuQT32uughjVs/kr 9VLQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=YzJjyNqQEFOQZFASgqEfrv6VNVsJUQCdoyNooh7gaCQ=; b=Lc4ZZSRUUkbnYhl3f39ZCALd8IHC9QdhuFfzF9MnsoiiQOen0tZJ5KQunU1lAM6elS OE5LMUaJtYhr9Ziu0Gkd6viEVB+cmBY0aYWzblOa/FaZLx+gwbWhPf8v0X2CTFFR1NJa +PxiPgRQTBajpcHBmsngbX8hlIgk23MGZkfbil//R+0CmA/TI6tpe3wkaFPGgYxYE1I6 ien97i7W7/4aKWVC+rKlT8kZ4wRcMjOH6i1HbGFfe3wc5jO96N2/iKjix7RcwgDp5hDO CAbp0e5B6yXPAkoeFp0Uq3fwQfo1PPkbzS9LgBJx5MKHsprc8idoo31MHtPs4M1gS4CW lQhg== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=fzA4JcCn; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=NONE dis=NONE) header.from=ti.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o4si493743pgp.285.2018.03.13.11.51.09; Tue, 13 Mar 2018 11:51:24 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=fzA4JcCn; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=NONE dis=NONE) header.from=ti.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752196AbeCMStr (ORCPT + 99 others); Tue, 13 Mar 2018 14:49:47 -0400 Received: from mail-wr0-f171.google.com ([209.85.128.171]:46289 "EHLO mail-wr0-f171.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751824AbeCMStq (ORCPT ); Tue, 13 Mar 2018 14:49:46 -0400 Received: by mail-wr0-f171.google.com with SMTP id m12so1749442wrm.13 for ; Tue, 13 Mar 2018 11:49:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=YzJjyNqQEFOQZFASgqEfrv6VNVsJUQCdoyNooh7gaCQ=; b=fzA4JcCn8vk27CCYEikFnsD6TaEx/2eI8AUhrroEMSeB9ql45xyDncdrEIpTQ0x93M KmXloEB2Wlz57JT5kp/G1Nivda3A3KEf3dhrMBHmoHMlbVmCXbqYpeyiDZxDj3RMJWyh hwPzdEqbkHKlXIySt4CBrH0C9sVhjbjkesObHr952lY7xaguffDxwQf8DopFrL+sB99z 713ahKd199V9xSlP3QWJKs+TdKPyweHnWA7Ldk1zw0knrj6VBIXQbGLu+yL9X8LlYyBM s+ZP/kOI7NeXS/GMH1jbo4UzWAsQXYJZJTAx0KeP6Atdgo3jOtSj7QDTutJK9tK6BzAH +kBA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=YzJjyNqQEFOQZFASgqEfrv6VNVsJUQCdoyNooh7gaCQ=; b=kUPDebDxyX6F92XiZQBs+Z0hqxHwLD8sztcsdZY7ut3vvspxEQ21kKNzipdzsEbuk/ 5fQuJAPhYqXA7xBJHnsTcAO2+uNz8XRmtnsaJu60SaFAsiVfHS5XTAp3z1GoNdOdR5qg FuBhPCGjKbccg+f2aKAuSHZwmDgdYsT7F4Ut+eg03XrVUpadMsWt2Im/CMu+K0cliGtq Me7H0O6N9nTFyuvRDT47i9FZMVNz7uSjZjEOO5ul9JZi08B05k7O9iHI1pQ2cNEoLGDx o2xJ6bNbtT1OL5t6TEJSra0W5FDP0fR/8SJvz4eG86hGTKlO7nKqUvekGc1CxYtG47kY qvbQ== X-Gm-Message-State: AElRT7H3leidwH1BVxClBOTm2ZTD0rENjmbyYptDUNTtOykqZOXdUxIe tkm6b/JkB0a8CBoT4A/hZz+Ft0DMd4w4xqnffw== X-Received: by 10.28.65.84 with SMTP id o81mr1672277wma.19.1520966984863; Tue, 13 Mar 2018 11:49:44 -0700 (PDT) MIME-Version: 1.0 Received: by 10.223.156.18 with HTTP; Tue, 13 Mar 2018 11:49:44 -0700 (PDT) In-Reply-To: <8366ba39-a5a1-7734-752e-f3dce18e8007@arm.com> References: <20171011094148.15674-4-punit.agrawal@arm.com> <28f9c1cd-e1df-f4db-32b4-c9ca0f0f256a@ti.com> <8366ba39-a5a1-7734-752e-f3dce18e8007@arm.com> From: Nishanth Menon Date: Tue, 13 Mar 2018 13:49:44 -0500 X-Google-Sender-Auth: oyQw2PDpVG6f45cQzMQT_mVBs6k Message-ID: Subject: Re: [3/3] irqchip/gic-v3: Bounds check redistributor accesses To: Marc Zyngier Cc: Lokesh Vutla , Punit Agrawal , lkml , linux-arm-kernel@lists.infradead.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Marc, On Tue, Mar 13, 2018 at 9:21 AM, Marc Zyngier wrote: > Hi Lokesh, > > On 13/03/18 13:38, Lokesh Vutla wrote: >> Hi All, >> >> On Wednesday 11 October 2017 03:11 PM, Punit Agrawal wrote: >>> The kernel crashes while iterating over a redistributor that is >>> in-correctly sized by the platform firmware or doesn't contain the last >>> record. >>> >>> Prevent the crash by checking accesses against the size of the region >>> provided by the firmware. While we are at it, warn the user about >>> incorrect region size. >>> >>> Signed-off-by: Punit Agrawal >>> Cc: Marc Zyngier >> >> Sorry to bring up an old thread. Just wanted to check what is the status >> on this series. > > So far, I wasn't inclined to merge it, as it only allowed you to detect > a broken system, as opposed to help with a working one. Is'nt that a good reason to have it? Why not help an error in dtb with a debug helper than an obtuse crash to debug painfully? > >> This will also be useful when we try to boot linux + hypervisor with >> less number of cores than the SoC supports. For example: >> - SoC has 4 cores and Linux tries to boot with 2 cores. >> - then a type-2 hypervisor gets installed. >> - Hypervisor tries to boot a VM with linux on core 1. >> >> Now the VM boot will fail while it iterates over all the GICR regions >> till GICR_TYPER is found. Hypervisor will trap any accesses to GICR >> regions of any invalid cpus(cpu 2, cpu 3 in this case). > > It you're passing the redistributors to a guest, you're doing something > terribly wrong. You're putting the guest in a position to do a DoS on > the hypervisor (disabling its timer interrupt, for example). Not the > greatest move. There is a number of other gotchas with this approach > (virtual interrupts, distributor virtualization...). > >> If the $patch is not the right approach, can you suggest on how to >> handle the above scenario? > > The proper way to handle this is to virtualize the distributor and > redistributor by trap/emulate. The only thing you can safely pass to a > guest is the CPU interface, either as system registers or in its MMIO > form (if you have the GICv2 compatibility interface). > Dumb question: Would'nt a trap emulate be real expensive with hyp context in v8 (all the context save/restore we'd have to do? (in the context of discussion, GICV2 compat is disabled). -- --- Regards, Nishanth Menon