Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp2335911pxk; Mon, 14 Sep 2020 10:31:41 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyRa54K+R+Y1uCBideGOaVwuRQgobW4EYuIko7O6QWU94cnBfcqiWKf8lAtcCP4PGW8ce/v X-Received: by 2002:a50:fd83:: with SMTP id o3mr18018853edt.176.1600104701532; Mon, 14 Sep 2020 10:31:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1600104701; cv=none; d=google.com; s=arc-20160816; b=SiUAIKgoBrYXqAMCEzsyh6xaYwFWN4CthmBtrEFHSvm9IdpU2r05GurPCuQfY6JcfP qq/F88JT0LPAh4FjzGjd4k/nuNUDx2LOPRJSCbacU/2D6B7eU1af5FPceBWeZ0o6uJmc VCZAhw5xC0IUcpgDqDVmlbGhK7gk+0RH6ujV3EDWXfgAaYdDaT5ZAL1E+4uS3w06ymi0 KwAQ7YyBzKt2TZOEeQSq35y6mU1p0Xzf1tRYw59MqzT78vUAogUnsF9d4ZyoauNVe1Lo Q9fPsBP9BxE4Rj6hQYrgVpp8MIKss85wkZxjflh+eCODrTLJY1aQ01ayRwJXW2zHOZYx T4+g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=iB4T9kLFB3iIR2Z+tST4GCiUmTN46viq6Nw4qtcThCM=; b=aj8jP7+VXxPmNGpIG3Dpqpx6q+ukhd7hwOyHIOnl2DVfplNjJtulwGhP7wad3qGAfI 5zmKJcnQb3hbF7BimanZrHTKLquu7IqUGb1AZki7VZEgmNyCecQ5XlkiOHEikHYln7Na e50vNykV+5Zc5Dpywac4it7u8yZadGewQjij/SFLs9k+8oyxiMuY3wswHC9mKHv8AOZs U+RBHfDqQ4n+K5Pdh7QMzGOQ3bMV0axyJIiP2b3mLb6iaaSkNY+CkaaI0UtkUmcFNDZx NN+A2gGju97ANDthpz2y2l+Vf958oz+RI0GksdaaHC38LBHoEAzdOmKHSvmZ/Z/RcZTD LffA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=tHkFPa0p; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id r6si7703636edm.211.2020.09.14.10.31.18; Mon, 14 Sep 2020 10:31:41 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=tHkFPa0p; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726301AbgINRac (ORCPT + 99 others); Mon, 14 Sep 2020 13:30:32 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37510 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726011AbgINR2k (ORCPT ); Mon, 14 Sep 2020 13:28:40 -0400 Received: from mail-wr1-x442.google.com (mail-wr1-x442.google.com [IPv6:2a00:1450:4864:20::442]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 67881C061223 for ; Mon, 14 Sep 2020 10:28:26 -0700 (PDT) Received: by mail-wr1-x442.google.com with SMTP id j2so499550wrx.7 for ; Mon, 14 Sep 2020 10:28:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=iB4T9kLFB3iIR2Z+tST4GCiUmTN46viq6Nw4qtcThCM=; b=tHkFPa0pnHNp4OB1KzhooQ3KuORDrIJ7EGWt10+yQOe8MMQgNYmjvEghP0/sEQoSOw NrHpSaLPFtOEbdIH9+QT2zFtdAdtVSJMZUXbmMtmY3dpj/pbWw+n7CeJaMiwconli2u0 Aq9SPNQjoF5YaSNdG2pKHO6K6yXVQYc/hqdvdq04SyAuqS5OMA9RdpqN6bK/vjgH1P2E nEuQNt3dBI+O7bKCdwYE9d4NGSUX4o8hKfj56xPAkb3QSVu8+VbwpCHLiLB43E6Mmk0x T2fPnr0nxh+nP7t5TwBiUIkBB9Mp91pQ3RSH/8TvQJaByVAfUODo3KhhmSbUoNInEg47 59PA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=iB4T9kLFB3iIR2Z+tST4GCiUmTN46viq6Nw4qtcThCM=; b=WTWCkTY3QuE6nvxoOGsaebJC5rznlvbSKNeVNnH9Vc1NW8FiKVYjz5r84Kqc5BPnCt CgTc9DS0//vGouXRvH2k58xcXWquxEV6Fm2XG3NmscK7rKqpmcLitgsjfyXLgH2dIgKZ Cil/az/g5h8gslUIO8HifhuHtIPPWHxRSh8/wfRPa3kW0aHHOP3e9hcjw5XzyNoFBG+c OAewhmabW7qTHSZzwrW2pJMJlXc5hBXf2yOdav2pDb7PGXwvueJs/T7fEcnpJiNBwCiI C2wBT1gIopqBhuXLECyN2WhN0KLipmrdfu+07T9BRkGKi46kok/tQ2Di4p4Lx7tDf7aS 6zWg== X-Gm-Message-State: AOAM5310BZmYfozR1ZQLzrXFgU3K4T51crHZ9Z4+XIiouKiSP5L3m5z9 amRnMZKu2B12fCDgx7KOFLrSOA== X-Received: by 2002:adf:cf0b:: with SMTP id o11mr16218454wrj.94.1600104504963; Mon, 14 Sep 2020 10:28:24 -0700 (PDT) Received: from localhost (49.222.77.34.bc.googleusercontent.com. [34.77.222.49]) by smtp.gmail.com with ESMTPSA id l126sm20422503wmf.39.2020.09.14.10.28.24 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 14 Sep 2020 10:28:24 -0700 (PDT) From: George-Aurelian Popescu To: maz@kernel.org, catalin.marinas@arm.com, will@kernel.org, masahiroy@kernel.org, michal.lkml@markovi.net Cc: linux-arm-kernel@lists.infradead.org, kvmarm@lists.cs.columbia.edu, linux-kernel@vger.kernel.org, linux-kbuild@vger.kernel.org, clang-built-linux@googlegroups.com, james.morse@arm.com, julien.thierry.kdev@gmail.com, suzuki.poulose@arm.com, natechancellor@gmail.com, ndesaulniers@google.com, dbrazdil@google.com, broonie@kernel.org, maskray@google.com, ascull@google.com, keescook@chromium.org, akpm@linux-foundation.org, dvyukov@google.com, elver@google.com, tglx@linutronix.de, arnd@arndb.de, George Popescu Subject: [PATCH 12/14] KVM: arm64: Detect arithmetic overflow is inside hyp/nVHE. Date: Mon, 14 Sep 2020 17:27:48 +0000 Message-Id: <20200914172750.852684-13-georgepope@google.com> X-Mailer: git-send-email 2.28.0.618.gf4bc123cb7-goog In-Reply-To: <20200914172750.852684-1-georgepope@google.com> References: <20200914172750.852684-1-georgepope@google.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: George Popescu Whenever an arithmetic overflow: addition, subtraction, multiplication, division or negating happens inside the hyp/nVHE code, an __ubsan_handle_*_overflow is called. All the overflow handlers are sharing the same structure called overflow_data and they use the write_overflow_data(*) function to store the data to the buffer. When decapsulating the data inside the kernel, the right handler is called by checking the "op" field, which stores the arithmetic opperator. Signed-off-by: George Popescu --- arch/arm64/include/asm/kvm_ubsan.h | 10 ++++++-- arch/arm64/kvm/hyp/nvhe/ubsan.c | 40 ++++++++++++++++++++++++++---- arch/arm64/kvm/kvm_ubsan_buffer.c | 18 ++++++++++++++ 3 files changed, 61 insertions(+), 7 deletions(-) diff --git a/arch/arm64/include/asm/kvm_ubsan.h b/arch/arm64/include/asm/kvm_ubsan.h index a9f499f4ef6d..4abdbff38f79 100644 --- a/arch/arm64/include/asm/kvm_ubsan.h +++ b/arch/arm64/include/asm/kvm_ubsan.h @@ -24,7 +24,8 @@ struct kvm_ubsan_info { UBSAN_UNREACHABLE_DATA, UBSAN_SHIFT_OUT_OF_BOUNDS, UBSAN_INVALID_DATA, - UBSAN_TYPE_MISMATCH + UBSAN_TYPE_MISMATCH, + UBSAN_OVERFLOW_DATA } type; union { struct out_of_bounds_data out_of_bounds_data; @@ -32,6 +33,7 @@ struct kvm_ubsan_info { struct shift_out_of_bounds_data shift_out_of_bounds_data; struct invalid_value_data invalid_value_data; struct type_mismatch_data type_mismatch_data; + struct overflow_data overflow_data; }; union { struct ubsan_values u_val; @@ -44,4 +46,8 @@ void __ubsan_handle_builtin_unreachable(void *_data); void __ubsan_handle_shift_out_of_bounds(void *_data, void *lhs, void *rhs); void __ubsan_handle_load_invalid_value(void *_data, void *val); void __ubsan_handle_type_mismatch(struct type_mismatch_data *_data, void *ptr); - +void __ubsan_handle_add_overflow(void *data, void *lhs, void *rhs); +void __ubsan_handle_sub_overflow(void *data, void *lhs, void *rhs); +void __ubsan_handle_mul_overflow(void *data, void *lhs, void *rhs); +void __ubsan_handle_negate_overflow(void *_data, void *old_val); +void __ubsan_handle_divrem_overflow(void *_data, void *lhs, void *rhs); diff --git a/arch/arm64/kvm/hyp/nvhe/ubsan.c b/arch/arm64/kvm/hyp/nvhe/ubsan.c index c99d919105aa..dd2dae60864f 100644 --- a/arch/arm64/kvm/hyp/nvhe/ubsan.c +++ b/arch/arm64/kvm/hyp/nvhe/ubsan.c @@ -47,15 +47,45 @@ static void write_type_mismatch_data(struct type_mismatch_data_common *data, voi } } -void __ubsan_handle_add_overflow(void *_data, void *lhs, void *rhs) {} +static void write_overflow_data(struct overflow_data *data, void *lval, void *rval, char op) +{ + struct kvm_ubsan_info *slot = kvm_ubsan_buffer_next_slot(); + + if (slot) { + slot->type = UBSAN_OVERFLOW_DATA; + slot->overflow_data = *data; + slot->u_val.op = op; + slot->u_val.lval = lval; + if (op != '!') + slot->u_val.rval = rval; + } +} + +void __ubsan_handle_add_overflow(void *_data, void *lhs, void *rhs) +{ + write_overflow_data(_data, lhs, rhs, '+'); +} -void __ubsan_handle_sub_overflow(void *_data, void *lhs, void *rhs) {} +void __ubsan_handle_sub_overflow(void *_data, void *lhs, void *rhs) +{ + write_overflow_data(_data, lhs, rhs, '-'); +} -void __ubsan_handle_mul_overflow(void *_data, void *lhs, void *rhs) {} +void __ubsan_handle_mul_overflow(void *_data, void *lhs, void *rhs) +{ + write_overflow_data(_data, lhs, rhs, '*'); +} -void __ubsan_handle_negate_overflow(void *_data, void *old_val) {} +void __ubsan_handle_negate_overflow(void *_data, void *old_val) +{ + write_overflow_data(_data, old_val, NULL, '!'); +} + +void __ubsan_handle_divrem_overflow(void *_data, void *lhs, void *rhs) +{ + write_overflow_data(_data, lhs, rhs, '/'); +} -void __ubsan_handle_divrem_overflow(void *_data, void *lhs, void *rhs) {} void __ubsan_handle_type_mismatch(struct type_mismatch_data *data, void *ptr) { diff --git a/arch/arm64/kvm/kvm_ubsan_buffer.c b/arch/arm64/kvm/kvm_ubsan_buffer.c index 21c242c92f0a..bd847ac1321e 100644 --- a/arch/arm64/kvm/kvm_ubsan_buffer.c +++ b/arch/arm64/kvm/kvm_ubsan_buffer.c @@ -40,6 +40,24 @@ void __kvm_check_ubsan_data(struct kvm_ubsan_info *slot) __ubsan_handle_type_mismatch(&slot->type_mismatch_data, slot->u_val.lval); break; + case UBSAN_OVERFLOW_DATA: + if (slot->u_val.op == '/') { + __ubsan_handle_divrem_overflow(&slot->overflow_data, + slot->u_val.lval, slot->u_val.rval); + } else if (slot->u_val.op == '!') { + __ubsan_handle_negate_overflow(&slot->overflow_data, + slot->u_val.lval); + } else if (slot->u_val.op == '+') { + __ubsan_handle_add_overflow(&slot->overflow_data, + slot->u_val.lval, slot->u_val.rval); + } else if (slot->u_val.op == '-') { + __ubsan_handle_sub_overflow(&slot->overflow_data, + slot->u_val.lval, slot->u_val.rval); + } else if (slot->u_val.op == '*') { + __ubsan_handle_mul_overflow(&slot->overflow_data, + slot->u_val.lval, slot->u_val.rval); + } + break; } } -- 2.28.0.618.gf4bc123cb7-goog