Received: by 2002:a05:6a10:16a7:0:0:0:0 with SMTP id gp39csp3071251pxb; Mon, 16 Nov 2020 05:12:14 -0800 (PST) X-Google-Smtp-Source: ABdhPJy0t+Nj9uyU7UUF8JG8sRLIprCgQFgoWeUHT9LAu/bOi2OlD3iZ3NVyFYRCUf+ImUFBcPRL X-Received: by 2002:a17:906:a891:: with SMTP id ha17mr14406545ejb.116.1605532334036; Mon, 16 Nov 2020 05:12:14 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1605532334; cv=none; d=google.com; s=arc-20160816; b=qXloPVZG8fP+P+ewPlCsHUA1rLMiaStScJJ2xQQXa5Y8LBruoany1VZ7jK0uTa4+EO bQ1e9LuT2P+KgWly+MVtSG57uvSbKtl6nPEPj7pNtGE+e7EUloR0IAjMmbQTvmogH6eY pHPhrhTAEFIXD3iTLblKCxXRkMJxClVXbB1bjk3jXTfO1ugtcXjE25VQzmAiuDktHNP5 p4d8Emzg9WZTJeZvE2nL1dChX8I8+DVI9B+vqC4xgImjTdkm7s4CrpsymHTZWLmPr9NP RRcW29SM21a6BmNulZa2xFZ8/bvhBAHM5CSbMntAC9+WOf2orimbVU84Pwb7EKwXZ03B KqqQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject; bh=erRDKvVgqK6M6jQ0o614QdzbHYnwtVV8EQL2a1/1ab0=; b=DJuln80VrRxBYg6seqT7sOnZNVsokHOAF6+U2nPFsleBvvEjbgIk/3zZQZdY7WqljX VDgz3u+qOauPIzOFmnvTM0WO1csV7sAJ8AtmLuqZzvggUPCdxIVF+kEx49jYkylBcaK8 GDQzdhezFaS4aaBJ9uEcY+dQHbDkRvu6HR3v0Q1paRWY3nIktqF04byNVhlHtVp50yRn r1HcZGEjE76N+DqEOB6LxpvXR5MDBjIW6x10reEGpPjk3J8GUOC62OaxAR3PLMv9OAzE OJw8GPMblMjA28Kh+PNcB1OjLAWTE0kA7vG5L1cPWaTzltvp1QjbKU3ntqjq4BTImw/F SQvg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id u11si12566791edp.431.2020.11.16.05.11.49; Mon, 16 Nov 2020 05:12:14 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728366AbgKPNKG (ORCPT + 99 others); Mon, 16 Nov 2020 08:10:06 -0500 Received: from szxga06-in.huawei.com ([45.249.212.32]:7938 "EHLO szxga06-in.huawei.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727248AbgKPNKG (ORCPT ); Mon, 16 Nov 2020 08:10:06 -0500 Received: from DGGEMS413-HUB.china.huawei.com (unknown [172.30.72.60]) by szxga06-in.huawei.com (SkyGuard) with ESMTP id 4CZTv61v1dzhbp6; Mon, 16 Nov 2020 21:09:54 +0800 (CST) Received: from [10.174.185.179] (10.174.185.179) by DGGEMS413-HUB.china.huawei.com (10.3.19.213) with Microsoft SMTP Server id 14.3.487.0; Mon, 16 Nov 2020 21:09:53 +0800 Subject: Re: [PATCH 1/2] KVM: arm64: vgic: Forbid invalid userspace Redistributor accesses To: Marc Zyngier CC: , , , , , , , , Keqian Zhu References: <20201113142801.1659-1-yuzenghui@huawei.com> <20201113142801.1659-2-yuzenghui@huawei.com> <724c43702b52aac0d3c9beb9604d1bfb@kernel.org> From: Zenghui Yu Message-ID: <584b7ff1-ecf2-b0ec-cea3-ccc29902f43a@huawei.com> Date: Mon, 16 Nov 2020 21:09:52 +0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.9.0 MIME-Version: 1.0 In-Reply-To: <724c43702b52aac0d3c9beb9604d1bfb@kernel.org> Content-Type: text/plain; charset="utf-8"; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-Originating-IP: [10.174.185.179] X-CFilter-Loop: Reflected Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Marc, On 2020/11/16 1:04, Marc Zyngier wrote: > Hi Zenghui, > > On 2020-11-13 14:28, Zenghui Yu wrote: >> It's expected that users will access registers in the redistributor *if* >> the RD has been initialized properly. Unfortunately userspace can be >> bogus >> enough to access registers before setting the RD base address, and KVM >> implicitly allows it (we handle the access anyway, regardless of whether >> the base address is set). >> >> Bad thing happens when we're handling the user read of GICR_TYPER. We end >> up with an oops when deferencing the unset rdreg... >> >>     gpa_t last_rdist_typer = rdreg->base + GICR_TYPER + >>             (rdreg->free_index - 1) * KVM_VGIC_V3_REDIST_SIZE; >> >> Fix this issue by informing userspace what had gone wrong (-ENXIO). > > I'm worried about the "implicit" aspect of the access that this patch > now forbids. > > The problem is that the existing documentation doesn't cover this case, > and -ENXIO's "Getting or setting this register is not yet supported" > is way too vague. Indeed. How about changing to -ENXIO Getting or setting this register is not yet supported or VGIC not properly configured (e.g., [Re]Distributor base address is unknown) > There is a precedent with the ITS, but that's > undocumented > as well. Also, how about v2? If that's the wasy we are going to fix this, > we also nned to beef up the documentation. Sure, I plan to do so and hope it won't break the existing userspace. > Of course, the other horrible way to address the issue is to return a value > that doesn't have the Last bit set, since we can't synthetise it. It > doesn't > change the userspace API, and I can even find some (admittedly  twisted) > logic to it (since there is no base address, there is no last RD...). I'm fine with it. But I'm afraid that there might be other issues due to the "unexpected" accesses since I haven't tested with all registers from userspace. My take is that only if the "[Re]Distributor base address" is specified in the system memory map, will the user-provided kvm_device_attr.offset make sense. And we can then handle the access to the register which is defined by "base address + offset". Thanks, Zenghui