Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp3343940pxu; Tue, 8 Dec 2020 09:32:59 -0800 (PST) X-Google-Smtp-Source: ABdhPJy2CC6tTvaxRrr4TBdLc/Co7O9nTol1EjXJXoH4FZqMhIMdrcAYwtZX6B8EkjrMDKEoX3S3 X-Received: by 2002:a17:906:60c8:: with SMTP id f8mr23715432ejk.14.1607448779278; Tue, 08 Dec 2020 09:32:59 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1607448779; cv=none; d=google.com; s=arc-20160816; b=kK7LVMxyFcvEapKewAUjuR5lujZr1GXgk+2MSTIukYtYe8/piuEes5yaNG2iAYtNmu JBK323Sx4sRXboIDvOTTcFac7o7C/D6m7KcebuOueKPvs9LoFv2SJ9tOjxtzwOjcAlzY SMgGmn/+DwPiJlhf/Tf39JyaKfXKAan3vMW4/lzx3JUr6otz0TzjGL2aWCeh7qVFpzKE fnnGsgwMJMfuGh6lVUgO2yqIsktcEVVboT9h7yrU9FFNG+LjMglwrnpB80xrG/AYwzW5 1oYqlDgkVhvVR/vI3ZTC9532jej1zQZZ0usV/c2eA0RjzNV02H0wEUxqV6XWXZ/flYI6 dPHw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date; bh=9FvMTxt+5DLSInrTAy1XutfVffeWm40Y7HENsdN26jw=; b=gMIDfaMY4W2o4HkPz59qLW1xBwSTF570vPZbzkj8CjIYTSl4+4sNxleedFcwCH8GoL E15msTdIKFMoE9nNpNvRZJIcS5WmOBB6QWUKk/t5IMf4m1Hgw0Ne+pVhix8nK4q1+lLH /conQ3wV3yF3ljQoO9u67RYgQIie186lS9be1t1Gm6GUpA1Cd2uz0NMz4jnb19CaTnlp usOdbXDOE5c+3kfZ4QzZVL5ZXVVe/8tDRknjIBKb9NYpCtJpeSDsV0nMAjLzEFPxSq0D Aaqqnul/APmq+0YFTHEvyCkfgSVDSz+VepPg5GREMtF+OsT+WyG/ZNMYu/I66wVi6hcJ i7cw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id l15si8595878ejk.413.2020.12.08.09.32.35; Tue, 08 Dec 2020 09:32:59 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730474AbgLHR1S (ORCPT + 99 others); Tue, 8 Dec 2020 12:27:18 -0500 Received: from foss.arm.com ([217.140.110.172]:52226 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729086AbgLHR1R (ORCPT ); Tue, 8 Dec 2020 12:27:17 -0500 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 982841FB; Tue, 8 Dec 2020 09:26:31 -0800 (PST) Received: from C02TD0UTHF1T.local (unknown [10.57.29.31]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id DCD4F3F68F; Tue, 8 Dec 2020 09:26:29 -0800 (PST) Date: Tue, 8 Dec 2020 17:26:28 +0000 From: Mark Rutland To: Marc Zyngier Cc: David Brazdil , kvmarm@lists.cs.columbia.edu, James Morse , Julien Thierry , Suzuki K Poulose , Catalin Marinas , Will Deacon , linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, kernel-team@android.com Subject: Re: [PATCH 1/6] kvm: arm64: Prevent use of invalid PSCI v0.1 function IDs Message-ID: <20201208172628.GB18222@C02TD0UTHF1T.local> References: <20201208142452.87237-1-dbrazdil@google.com> <20201208142452.87237-2-dbrazdil@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Dec 08, 2020 at 03:56:39PM +0000, Marc Zyngier wrote: > On 2020-12-08 14:24, David Brazdil wrote: > > PSCI driver exposes a struct containing the PSCI v0.1 function IDs > > configured in the DT. However, the struct does not convey the > > information whether these were set from DT or contain the default value > > zero. This could be a problem for PSCI proxy in KVM protected mode. > > > > Extend config passed to KVM with a bit mask with individual bits set > > depending on whether the corresponding function pointer in psci_ops is > > set, eg. set bit for PSCI_CPU_SUSPEND if psci_ops.cpu_suspend != NULL. > > > > Previously config was split into multiple global variables. Put > > everything into a single struct for convenience. > > > > Reported-by: Mark Rutland > > Signed-off-by: David Brazdil > > --- > > arch/arm64/include/asm/kvm_host.h | 20 +++++++++++ > > arch/arm64/kvm/arm.c | 14 +++++--- > > arch/arm64/kvm/hyp/nvhe/psci-relay.c | 53 +++++++++++++++++++++------- > > 3 files changed, 70 insertions(+), 17 deletions(-) > > > > diff --git a/arch/arm64/include/asm/kvm_host.h > > b/arch/arm64/include/asm/kvm_host.h > > index 11beda85ee7e..828d50d40dc2 100644 > > --- a/arch/arm64/include/asm/kvm_host.h > > +++ b/arch/arm64/include/asm/kvm_host.h > > @@ -17,6 +17,7 @@ > > #include > > #include > > #include > > +#include > > #include > > #include > > #include > > @@ -240,6 +241,25 @@ struct kvm_host_data { > > struct kvm_pmu_events pmu_events; > > }; > > > > +#define KVM_HOST_PSCI_0_1_CPU_SUSPEND BIT(0) > > +#define KVM_HOST_PSCI_0_1_CPU_ON BIT(1) > > +#define KVM_HOST_PSCI_0_1_CPU_OFF BIT(2) > > +#define KVM_HOST_PSCI_0_1_MIGRATE BIT(3) > > + > > +struct kvm_host_psci_config { > > + /* PSCI version used by host. */ > > + u32 version; > > + > > + /* Function IDs used by host if version is v0.1. */ > > + struct psci_0_1_function_ids function_ids_0_1; > > + > > + /* Bitmask of functions enabled for v0.1, bits KVM_HOST_PSCI_0_1_*. */ > > + unsigned int enabled_functions_0_1; > > Nit: the conventional type for bitmaps is 'unsigned long'. > Also, "enabled" seems odd. Isn't it actually "available"? Sure, that or "implemented" works here. Since there are only 4 functions here, it might make sense to use independent bools rather than a bitmap, which might make this a bit simpler... > > get_psci_0_1_function_ids(); > > + kvm_host_psci_config.version = psci_ops.get_version(); > > + > > + if (kvm_host_psci_config.version == PSCI_VERSION(0, 1)) { > > + kvm_host_psci_config.function_ids_0_1 = get_psci_0_1_function_ids(); > > + kvm_host_psci_config.enabled_functions_0_1 = > > + (psci_ops.cpu_suspend ? KVM_HOST_PSCI_0_1_CPU_SUSPEND : 0) | > > + (psci_ops.cpu_off ? KVM_HOST_PSCI_0_1_CPU_OFF : 0) | > > + (psci_ops.cpu_on ? KVM_HOST_PSCI_0_1_CPU_ON : 0) | > > + (psci_ops.migrate ? KVM_HOST_PSCI_0_1_MIGRATE : 0); ... since e.g. this could be roughly: kvm_host_psci_config.cpu_suspend_implemented = psci_ops.cpu_suspend; kvm_host_psci_config.cpu_off_implemented = psci_ops.cpu_off; kvm_host_psci_config.cpu_on_implemented = psci_ops.cpu_on; kvm_host_psci_config.migrate_implemented = psci_ops.migrate; > > +static inline bool is_psci_0_1_cpu_suspend(u64 func_id) > > +{ > > + return is_psci_0_1_function_enabled(KVM_HOST_PSCI_0_1_CPU_SUSPEND) && > > + (func_id == kvm_host_psci_config.function_ids_0_1.cpu_suspend); > > +} ...and similarly: return kvm_host_psci_config.cpu_suspend_implemented && func_id == kvm_host_psci_config.function_ids_0_1.cpu_suspend) > Otherwise looks OK. Don't bother respinning the series for my > comments, I can tidy things up as I apply it if there are no other > issues. FWIW, I'm happy with whatever choose to do here, so don't feel like you have to follow my suggestions above. Thanks, Mark.