Received: by 2002:a05:6a10:c7c6:0:0:0:0 with SMTP id h6csp1371524pxy;
        Sun, 1 Aug 2021 23:05:42 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJzYR1tvaodkV/hdgkoEZaLP61Ly2UPyIbSfyI34tUGs6rYUF4LPzk/ZmtV+mvMx66IOCfUs
X-Received: by 2002:a05:6402:40cd:: with SMTP id z13mr9705330edb.91.1627884342113;
        Sun, 01 Aug 2021 23:05:42 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1627884342; cv=none;
        d=google.com; s=arc-20160816;
        b=jEjUrgZOqL0bMNYiSS4FEl5wwII0Ty76Y9gQBGCfsNMQG088b/HDuBmBis5KABxz2m
         78BMOeLZNSoLLxTUnjODUL31Wh2jQvWV40EOsFkTtzDZU7wt5DgogZzvA/hHfCiGFhvk
         mLo2/BHcLIyeqnjdKMzbrYzDzzC8usBXXh0hxFng3tqd60gxL7HHLWMKDmQ06s71dPbe
         08jvLuU+RbLMJxzDnNNgAdGh6xLYqnglUMVuDpQdMfXMHwXT4xj0hmhidK0rxQMeEG8U
         Y/KPir7A8aabKbXUsdJNv26B9VO2ajVir1AlO/s5RIK7jM/Iu/xFs5jxlwpBlrPFHTBu
         2Z+g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:mime-version:message-id:date:references
         :in-reply-to:subject:cc:to:from:dkim-signature;
        bh=n8jZx6w5lsO8h4k9sHk6uNDWOQkmiMu8W8QtD1+2nO8=;
        b=YG9TpHNfkH/fSpi7e7Fy2QWNWlfCe/aOOBHbGFT4+v4XydimppzLFu21j3TiA/CNKQ
         scSe0fa4zMRr0abTiLHPAcIIOBbAb5WZ3VESJSclIcSx1sai0//LwsraQgkZ3xNPt7lo
         E4/YDq1wd+YHugGkv02JUaoadzyBZY/M28TMpYo+xoJ47uv05RIjlOwzA1nj4r+CYMlf
         vjr4zZwehpz/+gFYty67wwpD9nuBihKOEUGDf/2GWBEMNF8EkxOB+3v495+ilsvnvQuo
         ks/NyWEgHy8LWmBQcIok4Qk3yfPwN9pZ6esPxRcUNvmJhrC890OfkmlAi03pwFBLm2WP
         XYgQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@ellerman.id.au header.s=201909 header.b="KhE/7yng";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id s10si10876020edd.150.2021.08.01.23.05.19;
        Sun, 01 Aug 2021 23:05:42 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@ellerman.id.au header.s=201909 header.b="KhE/7yng";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232127AbhHBGDD (ORCPT <rfc822;linux.whf@gmail.com> + 99 others);
        Mon, 2 Aug 2021 02:03:03 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37884 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229792AbhHBGDD (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 2 Aug 2021 02:03:03 -0400
Received: from ozlabs.org (bilbo.ozlabs.org [IPv6:2401:3900:2:1::2])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 49204C06175F;
        Sun,  1 Aug 2021 23:02:54 -0700 (PDT)
Received: from authenticated.ozlabs.org (localhost [127.0.0.1])
        (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
         key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256)
        (No client certificate requested)
        by mail.ozlabs.org (Postfix) with ESMTPSA id 4GdS8p4BsNz9sRK;
        Mon,  2 Aug 2021 16:02:48 +1000 (AEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ellerman.id.au;
        s=201909; t=1627884171;
        bh=n8jZx6w5lsO8h4k9sHk6uNDWOQkmiMu8W8QtD1+2nO8=;
        h=From:To:Cc:Subject:In-Reply-To:References:Date:From;
        b=KhE/7yngTkzWfiGcIos1FbWPLpdyYidIZkO96Xmei+xSuXi1IHpFADnnXA8lTi0MH
         8rXdS5lr94S+ItUlrRMXhROjhnXJMA37UrMObAbcX8Q+i9hF8253qAxVhVjQjuKhQI
         PvbBC/XyMMPYxr6hx19BDj5H73ioBoa5cm499JaPS3/gJ6oNLVXdNndj18KA6ZP7zM
         +0aCqQs7N8eHzd+lRqMP7OcsLf65/FC2gwY9aSeroiw2cwPAWtH6/VaGL0TNg3Amsh
         uQZEZUitD1aOINQJieswBnfY5NUtPNl4aXBg6c9C+xIFrt+eHyeWBUx89pkyP+I1IA
         m4/iHahE0wTcA==
From:   Michael Ellerman <mpe@ellerman.id.au>
To:     Alexey Kardashevskiy <aik@ozlabs.ru>, linuxppc-dev@lists.ozlabs.org
Cc:     Alexey Kardashevskiy <aik@ozlabs.ru>, linux-kernel@vger.kernel.org,
        Paul Mackerras <paulus@samba.org>, kvm-ppc@vger.kernel.org
Subject: Re: [PATCH kernel] powerpc/powernv: Check if powernv_rng is
 initialized
In-Reply-To: <20210730044315.956125-1-aik@ozlabs.ru>
References: <20210730044315.956125-1-aik@ozlabs.ru>
Date:   Mon, 02 Aug 2021 16:02:48 +1000
Message-ID: <87im0ol6yf.fsf@mpe.ellerman.id.au>
MIME-Version: 1.0
Content-Type: text/plain
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Alexey Kardashevskiy <aik@ozlabs.ru> writes:
> The powernv-rng driver has 2 users - the bare metal powernv platform and
> the KVM's H_RANDOM hcall. The hcall handler works fine when it is L0 KVM
> but fails in L1 KVM as there is no support for the HW registers in L1 VMs
> and such support is not advertised either (== no "ibm,power-rng" in
> the FDT). So when a nested VM tries H_RANDOM, the L1 KVM crashes on
> in_be64(rng->regs).
>
> This checks the pointers and returns an error if the feature is not
> set up.
>
> Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
> ---
>
>
> Randomly randomized H_RANDOM:
>
> 00:00:45 executing program 10:
> r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
> r1 = ioctl$KVM_CREATE_VM(r0, 0x2000ae01, 0x0)
> r2 = ioctl$KVM_CREATE_VCPU(r1, 0x2000ae41, 0x0)
> ioctl$KVM_SET_REGS(r2, 0x8188ae82, &(0x7f00000001c0)={[0x0, 0x0, 0xffffffffffffffe1, 0x0, 0x0, 0x200000953, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2], 0x2000})
> syz_kvm_setup_cpu$ppc64(0xffffffffffffffff, r2, &(0x7f0000e80000/0x180000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
> r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
> syz_kvm_setup_cpu$ppc64(r1, r2, &(0x7f0000e70000/0x180000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f0000000280)="0000e03d0080ef61e403ef790000ef650900ef61647b007c0000e03f0000ff63e403ff7b0000ff679952ff6370e63f7e0000603c00006360e4036378000063640003636018a8803c28bf8460e4038478ef97846436888460b6f6a03c88d6a560e403a5781beda564d879a5602665c03cb08dc660e403c67806b3c664966fc660d53fe03cddf1e760e403e7785c41e7646623e76022000044463fb1f20000803e00809462e403947a0000946604009462a6a6607f4abb4c130000603f00007b63e4037b7b00007b679a367b6332d9c17c201c994f7201004cbb7a603f72047b63e4037b7b955f7b6799947b636401607f", 0xf0}], 0x1, 0x0, &(0x7f00000000c0)=[@featur2={0x1, 0x1000}], 0x1)
>
>
> cpu 0xd: Vector: 300 (Data Access) at [c00000001599f590]
>     pc: c00000000011d2bc: powernv_get_random_long+0x4c/0xc0
>     lr: c00000000011d298: powernv_get_random_long+0x28/0xc0
>     sp: c00000001599f830
>    msr: 800000000280b033
>    dar: 0
>  dsisr: 40000000
>   current = 0xc0000000614c7f80
>   paca    = 0xc0000000fff81700	 irqmask: 0x03	 irq_happened: 0x01
>     pid   = 31576, comm = syz-executor.10
>
> Linux version 5.14.0-rc2-le_f29cf1ff9a23_a+fstn1 (aik@fstn1-p1) (gcc (Ubuntu 10.3.0-1ubuntu1) 10.3.0, GNU ld (GNU Binutils for Ubuntu) 2.36.1) #263 SMP Thu Jul 29 17:56:12 AEST 2021
> enter ? for help
> [c00000001599f860] c0000000001e45f8 kvmppc_pseries_do_hcall+0x5d8/0x2190
> [c00000001599f8f0] c0000000001ea2dc kvmppc_vcpu_run_hv+0x31c/0x14d0
> [c00000001599f9c0] c0000000001bd518 kvmppc_vcpu_run+0x48/0x60
> [c00000001599f9f0] c0000000001b74b0 kvm_arch_vcpu_ioctl_run+0x580/0x7d0
> [c00000001599fa90] c00000000019e6f8 kvm_vcpu_ioctl+0x418/0xd00
> [c00000001599fc70] c00000000079d8c4 sys_ioctl+0xb44/0x2100
> [c00000001599fd90] c00000000003b704 system_call_exception+0x224/0x410
> [c00000001599fe10] c00000000000c0e8 system_call_vectored_common+0xe8/0x278

There would be no bug if KVM was using arch_get_random_seed_long(),
because that defers to ppc_md, which is only populated when the RNG is
setup correctly. That seems like a better fix?

cheers