Received: by 2002:a05:6a10:9afc:0:0:0:0 with SMTP id t28csp254648pxm; Tue, 22 Feb 2022 09:57:30 -0800 (PST) X-Google-Smtp-Source: ABdhPJy7fkk/yqrB+qIamUxa4U7u1myqTj22e5fx5eCV72urTz9kWJBxNidM3LQOIJdQC3lHhnku X-Received: by 2002:a05:6402:354c:b0:412:b2f2:f8e4 with SMTP id f12-20020a056402354c00b00412b2f2f8e4mr25635379edd.269.1645552649733; Tue, 22 Feb 2022 09:57:29 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1645552649; cv=none; d=google.com; s=arc-20160816; b=Mq/2LjHd9YBKu8D0ot3fIJ39rQIiSrn+he0lP1Oxenj93vfFWyiRcWoiiXt3qK28Gt TfzEFgJtwKvihbeuPdUxi2LpyecYSZhix/DzsoQ2fubTx9zEiQeM99wfU9PigD+ze0/l 3IT3XtBvYqflTF2SfFUJekrnJ7uhBTAOKSjrBo7WFxPTm9BgAdfkXqB5gtpa0xGAeyM4 iQkKW+7/BJtrPYLR0dN7RuXaF8976QiONrQXqaVwRZRPERmS+JEmtYjgle4qSkDF854Z f73sHP+uiS1uz7iMpPF5Td2C0L3Y7sl+0eIr9Rxkf4rk6RC7ruAEcroMo3T2S/JxP6zW beBg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:to:cc:from:subject:mime-version:message-id:date :dkim-signature; bh=FUZhxNiWpTBuv/yo6aC9br7WFC740z5ipvXijUNB1uM=; b=wp0ypRj/CJxFs/GnuPJ1B+mAGVbGUONVseTX2guTRUE3oClytQ9Vf6uMvSakJO+GoB 1Su6h9CIE6puO47oB6TBmQdHg5ploSDcRJVhcczq/ldYwvPLpg6q3yiR5w0RG6L3eSeF 8GKhtXsiaJ8Yk3aA1c3k99+uHwZfH16vmS67TJKNrux6iu4ih/9S7xdM0rnGu1cF+WZ/ ad/a35dt0KI4as+s0xzGwHcYaJRFX6qqw3sEsHxVEeefHpslGFCjjjfz/rKoyFkp6dGm g0e/nc2N6MENGShcAgxIWV58i605RqbRisaMAe6g0QIwtIl6UDcjqv1pgel+Nu44KeHs fk9Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=rl7DGr9S; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id r24si12375545edo.24.2022.02.22.09.57.07; Tue, 22 Feb 2022 09:57:29 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=rl7DGr9S; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234354AbiBVQxK (ORCPT + 99 others); Tue, 22 Feb 2022 11:53:10 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55738 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232260AbiBVQxJ (ORCPT ); Tue, 22 Feb 2022 11:53:09 -0500 Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com [IPv6:2607:f8b0:4864:20::b4a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DEA463298D for ; Tue, 22 Feb 2022 08:52:43 -0800 (PST) Received: by mail-yb1-xb4a.google.com with SMTP id s22-20020a252d56000000b00624652ac3e1so9299709ybe.16 for ; Tue, 22 Feb 2022 08:52:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:message-id:mime-version:subject:from:cc; bh=FUZhxNiWpTBuv/yo6aC9br7WFC740z5ipvXijUNB1uM=; b=rl7DGr9SKCJXXULyQIrNMfWNqV8X0uSCbZhx5bKPP42G9Onx9lq+GQAIBvFAcYM0KR Yud0tbtBDX9beTd1+sjFvWoFwk5t88qg3J8PAorzHjj5DCnaTGLU11aui2kWTwEwa6xW 99/fFQPBB69uHXZRrLMnY8mskRUSa+VgfrimpGhCICIeOSjegQMfKYPl8tb+QwDyI4ED lb2YHKrWGQYam0vicFHUYcE7//ShpkJZAnf2Z1mqkqoEvEPITOq8clnVfeWptecNU6Za DrkwL6jDl0jULxJGn0RHx0MH8eTOkdkY0DSoUVak546uIUpSPco/QgZ6eFu6kAr1RrKr S/1g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:message-id:mime-version:subject:from:cc; bh=FUZhxNiWpTBuv/yo6aC9br7WFC740z5ipvXijUNB1uM=; b=zmJekwB5H5QD569ItL8xppZkhDff5SMUKgUXVAFsEsEYhAuwgCpiRkCabib69lfQNZ jnKfIK//C240VZHpfczKDxlXe4P4VhbbzUPzOrG+HAyXyagTs6T7/1svALB116bNmOV2 bBv9oA7ay3JgB20hZnPs5JtsqhSrbyOzCqgiCllfCJF+X6oRI7DVkT1d/myeLJSasfcj IBLhW7msxM1W3Rdti4M6LB96+u0aRgsh+d3HlqzQtDKefuXCaR22tw4v384xjfKaNw8L LG4jif5Qm73dLhtVGmwLHnLkkbCZYNdC5hqc5CACBDg6/1DQGIZfnFJuX7AEocKFaySk 5lEw== X-Gm-Message-State: AOAM533QRiVqLK+eam8Wtr9TrmmuRvF1Ky4g0WSOQRLxRgydiW0g5Or8 fKLx4nNqXSJtvRksiZvQ0GxbEvPzT0ux6uUGXQ== X-Received: from kaleshsingh.mtv.corp.google.com ([2620:15c:211:200:5db7:1235:b3dd:cfcb]) (user=kaleshsingh job=sendgmr) by 2002:a81:4bcd:0:b0:2d0:a61f:6b5a with SMTP id y196-20020a814bcd000000b002d0a61f6b5amr23695338ywa.477.1645548763067; Tue, 22 Feb 2022 08:52:43 -0800 (PST) Date: Tue, 22 Feb 2022 08:51:01 -0800 Message-Id: <20220222165212.2005066-1-kaleshsingh@google.com> Mime-Version: 1.0 X-Mailer: git-send-email 2.35.1.473.g83b2b277ed-goog Subject: [PATCH v2 0/9] KVM: arm64: Hypervisor stack enhancements From: Kalesh Singh Cc: will@kernel.org, maz@kernel.org, qperret@google.com, tabba@google.com, surenb@google.com, kernel-team@android.com, Kalesh Singh , Catalin Marinas , James Morse , Alexandru Elisei , Suzuki K Poulose , Ard Biesheuvel , Mark Rutland , Pasha Tatashin , Joey Gouly , Peter Collingbourne , Andrew Scull , linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, kvmarm@lists.cs.columbia.edu Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-8.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MISSING_HEADERS, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE, USER_IN_DEF_DKIM_WL autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net To: unlisted-recipients:; (no To-header on input) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi all, This is v2 of the nVHE hypervisor stack enhancements. v1 can be found at: https://lore.kernel.org/r/20220210224220.4076151-1-kaleshsingh@google.com/ This version has been updated to work for 'classic' KVM in nVHE mode in addition to pKVM, per Marc; and rebased on 5.17-rc5. The cover letter has been copied below for convenience. Thanks, Kalesh ----- This series adds the following stack features to the KVM nVHE hypervisor: == Hyp Stack Guard Pages == Based on the technique used by arm64 VMAP_STACK to detect overflow. i.e. the stack is aligned to twice its size which ensure that the 'stack shift' bit of any valid SP is 0. The 'stack shift' bit can be tested in the exception entry to detect overflow without corrupting GPRs. == Hyp Stack Unwinder == Based on the arm64 kernel stack unwinder (See: arch/arm64/kernel/stacktrace.c) The unwinding and dumping of the hyp stack is not enabled by default and depends on CONFIG_NVHE_EL2_DEBUG to avoid potential information leaks. When CONFIG_NVHE_EL2_DEBUG is enabled the host stage 2 protection is disabled, allowing the host to read the hypervisor stack pages and unwind the stack from EL1. This allows us to print the hypervisor stacktrace before panicking the host; as shown below: kvm [408]: nVHE hyp panic at: \ [] __kvm_nvhe_overflow_stack+0x10/0x34! kvm [408]: nVHE HYP call trace: kvm [408]: [] __kvm_nvhe_hyp_panic_bad_stack+0xc/0x10 kvm [408]: [] __kvm_nvhe___kvm_hyp_host_vector+0x248/0x794 kvm [408]: [] __kvm_nvhe_overflow_stack+0x20/0x34 . . . kvm [408]: [] __kvm_nvhe_overflow_stack+0x20/0x34 kvm [408]: [] __kvm_nvhe___kvm_vcpu_run+0x2c/0x40c kvm [408]: [] __kvm_nvhe_handle___kvm_vcpu_run+0x1c8/0x36c kvm [408]: [] __kvm_nvhe_handle_trap+0xa4/0x124 kvm [408]: [] __kvm_nvhe___host_exit+0x60/0x64 kvm [408]: ---- end of nVHE HYP call trace ---- Kalesh Singh (8): KVM: arm64: Introduce hyp_alloc_private_va_range() KVM: arm64: Introduce pkvm_alloc_private_va_range() KVM: arm64: Add guard pages for KVM nVHE hypervisor stack KVM: arm64: Add guard pages for pKVM (protected nVHE) hypervisor stack KVM: arm64: Detect and handle hypervisor stack overflows KVM: arm64: Add hypervisor overflow stack KVM: arm64: Unwind and dump nVHE HYP stacktrace KVM: arm64: Symbolize the nVHE HYP backtrace Quentin Perret (1): arm64: asm: Introduce test_sp_overflow macro arch/arm64/include/asm/assembler.h | 11 + arch/arm64/include/asm/kvm_asm.h | 18 ++ arch/arm64/include/asm/kvm_mmu.h | 4 + arch/arm64/kernel/entry.S | 7 +- arch/arm64/kvm/Kconfig | 5 +- arch/arm64/kvm/Makefile | 1 + arch/arm64/kvm/arm.c | 34 +++- arch/arm64/kvm/handle_exit.c | 16 +- arch/arm64/kvm/hyp/include/nvhe/mm.h | 3 +- arch/arm64/kvm/hyp/nvhe/host.S | 21 ++ arch/arm64/kvm/hyp/nvhe/hyp-main.c | 5 +- arch/arm64/kvm/hyp/nvhe/mm.c | 49 +++-- arch/arm64/kvm/hyp/nvhe/setup.c | 25 ++- arch/arm64/kvm/hyp/nvhe/switch.c | 29 +++ arch/arm64/kvm/mmu.c | 61 ++++-- arch/arm64/kvm/stacktrace.c | 290 +++++++++++++++++++++++++++ arch/arm64/kvm/stacktrace.h | 17 ++ scripts/kallsyms.c | 2 +- 18 files changed, 533 insertions(+), 65 deletions(-) create mode 100644 arch/arm64/kvm/stacktrace.c create mode 100644 arch/arm64/kvm/stacktrace.h base-commit: cfb92440ee71adcc2105b0890bb01ac3cddb8507 -- 2.35.1.473.g83b2b277ed-goog