Received: by 2002:a05:6a10:413:0:0:0:0 with SMTP id 19csp3567343pxp; Tue, 8 Mar 2022 17:39:15 -0800 (PST) X-Google-Smtp-Source: ABdhPJyQWI1RS4wQx1ReOJ/mqXx7o3DZGY4DBuqsItOd7vWeQqqSSmxQUtiNzCuhdebQw0YaxbWs X-Received: by 2002:a65:55ce:0:b0:378:4f83:4946 with SMTP id k14-20020a6555ce000000b003784f834946mr16288777pgs.19.1646789955230; Tue, 08 Mar 2022 17:39:15 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1646789955; cv=none; d=google.com; s=arc-20160816; b=ObmvEUfJT2In7ujStbpdyarEXwOt8u1xtvMTu24qeNPSc4su0hP3FlSjPmH6tvCrdE D+KbFvknATqUpNzuQZ3WQXbZ54EgLk+2bDT/UzQ4GLSqxMHFD3tAqNeyeev8ANMtR1xZ 4d6gHHGoYbLmtFMeCCQFlTY6Z1vC4Tzm3TKtiZOXu/ou/k5suUoqajV5IjigvSbz0Ywc /MLboEN3jqJSpppe/aQcfvRhj2Bmjmql/xqatVMs4M53AM0LHw7/nH5QWjDT1SQT5pJ2 elJvTiK/gc7yXnHCKxBoaWZyAx+FdjX/DH+Ogz54jpy3RLUzZC0HIpVlRdPZLXMmsWTB WeVA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:to:cc:from:subject:mime-version:message-id:date :dkim-signature; bh=sfVUTk2MbhVgy0tKug84HjGTAODI0KpG5JNI6LdeG5Q=; b=lahZEh+gNpUxUXTIfmAuAFB7dEgojH2FiWMa7nDJFwUcIUsJBmAlx8QBBgQhENWrqk MS/Pl3zH+7Cb27wLZG+LqNBYWwuhAu5krjijW0WMSmNqFZW660/wxI1Q2dwYlKrSfnKV bxKsuSLMrHxMQPhzUm82RknWHYvy4PmOAhCsd3Q8LbPr0pOWZLneR2jpAegai4XXYkCq vuEAlbdrWrw7g8mtHcZPi5nxrAXu3iUQpiyxeFo5wnPd8YvdPu5A5KNbmX26IAF430bK 3fIrYqwl+ZJeyNjSExPvZ8/KbxKwOn6pccdevba9QO8/9DE61MLBNvCLwaSz8X6CavBa ZPCg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=mBD7jDE9; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19]) by mx.google.com with ESMTPS id b15-20020a056a000a8f00b004f37be21c6esi538011pfl.378.2022.03.08.17.39.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 08 Mar 2022 17:39:15 -0800 (PST) Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=mBD7jDE9; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 3355320DB3F; Tue, 8 Mar 2022 16:32:21 -0800 (PST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241553AbiCGSuh (ORCPT + 99 others); Mon, 7 Mar 2022 13:50:37 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55530 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237058AbiCGSug (ORCPT ); Mon, 7 Mar 2022 13:50:36 -0500 Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com [IPv6:2607:f8b0:4864:20::b4a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 77CED5C852 for ; Mon, 7 Mar 2022 10:49:41 -0800 (PST) Received: by mail-yb1-xb4a.google.com with SMTP id a3-20020a5b0ac3000000b006288f395b25so14283086ybr.18 for ; Mon, 07 Mar 2022 10:49:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:message-id:mime-version:subject:from:cc; bh=sfVUTk2MbhVgy0tKug84HjGTAODI0KpG5JNI6LdeG5Q=; b=mBD7jDE9tctzEwd05BghFMrXysPRXZH49psJdvMCVo1LFKJuoybPLYv+zm28CPjdAn FHmAenInSI30NtCmPkisWjlUYl1Phey3TlDGp11Ea9klFHmkRnvORexyuov/tZ/YAsES hhML8NfQLEIQc8mEK1/wQ3Ysoecxd1/NHjlfNnZKK3DpJAiuh2A4Ll9UUt3PonjBaMfZ 9vIYC/bEKiOtXeNtZ6ktkA+fRw7AXbd/l7Awawerz2ZENW2plzW+EHM3y5NO+kkV+T9P ZLxsM1wmsAwhlwsDPVdTzWm373LE7elz/RpRUxHQyeuB3enAKW5BwS3y6YuHQERPfZtj YnJQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:message-id:mime-version:subject:from:cc; bh=sfVUTk2MbhVgy0tKug84HjGTAODI0KpG5JNI6LdeG5Q=; b=BvZChnvYl3BIaZrHxmJyf7ieXbCGnEtbbtDAqyDP5c+4550rnt6Rb1O98nJoQYcd0+ BkmYzzFAkx4aiyPq3KNb5uLgVpgemXHf+g6zACCwdcHzdVILoLztpeM9vFONCWwZMcsX plsnHNumd4snKWMKvewG1BzCun3LolSenfjq3pyTxxhYFbNsC1GVHoahhqSECa7FD8X0 BeUKZQQtrISLaWagjG5S706Pec2jXskf1Bi1rRZOfTf9w/jU08XNwvU99GfpqbSOXaUA z1waJwzIDpMHVcqlm0enYEpfpVbKndLcRxTQ4if4GE7sZnCuMtYMX0qcqDrZJ3PBkFkv uI4w== X-Gm-Message-State: AOAM533Emb8kyflOge2XDgqS0w289ewoiDT9kfXRrCmI8Q6TvURXMby6 0c9gIfi8aRct519DgbYkDw3pSbvaW5r6k3JMxg== X-Received: from kaleshsingh.mtv.corp.google.com ([2620:15c:211:200:dd66:1e7d:1858:4587]) (user=kaleshsingh job=sendgmr) by 2002:a25:e645:0:b0:628:8f2b:ef2 with SMTP id d66-20020a25e645000000b006288f2b0ef2mr9304216ybh.475.1646678980575; Mon, 07 Mar 2022 10:49:40 -0800 (PST) Date: Mon, 7 Mar 2022 10:48:58 -0800 Message-Id: <20220307184935.1704614-1-kaleshsingh@google.com> Mime-Version: 1.0 X-Mailer: git-send-email 2.35.1.616.g0bdcbb4464-goog Subject: [PATCH v5 0/8] KVM: arm64: Hypervisor stack enhancements From: Kalesh Singh Cc: will@kernel.org, maz@kernel.org, qperret@google.com, tabba@google.com, surenb@google.com, kernel-team@android.com, Kalesh Singh , James Morse , Alexandru Elisei , Suzuki K Poulose , Catalin Marinas , Mark Rutland , Mark Brown , Masami Hiramatsu , Peter Collingbourne , "Madhavan T. Venkataraman" , Andrew Scull , linux-arm-kernel@lists.infradead.org, kvmarm@lists.cs.columbia.edu, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-9.5 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE, USER_IN_DEF_DKIM_WL autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net To: unlisted-recipients:; (no To-header on input) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi all, This is v5 of the nVHE hypervisor stack enhancements. The main changes in this version are: - Align private allocations on based the order of their size - Allocate single private VA range for both stack and guard page (Don't rely on allocator providing separate allocations that are contiguous) - Rebase series on 5.17-rc7 Previous versions can be found at: v4: https://lore.kernel.org/r/20220225033548.1912117-1-kaleshsingh@google.com/ v3: https://lore.kernel.org/r/20220224051439.640768-1-kaleshsingh@google.com/ v2: https://lore.kernel.org/r/20220222165212.2005066-1-kaleshsingh@google.com/ v1: https://lore.kernel.org/r/20220210224220.4076151-1-kaleshsingh@google.com/ The previous cover letter has been copied below for convenience. Thanks, Kalesh ----- This series is based on 5.17-rc7 and adds the following stack features to the KVM nVHE hypervisor: == Hyp Stack Guard Pages == Based on the technique used by arm64 VMAP_STACK to detect overflow. i.e. the stack is aligned such that the 'stack shift' bit of any valid SP is 1. The 'stack shift' bit can be tested in the exception entry to detect overflow without corrupting GPRs. == Hyp Stack Unwinder == Based on the arm64 kernel stack unwinder (See: arch/arm64/kernel/stacktrace.c) The unwinding and dumping of the hyp stack is not enabled by default and depends on CONFIG_NVHE_EL2_DEBUG to avoid potential information leaks. When CONFIG_NVHE_EL2_DEBUG is enabled the host stage 2 protection is disabled, allowing the host to read the hypervisor stack pages and unwind the stack from EL1. This allows us to print the hypervisor stacktrace before panicking the host; as shown below. Example call trace: [ 98.916444][ T426] kvm [426]: nVHE hyp panic at: [] __kvm_nvhe_overflow_stack+0x8/0x34! [ 98.918360][ T426] nVHE HYP call trace: [ 98.918692][ T426] kvm [426]: [] __kvm_nvhe_cpu_prepare_nvhe_panic_info+0x4c/0x68 [ 98.919545][ T426] kvm [426]: [] __kvm_nvhe_hyp_panic+0x2c/0xe8 [ 98.920107][ T426] kvm [426]: [] __kvm_nvhe_hyp_panic_bad_stack+0x10/0x10 [ 98.920665][ T426] kvm [426]: [] __kvm_nvhe___kvm_hyp_host_vector+0x24c/0x794 [ 98.921292][ T426] kvm [426]: [] __kvm_nvhe_overflow_stack+0x24/0x34 . . . [ 98.973382][ T426] kvm [426]: [] __kvm_nvhe_overflow_stack+0x24/0x34 [ 98.973816][ T426] kvm [426]: [] __kvm_nvhe___kvm_vcpu_run+0x38/0x438 [ 98.974255][ T426] kvm [426]: [] __kvm_nvhe_handle___kvm_vcpu_run+0x1c4/0x364 [ 98.974719][ T426] kvm [426]: [] __kvm_nvhe_handle_trap+0xa8/0x130 [ 98.975152][ T426] kvm [426]: [] __kvm_nvhe___host_exit+0x64/0x64 [ 98.975588][ T426] ---- end of nVHE HYP call trace ---- Kalesh Singh (8): KVM: arm64: Introduce hyp_alloc_private_va_range() KVM: arm64: Introduce pkvm_alloc_private_va_range() KVM: arm64: Add guard pages for KVM nVHE hypervisor stack KVM: arm64: Add guard pages for pKVM (protected nVHE) hypervisor stack KVM: arm64: Detect and handle hypervisor stack overflows KVM: arm64: Add hypervisor overflow stack KVM: arm64: Unwind and dump nVHE HYP stacktrace KVM: arm64: Symbolize the nVHE HYP backtrace arch/arm64/include/asm/kvm_asm.h | 21 +++ arch/arm64/include/asm/kvm_mmu.h | 4 + arch/arm64/include/asm/stacktrace.h | 12 ++ arch/arm64/kernel/stacktrace.c | 210 ++++++++++++++++++++++++--- arch/arm64/kvm/Kconfig | 5 +- arch/arm64/kvm/arm.c | 42 +++++- arch/arm64/kvm/handle_exit.c | 16 +- arch/arm64/kvm/hyp/include/nvhe/mm.h | 1 + arch/arm64/kvm/hyp/nvhe/host.S | 29 ++++ arch/arm64/kvm/hyp/nvhe/mm.c | 56 ++++--- arch/arm64/kvm/hyp/nvhe/setup.c | 31 +++- arch/arm64/kvm/hyp/nvhe/switch.c | 30 +++- arch/arm64/kvm/mmu.c | 67 ++++++--- scripts/kallsyms.c | 2 +- 14 files changed, 440 insertions(+), 86 deletions(-) base-commit: ffb217a13a2eaf6d5bd974fc83036a53ca69f1e2 -- 2.35.1.616.g0bdcbb4464-goog