Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 385afbf8 authored by Greg Kroah-Hartman's avatar Greg Kroah-Hartman
Browse files

Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux 

Will writes:
  "Late arm64 fixes

   - Fix handling of young contiguous ptes for hugetlb mappings

   - Fix livelock when taking access faults on contiguous hugetlb mappings

   - Tighten up register accesses via KVM SET_ONE_REG ioctl()s"

* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
  arm64: KVM: Sanitize PSTATE.M when being set from userspace
  arm64: KVM: Tighten guest core register access from userspace
  arm64: hugetlb: Avoid unnecessary clearing in huge_ptep_set_access_flags
  arm64: hugetlb: Fix handling of young ptes
parents b62e4255 2a3f9345

arch/arm64/kvm/guest.c

+54 −1
Original line number Diff line number Diff line
@@ -57,6 +57,45 @@ static u64 core_reg_offset_from_id(u64 id) 
	return id & ~(KVM_REG_ARCH_MASK | KVM_REG_SIZE_MASK | KVM_REG_ARM_CORE);

}



static int validate_core_offset(const struct kvm_one_reg *reg)

{

	u64 off = core_reg_offset_from_id(reg->id);

	int size;



	switch (off) {

	case KVM_REG_ARM_CORE_REG(regs.regs[0]) ...

	     KVM_REG_ARM_CORE_REG(regs.regs[30]):

	case KVM_REG_ARM_CORE_REG(regs.sp):

	case KVM_REG_ARM_CORE_REG(regs.pc):

	case KVM_REG_ARM_CORE_REG(regs.pstate):

	case KVM_REG_ARM_CORE_REG(sp_el1):

	case KVM_REG_ARM_CORE_REG(elr_el1):

	case KVM_REG_ARM_CORE_REG(spsr[0]) ...

	     KVM_REG_ARM_CORE_REG(spsr[KVM_NR_SPSR - 1]):

		size = sizeof(__u64);

		break;



	case KVM_REG_ARM_CORE_REG(fp_regs.vregs[0]) ...

	     KVM_REG_ARM_CORE_REG(fp_regs.vregs[31]):

		size = sizeof(__uint128_t);

		break;



	case KVM_REG_ARM_CORE_REG(fp_regs.fpsr):

	case KVM_REG_ARM_CORE_REG(fp_regs.fpcr):

		size = sizeof(__u32);

		break;



	default:

		return -EINVAL;

	}



	if (KVM_REG_SIZE(reg->id) == size &&

	    IS_ALIGNED(off, size / sizeof(__u32)))

		return 0;



	return -EINVAL;

}



static int get_core_reg(struct kvm_vcpu *vcpu, const struct kvm_one_reg *reg)

{

	/*
@@ -76,6 +115,9 @@ static int get_core_reg(struct kvm_vcpu *vcpu, const struct kvm_one_reg *reg) 
	    (off + (KVM_REG_SIZE(reg->id) / sizeof(__u32))) >= nr_regs)

		return -ENOENT;



	if (validate_core_offset(reg))

		return -EINVAL;



	if (copy_to_user(uaddr, ((u32 *)regs) + off, KVM_REG_SIZE(reg->id)))

		return -EFAULT;
@@ -98,6 +140,9 @@ static int set_core_reg(struct kvm_vcpu *vcpu, const struct kvm_one_reg *reg) 
	    (off + (KVM_REG_SIZE(reg->id) / sizeof(__u32))) >= nr_regs)

		return -ENOENT;



	if (validate_core_offset(reg))

		return -EINVAL;



	if (KVM_REG_SIZE(reg->id) > sizeof(tmp))

		return -EINVAL;
@@ -107,17 +152,25 @@ static int set_core_reg(struct kvm_vcpu *vcpu, const struct kvm_one_reg *reg) 
	}



	if (off == KVM_REG_ARM_CORE_REG(regs.pstate)) {

		u32 mode = (*(u32 *)valp) & PSR_AA32_MODE_MASK;

		u64 mode = (*(u64 *)valp) & PSR_AA32_MODE_MASK;

		switch (mode) {

		case PSR_AA32_MODE_USR:

			if (!system_supports_32bit_el0())

				return -EINVAL;

			break;

		case PSR_AA32_MODE_FIQ:

		case PSR_AA32_MODE_IRQ:

		case PSR_AA32_MODE_SVC:

		case PSR_AA32_MODE_ABT:

		case PSR_AA32_MODE_UND:

			if (!vcpu_el1_is_32bit(vcpu))

				return -EINVAL;

			break;

		case PSR_MODE_EL0t:

		case PSR_MODE_EL1t:

		case PSR_MODE_EL1h:

			if (vcpu_el1_is_32bit(vcpu))

				return -EINVAL;

			break;

		default:

			err = -EINVAL;

arch/arm64/mm/hugetlbpage.c

+43 −7
Original line number Diff line number Diff line
@@ -117,11 +117,14 @@ static pte_t get_clear_flush(struct mm_struct *mm, 


		/*

		 * If HW_AFDBM is enabled, then the HW could turn on

		 * the dirty bit for any page in the set, so check

		 * them all.  All hugetlb entries are already young.

		 * the dirty or accessed bit for any page in the set,

		 * so check them all.

		 */

		if (pte_dirty(pte))

			orig_pte = pte_mkdirty(orig_pte);



		if (pte_young(pte))

			orig_pte = pte_mkyoung(orig_pte);

	}



	if (valid) {
@@ -320,11 +323,40 @@ pte_t huge_ptep_get_and_clear(struct mm_struct *mm, 
	return get_clear_flush(mm, addr, ptep, pgsize, ncontig);

}



/*

 * huge_ptep_set_access_flags will update access flags (dirty, accesssed)

 * and write permission.

 *

 * For a contiguous huge pte range we need to check whether or not write

 * permission has to change only on the first pte in the set. Then for

 * all the contiguous ptes we need to check whether or not there is a

 * discrepancy between dirty or young.

 */

static int __cont_access_flags_changed(pte_t *ptep, pte_t pte, int ncontig)

{

	int i;



	if (pte_write(pte) != pte_write(huge_ptep_get(ptep)))

		return 1;



	for (i = 0; i < ncontig; i++) {

		pte_t orig_pte = huge_ptep_get(ptep + i);



		if (pte_dirty(pte) != pte_dirty(orig_pte))

			return 1;



		if (pte_young(pte) != pte_young(orig_pte))

			return 1;

	}



	return 0;

}



int huge_ptep_set_access_flags(struct vm_area_struct *vma,

			       unsigned long addr, pte_t *ptep,

			       pte_t pte, int dirty)

{

	int ncontig, i, changed = 0;

	int ncontig, i;

	size_t pgsize = 0;

	unsigned long pfn = pte_pfn(pte), dpfn;

	pgprot_t hugeprot;
@@ -336,19 +368,23 @@ int huge_ptep_set_access_flags(struct vm_area_struct *vma, 
	ncontig = find_num_contig(vma->vm_mm, addr, ptep, &pgsize);

	dpfn = pgsize >> PAGE_SHIFT;



	if (!__cont_access_flags_changed(ptep, pte, ncontig))

		return 0;



	orig_pte = get_clear_flush(vma->vm_mm, addr, ptep, pgsize, ncontig);

	if (!pte_same(orig_pte, pte))

		changed = 1;



	/* Make sure we don't lose the dirty state */

	/* Make sure we don't lose the dirty or young state */

	if (pte_dirty(orig_pte))

		pte = pte_mkdirty(pte);



	if (pte_young(orig_pte))

		pte = pte_mkyoung(pte);



	hugeprot = pte_pgprot(pte);

	for (i = 0; i < ncontig; i++, ptep++, addr += pgsize, pfn += dpfn)

		set_pte_at(vma->vm_mm, addr, ptep, pfn_pte(pfn, hugeprot));



	return changed;

	return 1;

}



void huge_ptep_set_wrprotect(struct mm_struct *mm,