Commit 4874a657 authored by Anshuman Khandual's avatar Anshuman Khandual Committed by Junhao He
Browse files

KVM: arm64: Explicitly handle BRBE traps as UNDEFINED 

maillist inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I8EC9K
CVE: NA

Reference: https://lore.kernel.org/linux-arm-kernel/20240613061731.3109448-1-anshuman.khandual@arm.com/



--------------------------------

The Branch Record Buffer Extension (BRBE) adds a number of system registers
and instructions, which we don't currently intend to expose to guests. Our
existing logic handles this safely, but this could be improved with some
explicit handling of BRBE.

The presence of BRBE is currently hidden from guests as the cpufeature
code's ftr_id_aa64dfr0[] table doesn't have an entry for the BRBE field,
and so this will be zero in the sanitised value of ID_AA64DFR0 exposed to
guests via read_sanitised_id_aa64dfr0_el1(). As the ftr_id_aa64dfr0[] table
may gain an entry for the BRBE field in future, for robustness we should
explicitly mask out the BRBE field in read_sanitised_id_aa64dfr0_el1().

The BRBE system registers and instructions are currently trapped by the
existing configuration of the fine-grained traps. As neither the registers
nor the instructions are described in the sys_reg_descs[] table,
emulate_sys_reg() will warn that these are unknown before injecting an
UNDEFINED exception into the guest.

Well-behaved guests shouldn't try to use the registers or instructions, but
badly-behaved guests could use these, resulting in unnecessary warnings. To
avoid those warnings, we should explicitly handle the BRBE registers and
instructions as UNDEFINED.

Address the above by having read_sanitised_id_aa64dfr0_el1() mask out the
ID_AA64DFR0.BRBE field, and explicitly handling all of the BRBE system
registers and instructions as UNDEFINED.

Cc: Marc Zyngier <maz@kernel.org>
Cc: Oliver Upton <oliver.upton@linux.dev>
Cc: James Morse <james.morse@arm.com>
Cc: Suzuki K Poulose <suzuki.poulose@arm.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will@kernel.org>
Cc: kvmarm@lists.linux.dev
Cc: linux-arm-kernel@lists.infradead.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: default avatarAnshuman Khandual <anshuman.khandual@arm.com>
Signed-off-by: default avatarJunhao He <hejunhao3@huawei.com>
parent 27e0783f

arch/arm64/kvm/sys_regs.c

+56 −0
Original line number Diff line number Diff line
@@ -1123,6 +1123,11 @@ static bool access_pmuserenr(struct kvm_vcpu *vcpu, struct sys_reg_params *p, 
	return true;

}



#define BRB_INF_SRC_TGT_EL1(n)				\

	{ SYS_DESC(SYS_BRBINF_EL1(n)), undef_access },	\

	{ SYS_DESC(SYS_BRBSRC_EL1(n)), undef_access },	\

	{ SYS_DESC(SYS_BRBTGT_EL1(n)), undef_access }	\



/* Silly macro to expand the DBG{BCR,BVR,WVR,WCR}n_EL1 registers in one go */

#define DBG_BCR_BVR_WCR_WVR_EL1(n)					\

	{ SYS_DESC(SYS_DBGBVRn_EL1(n)),					\
@@ -1511,6 +1516,9 @@ static u64 read_sanitised_id_aa64dfr0_el1(struct kvm_vcpu *vcpu, 
	/* Hide SPE from guests */

	val &= ~ID_AA64DFR0_EL1_PMSVer_MASK;



	/* Hide BRBE from guests */

	val &= ~ID_AA64DFR0_EL1_BRBE_MASK;



	return val;

}
@@ -1973,6 +1981,8 @@ static const struct sys_reg_desc sys_reg_descs[] = { 
	{ SYS_DESC(SYS_DC_CISW), access_dcsw },

	{ SYS_DESC(SYS_DC_CIGSW), access_dcgsw },

	{ SYS_DESC(SYS_DC_CIGDSW), access_dcgsw },

	{ SYS_DESC(OP_BRB_IALL), undef_access },

	{ SYS_DESC(OP_BRB_INJ), undef_access },



	DBG_BCR_BVR_WCR_WVR_EL1(0),

	DBG_BCR_BVR_WCR_WVR_EL1(1),
@@ -2003,6 +2013,52 @@ static const struct sys_reg_desc sys_reg_descs[] = { 
	{ SYS_DESC(SYS_DBGCLAIMCLR_EL1), trap_raz_wi },

	{ SYS_DESC(SYS_DBGAUTHSTATUS_EL1), trap_dbgauthstatus_el1 },



	/*

	 * BRBE branch record sysreg address space is interleaved between

	 * corresponding BRBINF<N>_EL1, BRBSRC<N>_EL1, and BRBTGT<N>_EL1.

	 */

	BRB_INF_SRC_TGT_EL1(0),

	BRB_INF_SRC_TGT_EL1(16),

	BRB_INF_SRC_TGT_EL1(1),

	BRB_INF_SRC_TGT_EL1(17),

	BRB_INF_SRC_TGT_EL1(2),

	BRB_INF_SRC_TGT_EL1(18),

	BRB_INF_SRC_TGT_EL1(3),

	BRB_INF_SRC_TGT_EL1(19),

	BRB_INF_SRC_TGT_EL1(4),

	BRB_INF_SRC_TGT_EL1(20),

	BRB_INF_SRC_TGT_EL1(5),

	BRB_INF_SRC_TGT_EL1(21),

	BRB_INF_SRC_TGT_EL1(6),

	BRB_INF_SRC_TGT_EL1(22),

	BRB_INF_SRC_TGT_EL1(7),

	BRB_INF_SRC_TGT_EL1(23),

	BRB_INF_SRC_TGT_EL1(8),

	BRB_INF_SRC_TGT_EL1(24),

	BRB_INF_SRC_TGT_EL1(9),

	BRB_INF_SRC_TGT_EL1(25),

	BRB_INF_SRC_TGT_EL1(10),

	BRB_INF_SRC_TGT_EL1(26),

	BRB_INF_SRC_TGT_EL1(11),

	BRB_INF_SRC_TGT_EL1(27),

	BRB_INF_SRC_TGT_EL1(12),

	BRB_INF_SRC_TGT_EL1(28),

	BRB_INF_SRC_TGT_EL1(13),

	BRB_INF_SRC_TGT_EL1(29),

	BRB_INF_SRC_TGT_EL1(14),

	BRB_INF_SRC_TGT_EL1(30),

	BRB_INF_SRC_TGT_EL1(15),

	BRB_INF_SRC_TGT_EL1(31),



	/* Remaining BRBE sysreg addresses space */

	{ SYS_DESC(SYS_BRBCR_EL1), undef_access },

	{ SYS_DESC(SYS_BRBFCR_EL1), undef_access },

	{ SYS_DESC(SYS_BRBTS_EL1), undef_access },

	{ SYS_DESC(SYS_BRBINFINJ_EL1), undef_access },

	{ SYS_DESC(SYS_BRBSRCINJ_EL1), undef_access },

	{ SYS_DESC(SYS_BRBTGTINJ_EL1), undef_access },

	{ SYS_DESC(SYS_BRBIDR0_EL1), undef_access },



	{ SYS_DESC(SYS_MDCCSR_EL0), trap_raz_wi },

	{ SYS_DESC(SYS_DBGDTR_EL0), trap_raz_wi },

	// DBGDTR[TR]X_EL0 share the same encoding