2012-12-10 16:29:28 +00:00
|
|
|
/*
|
|
|
|
* Copyright (C) 2012,2013 - ARM Ltd
|
|
|
|
* Author: Marc Zyngier <marc.zyngier@arm.com>
|
|
|
|
*
|
|
|
|
* Derived from arch/arm/include/uapi/asm/kvm.h:
|
|
|
|
* Copyright (C) 2012 - Virtual Open Systems and Columbia University
|
|
|
|
* Author: Christoffer Dall <c.dall@virtualopensystems.com>
|
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or modify
|
|
|
|
* it under the terms of the GNU General Public License version 2 as
|
|
|
|
* published by the Free Software Foundation.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#ifndef __ARM_KVM_H__
|
|
|
|
#define __ARM_KVM_H__
|
|
|
|
|
|
|
|
#define KVM_SPSR_EL1 0
|
2013-02-06 19:17:50 +00:00
|
|
|
#define KVM_SPSR_SVC KVM_SPSR_EL1
|
|
|
|
#define KVM_SPSR_ABT 1
|
|
|
|
#define KVM_SPSR_UND 2
|
|
|
|
#define KVM_SPSR_IRQ 3
|
|
|
|
#define KVM_SPSR_FIQ 4
|
|
|
|
#define KVM_NR_SPSR 5
|
2012-12-10 16:29:28 +00:00
|
|
|
|
|
|
|
#ifndef __ASSEMBLY__
|
2014-04-29 11:24:16 +05:30
|
|
|
#include <linux/psci.h>
|
2012-12-10 16:29:28 +00:00
|
|
|
#include <asm/types.h>
|
|
|
|
#include <asm/ptrace.h>
|
|
|
|
|
|
|
|
#define __KVM_HAVE_GUEST_DEBUG
|
|
|
|
#define __KVM_HAVE_IRQ_LINE
|
2014-08-19 12:18:04 +02:00
|
|
|
#define __KVM_HAVE_READONLY_MEM
|
2012-12-10 16:29:28 +00:00
|
|
|
|
|
|
|
#define KVM_REG_SIZE(id) \
|
|
|
|
(1U << (((id) & KVM_REG_SIZE_MASK) >> KVM_REG_SIZE_SHIFT))
|
|
|
|
|
|
|
|
struct kvm_regs {
|
|
|
|
struct user_pt_regs regs; /* sp = sp_el0 */
|
|
|
|
|
|
|
|
__u64 sp_el1;
|
|
|
|
__u64 elr_el1;
|
|
|
|
|
|
|
|
__u64 spsr[KVM_NR_SPSR];
|
|
|
|
|
|
|
|
struct user_fpsimd_state fp_regs;
|
|
|
|
};
|
|
|
|
|
2015-06-17 10:00:46 +01:00
|
|
|
/*
|
|
|
|
* Supported CPU Targets - Adding a new target type is not recommended,
|
|
|
|
* unless there are some special registers not supported by the
|
|
|
|
* genericv8 syreg table.
|
|
|
|
*/
|
2012-12-10 16:29:28 +00:00
|
|
|
#define KVM_ARM_TARGET_AEM_V8 0
|
|
|
|
#define KVM_ARM_TARGET_FOUNDATION_V8 1
|
|
|
|
#define KVM_ARM_TARGET_CORTEX_A57 2
|
2013-11-14 15:20:08 +00:00
|
|
|
#define KVM_ARM_TARGET_XGENE_POTENZA 3
|
2014-05-20 18:06:03 +01:00
|
|
|
#define KVM_ARM_TARGET_CORTEX_A53 4
|
2015-06-17 10:00:46 +01:00
|
|
|
/* Generic ARM v8 target */
|
|
|
|
#define KVM_ARM_TARGET_GENERIC_V8 5
|
2012-12-10 16:29:28 +00:00
|
|
|
|
2015-06-17 10:00:46 +01:00
|
|
|
#define KVM_ARM_NUM_TARGETS 6
|
2012-12-10 16:29:28 +00:00
|
|
|
|
|
|
|
/* KVM_ARM_SET_DEVICE_ADDR ioctl id encoding */
|
|
|
|
#define KVM_ARM_DEVICE_TYPE_SHIFT 0
|
|
|
|
#define KVM_ARM_DEVICE_TYPE_MASK (0xffff << KVM_ARM_DEVICE_TYPE_SHIFT)
|
|
|
|
#define KVM_ARM_DEVICE_ID_SHIFT 16
|
|
|
|
#define KVM_ARM_DEVICE_ID_MASK (0xffff << KVM_ARM_DEVICE_ID_SHIFT)
|
|
|
|
|
|
|
|
/* Supported device IDs */
|
|
|
|
#define KVM_ARM_DEVICE_VGIC_V2 0
|
|
|
|
|
|
|
|
/* Supported VGIC address types */
|
|
|
|
#define KVM_VGIC_V2_ADDR_TYPE_DIST 0
|
|
|
|
#define KVM_VGIC_V2_ADDR_TYPE_CPU 1
|
|
|
|
|
|
|
|
#define KVM_VGIC_V2_DIST_SIZE 0x1000
|
|
|
|
#define KVM_VGIC_V2_CPU_SIZE 0x2000
|
|
|
|
|
2014-06-03 10:26:30 +02:00
|
|
|
/* Supported VGICv3 address types */
|
|
|
|
#define KVM_VGIC_V3_ADDR_TYPE_DIST 2
|
|
|
|
#define KVM_VGIC_V3_ADDR_TYPE_REDIST 3
|
|
|
|
|
|
|
|
#define KVM_VGIC_V3_DIST_SIZE SZ_64K
|
|
|
|
#define KVM_VGIC_V3_REDIST_SIZE (2 * SZ_64K)
|
|
|
|
|
2012-12-12 18:52:05 +00:00
|
|
|
#define KVM_ARM_VCPU_POWER_OFF 0 /* CPU is started in OFF state */
|
2013-02-07 10:46:46 +00:00
|
|
|
#define KVM_ARM_VCPU_EL1_32BIT 1 /* CPU running a 32bit VM */
|
2014-04-29 11:24:16 +05:30
|
|
|
#define KVM_ARM_VCPU_PSCI_0_2 2 /* CPU uses PSCI v0.2 */
|
2012-12-12 18:52:05 +00:00
|
|
|
|
2012-12-10 16:29:28 +00:00
|
|
|
struct kvm_vcpu_init {
|
|
|
|
__u32 target;
|
|
|
|
__u32 features[7];
|
|
|
|
};
|
|
|
|
|
|
|
|
struct kvm_sregs {
|
|
|
|
};
|
|
|
|
|
|
|
|
struct kvm_fpu {
|
|
|
|
};
|
|
|
|
|
2015-07-07 17:29:54 +01:00
|
|
|
/*
|
|
|
|
* See v8 ARM ARM D7.3: Debug Registers
|
|
|
|
*
|
|
|
|
* The architectural limit is 16 debug registers of each type although
|
|
|
|
* in practice there are usually less (see ID_AA64DFR0_EL1).
|
|
|
|
*
|
|
|
|
* Although the control registers are architecturally defined as 32
|
|
|
|
* bits wide we use a 64 bit structure here to keep parity with
|
|
|
|
* KVM_GET/SET_ONE_REG behaviour which treats all system registers as
|
|
|
|
* 64 bit values. It also allows for the possibility of the
|
|
|
|
* architecture expanding the control registers without having to
|
|
|
|
* change the userspace ABI.
|
|
|
|
*/
|
|
|
|
#define KVM_ARM_MAX_DBG_REGS 16
|
2012-12-10 16:29:28 +00:00
|
|
|
struct kvm_guest_debug_arch {
|
2015-07-07 17:29:54 +01:00
|
|
|
__u64 dbg_bcr[KVM_ARM_MAX_DBG_REGS];
|
|
|
|
__u64 dbg_bvr[KVM_ARM_MAX_DBG_REGS];
|
|
|
|
__u64 dbg_wcr[KVM_ARM_MAX_DBG_REGS];
|
|
|
|
__u64 dbg_wvr[KVM_ARM_MAX_DBG_REGS];
|
2012-12-10 16:29:28 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
struct kvm_debug_exit_arch {
|
2015-07-07 17:29:54 +01:00
|
|
|
__u32 hsr;
|
|
|
|
__u64 far; /* used for watchpoints */
|
2012-12-10 16:29:28 +00:00
|
|
|
};
|
|
|
|
|
2015-07-07 17:29:54 +01:00
|
|
|
/*
|
|
|
|
* Architecture specific defines for kvm_guest_debug->control
|
|
|
|
*/
|
|
|
|
|
|
|
|
#define KVM_GUESTDBG_USE_SW_BP (1 << 16)
|
|
|
|
#define KVM_GUESTDBG_USE_HW (1 << 17)
|
|
|
|
|
2012-12-10 16:29:28 +00:00
|
|
|
struct kvm_sync_regs {
|
|
|
|
};
|
|
|
|
|
|
|
|
struct kvm_arch_memory_slot {
|
|
|
|
};
|
|
|
|
|
2012-12-10 16:15:34 +00:00
|
|
|
/* If you need to interpret the index values, here is the key: */
|
|
|
|
#define KVM_REG_ARM_COPROC_MASK 0x000000000FFF0000
|
|
|
|
#define KVM_REG_ARM_COPROC_SHIFT 16
|
|
|
|
|
|
|
|
/* Normal registers are mapped as coprocessor 16. */
|
|
|
|
#define KVM_REG_ARM_CORE (0x0010 << KVM_REG_ARM_COPROC_SHIFT)
|
|
|
|
#define KVM_REG_ARM_CORE_REG(name) (offsetof(struct kvm_regs, name) / sizeof(__u32))
|
|
|
|
|
|
|
|
/* Some registers need more space to represent values. */
|
|
|
|
#define KVM_REG_ARM_DEMUX (0x0011 << KVM_REG_ARM_COPROC_SHIFT)
|
|
|
|
#define KVM_REG_ARM_DEMUX_ID_MASK 0x000000000000FF00
|
|
|
|
#define KVM_REG_ARM_DEMUX_ID_SHIFT 8
|
|
|
|
#define KVM_REG_ARM_DEMUX_ID_CCSIDR (0x00 << KVM_REG_ARM_DEMUX_ID_SHIFT)
|
|
|
|
#define KVM_REG_ARM_DEMUX_VAL_MASK 0x00000000000000FF
|
|
|
|
#define KVM_REG_ARM_DEMUX_VAL_SHIFT 0
|
|
|
|
|
|
|
|
/* AArch64 system registers */
|
|
|
|
#define KVM_REG_ARM64_SYSREG (0x0013 << KVM_REG_ARM_COPROC_SHIFT)
|
|
|
|
#define KVM_REG_ARM64_SYSREG_OP0_MASK 0x000000000000c000
|
|
|
|
#define KVM_REG_ARM64_SYSREG_OP0_SHIFT 14
|
|
|
|
#define KVM_REG_ARM64_SYSREG_OP1_MASK 0x0000000000003800
|
|
|
|
#define KVM_REG_ARM64_SYSREG_OP1_SHIFT 11
|
|
|
|
#define KVM_REG_ARM64_SYSREG_CRN_MASK 0x0000000000000780
|
|
|
|
#define KVM_REG_ARM64_SYSREG_CRN_SHIFT 7
|
|
|
|
#define KVM_REG_ARM64_SYSREG_CRM_MASK 0x0000000000000078
|
|
|
|
#define KVM_REG_ARM64_SYSREG_CRM_SHIFT 3
|
|
|
|
#define KVM_REG_ARM64_SYSREG_OP2_MASK 0x0000000000000007
|
|
|
|
#define KVM_REG_ARM64_SYSREG_OP2_SHIFT 0
|
|
|
|
|
2013-12-13 14:23:26 +01:00
|
|
|
#define ARM64_SYS_REG_SHIFT_MASK(x,n) \
|
|
|
|
(((x) << KVM_REG_ARM64_SYSREG_ ## n ## _SHIFT) & \
|
|
|
|
KVM_REG_ARM64_SYSREG_ ## n ## _MASK)
|
|
|
|
|
|
|
|
#define __ARM64_SYS_REG(op0,op1,crn,crm,op2) \
|
|
|
|
(KVM_REG_ARM64 | KVM_REG_ARM64_SYSREG | \
|
|
|
|
ARM64_SYS_REG_SHIFT_MASK(op0, OP0) | \
|
|
|
|
ARM64_SYS_REG_SHIFT_MASK(op1, OP1) | \
|
|
|
|
ARM64_SYS_REG_SHIFT_MASK(crn, CRN) | \
|
|
|
|
ARM64_SYS_REG_SHIFT_MASK(crm, CRM) | \
|
|
|
|
ARM64_SYS_REG_SHIFT_MASK(op2, OP2))
|
|
|
|
|
|
|
|
#define ARM64_SYS_REG(...) (__ARM64_SYS_REG(__VA_ARGS__) | KVM_REG_SIZE_U64)
|
|
|
|
|
|
|
|
#define KVM_REG_ARM_TIMER_CTL ARM64_SYS_REG(3, 3, 14, 3, 1)
|
|
|
|
#define KVM_REG_ARM_TIMER_CNT ARM64_SYS_REG(3, 3, 14, 3, 2)
|
|
|
|
#define KVM_REG_ARM_TIMER_CVAL ARM64_SYS_REG(3, 3, 14, 0, 2)
|
|
|
|
|
2014-02-02 13:41:02 -08:00
|
|
|
/* Device Control API: ARM VGIC */
|
|
|
|
#define KVM_DEV_ARM_VGIC_GRP_ADDR 0
|
|
|
|
#define KVM_DEV_ARM_VGIC_GRP_DIST_REGS 1
|
|
|
|
#define KVM_DEV_ARM_VGIC_GRP_CPU_REGS 2
|
|
|
|
#define KVM_DEV_ARM_VGIC_CPUID_SHIFT 32
|
|
|
|
#define KVM_DEV_ARM_VGIC_CPUID_MASK (0xffULL << KVM_DEV_ARM_VGIC_CPUID_SHIFT)
|
|
|
|
#define KVM_DEV_ARM_VGIC_OFFSET_SHIFT 0
|
|
|
|
#define KVM_DEV_ARM_VGIC_OFFSET_MASK (0xffffffffULL << KVM_DEV_ARM_VGIC_OFFSET_SHIFT)
|
2014-07-08 12:09:07 +01:00
|
|
|
#define KVM_DEV_ARM_VGIC_GRP_NR_IRQS 3
|
2014-12-15 18:43:33 +01:00
|
|
|
#define KVM_DEV_ARM_VGIC_GRP_CTRL 4
|
|
|
|
#define KVM_DEV_ARM_VGIC_CTRL_INIT 0
|
2014-02-02 13:41:02 -08:00
|
|
|
|
2012-12-10 16:29:28 +00:00
|
|
|
/* KVM_IRQ_LINE irq field index values */
|
|
|
|
#define KVM_ARM_IRQ_TYPE_SHIFT 24
|
|
|
|
#define KVM_ARM_IRQ_TYPE_MASK 0xff
|
|
|
|
#define KVM_ARM_IRQ_VCPU_SHIFT 16
|
|
|
|
#define KVM_ARM_IRQ_VCPU_MASK 0xff
|
|
|
|
#define KVM_ARM_IRQ_NUM_SHIFT 0
|
|
|
|
#define KVM_ARM_IRQ_NUM_MASK 0xffff
|
|
|
|
|
|
|
|
/* irq_type field */
|
|
|
|
#define KVM_ARM_IRQ_TYPE_CPU 0
|
|
|
|
#define KVM_ARM_IRQ_TYPE_SPI 1
|
|
|
|
#define KVM_ARM_IRQ_TYPE_PPI 2
|
|
|
|
|
|
|
|
/* out-of-kernel GIC cpu interrupt injection irq_number field */
|
|
|
|
#define KVM_ARM_IRQ_CPU_IRQ 0
|
|
|
|
#define KVM_ARM_IRQ_CPU_FIQ 1
|
|
|
|
|
KVM: arm/arm64: check IRQ number on userland injection
When userland injects a SPI via the KVM_IRQ_LINE ioctl we currently
only check it against a fixed limit, which historically is set
to 127. With the new dynamic IRQ allocation the effective limit may
actually be smaller (64).
So when now a malicious or buggy userland injects a SPI in that
range, we spill over on our VGIC bitmaps and bytemaps memory.
I could trigger a host kernel NULL pointer dereference with current
mainline by injecting some bogus IRQ number from a hacked kvmtool:
-----------------
....
DEBUG: kvm_vgic_inject_irq(kvm, cpu=0, irq=114, level=1)
DEBUG: vgic_update_irq_pending(kvm, cpu=0, irq=114, level=1)
DEBUG: IRQ #114 still in the game, writing to bytemap now...
Unable to handle kernel NULL pointer dereference at virtual address 00000000
pgd = ffffffc07652e000
[00000000] *pgd=00000000f658b003, *pud=00000000f658b003, *pmd=0000000000000000
Internal error: Oops: 96000006 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 1053 Comm: lkvm-msi-irqinj Not tainted 4.0.0-rc7+ #3027
Hardware name: FVP Base (DT)
task: ffffffc0774e9680 ti: ffffffc0765a8000 task.ti: ffffffc0765a8000
PC is at kvm_vgic_inject_irq+0x234/0x310
LR is at kvm_vgic_inject_irq+0x30c/0x310
pc : [<ffffffc0000ae0a8>] lr : [<ffffffc0000ae180>] pstate: 80000145
.....
So this patch fixes this by checking the SPI number against the
actual limit. Also we remove the former legacy hard limit of
127 in the ioctl code.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
CC: <stable@vger.kernel.org> # 4.0, 3.19, 3.18
[maz: wrap KVM_ARM_IRQ_GIC_MAX with #ifndef __KERNEL__,
as suggested by Christopher Covington]
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
2015-04-10 16:17:59 +01:00
|
|
|
/*
|
|
|
|
* This used to hold the highest supported SPI, but it is now obsolete
|
|
|
|
* and only here to provide source code level compatibility with older
|
|
|
|
* userland. The highest SPI number can be set via KVM_DEV_ARM_VGIC_GRP_NR_IRQS.
|
|
|
|
*/
|
|
|
|
#ifndef __KERNEL__
|
2012-12-10 16:29:28 +00:00
|
|
|
#define KVM_ARM_IRQ_GIC_MAX 127
|
KVM: arm/arm64: check IRQ number on userland injection
When userland injects a SPI via the KVM_IRQ_LINE ioctl we currently
only check it against a fixed limit, which historically is set
to 127. With the new dynamic IRQ allocation the effective limit may
actually be smaller (64).
So when now a malicious or buggy userland injects a SPI in that
range, we spill over on our VGIC bitmaps and bytemaps memory.
I could trigger a host kernel NULL pointer dereference with current
mainline by injecting some bogus IRQ number from a hacked kvmtool:
-----------------
....
DEBUG: kvm_vgic_inject_irq(kvm, cpu=0, irq=114, level=1)
DEBUG: vgic_update_irq_pending(kvm, cpu=0, irq=114, level=1)
DEBUG: IRQ #114 still in the game, writing to bytemap now...
Unable to handle kernel NULL pointer dereference at virtual address 00000000
pgd = ffffffc07652e000
[00000000] *pgd=00000000f658b003, *pud=00000000f658b003, *pmd=0000000000000000
Internal error: Oops: 96000006 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 1053 Comm: lkvm-msi-irqinj Not tainted 4.0.0-rc7+ #3027
Hardware name: FVP Base (DT)
task: ffffffc0774e9680 ti: ffffffc0765a8000 task.ti: ffffffc0765a8000
PC is at kvm_vgic_inject_irq+0x234/0x310
LR is at kvm_vgic_inject_irq+0x30c/0x310
pc : [<ffffffc0000ae0a8>] lr : [<ffffffc0000ae180>] pstate: 80000145
.....
So this patch fixes this by checking the SPI number against the
actual limit. Also we remove the former legacy hard limit of
127 in the ioctl code.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
CC: <stable@vger.kernel.org> # 4.0, 3.19, 3.18
[maz: wrap KVM_ARM_IRQ_GIC_MAX with #ifndef __KERNEL__,
as suggested by Christopher Covington]
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
2015-04-10 16:17:59 +01:00
|
|
|
#endif
|
2012-12-10 16:29:28 +00:00
|
|
|
|
2015-03-04 11:14:36 +01:00
|
|
|
/* One single KVM irqchip, ie. the VGIC */
|
|
|
|
#define KVM_NR_IRQCHIPS 1
|
|
|
|
|
2012-12-12 18:52:05 +00:00
|
|
|
/* PSCI interface */
|
|
|
|
#define KVM_PSCI_FN_BASE 0x95c1ba5e
|
|
|
|
#define KVM_PSCI_FN(n) (KVM_PSCI_FN_BASE + (n))
|
|
|
|
|
|
|
|
#define KVM_PSCI_FN_CPU_SUSPEND KVM_PSCI_FN(0)
|
|
|
|
#define KVM_PSCI_FN_CPU_OFF KVM_PSCI_FN(1)
|
|
|
|
#define KVM_PSCI_FN_CPU_ON KVM_PSCI_FN(2)
|
|
|
|
#define KVM_PSCI_FN_MIGRATE KVM_PSCI_FN(3)
|
|
|
|
|
2014-04-29 11:24:16 +05:30
|
|
|
#define KVM_PSCI_RET_SUCCESS PSCI_RET_SUCCESS
|
|
|
|
#define KVM_PSCI_RET_NI PSCI_RET_NOT_SUPPORTED
|
|
|
|
#define KVM_PSCI_RET_INVAL PSCI_RET_INVALID_PARAMS
|
|
|
|
#define KVM_PSCI_RET_DENIED PSCI_RET_DENIED
|
2012-12-12 18:52:05 +00:00
|
|
|
|
2012-12-10 16:29:28 +00:00
|
|
|
#endif
|
|
|
|
|
|
|
|
#endif /* __ARM_KVM_H__ */
|