From nobody Thu Apr 9 07:16:34 2026 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A1A943EC2F4 for ; Tue, 10 Mar 2026 12:49:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773146999; cv=none; b=YPhA7c0J0Afo2z6jLchf7gncwckR3/4wkXn8gFwPzccNWVXn9dwAnhHZ6i2nBJeKzwiY3TpOn2SmuZirI2ZhZsBmxxjfCtboBeln0FqzQtlfcBF1J030MVFXkmTwaIWzjzCGhKIfpEMmjN7qC8bEBcxnAwQXbiCEFjMmIi2EWs4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773146999; c=relaxed/simple; bh=RTITKTt8/00tVHzHX3kJ0PB866gXj1ZVjWj6O0grKkE=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=FVUoB/nE9hWfV1X6aLWljBQy6/3krmK5GdfFwsINIsc7U45x7HJuIuzBVU3HyF8NifdDvnA3M0X6ISUAfccoSZWqRyrLV5pzdBg1Au8EdfFqgRRjJ+Ym2HPaQDFQLjXVqO3QgqCCo7cIOBJYR5EIL5P2MvC4CV5Tt0woFqPrXhE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--sebastianene.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=ADoAH4UY; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--sebastianene.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="ADoAH4UY" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-485345e2fdfso13915725e9.2 for ; Tue, 10 Mar 2026 05:49:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1773146997; x=1773751797; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=VEWbELOsDpdm123yqs/nC4AQmYY2qHXqVI/qysPxPqQ=; b=ADoAH4UYMb9bn2yzHTvw+8lqaXc7RNwlQ2M6cO4IiV5cYZxFdnX+7k6UT8NH1HSsB8 HxkNaNf3qR98gj+75aRmb/tKbZula+g5BdB1LAlJTn61TqC7vbTEgK6u0lC4vDizSXvH hHSknqHqqYVu8Xi1cj0SrXp8Swee/Ql3NcScPXYeU3cUnz8v6ue9oVwO4a5XlXhhu8xd TP8o2PsX/XCqMrjnfDF9XgYXw2P4T9LDxg7+DzXg4gjLrXhbW1/3qBj6AvsTUakwUJ5Y HfRGgRCwpqdGkBGQXSxavYM81x3eS6tdVRtZeDkPomltcMel93K9730/LM0v0CE/GRBA Pkmg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1773146997; x=1773751797; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=VEWbELOsDpdm123yqs/nC4AQmYY2qHXqVI/qysPxPqQ=; b=EViKWG4F4AQfLDxOp2mi6dKmRLGuooLNYuZw6G8xLw69e6cx3LnoMa12p3LRao2g4h d+HRNfirVk+WKYKgyoeYFQfQk/9U4jyIAsFqkhh6pZnGY3OML95QoBkydIcCC+6JotuO TU/S7x4O8xdLLDjLeEcBhaClxswKkJzZUTLZYcBdM78lW1xEV1XTP97A7QCk4yxhay1u KGUqFg8CRhyUTNwpySuM2ZfVqYPMr0GeRUsn+ipxKBnQ1dethHPve4ggoiIvgSvAup7E KFnyrTtRi5Q+b/2TrxOmlNG2mT+PVTke8C7/XDZeOtfyF2C3+NT0hbDK/SYaJxl41I+G Gz3w== X-Forwarded-Encrypted: i=1; AJvYcCVL4sbnFnLS1V8TSuOUPEjzPVYqEkKOsHvBEorUJL6J0d8Kc0zIzyggM1uDDeZ9tlvqThUYu2Qmid2FLpU=@vger.kernel.org X-Gm-Message-State: AOJu0Yw57At9pvI+YylOwHqNiwE+++Rtbs7mARNSK4buIA1/kBY0+CBK JVv7SOYvo1P6lW5LBRHsG/GyFb6AMg9V0oLsx7A3PozBJRzhSV7gpRlFrd2gBUmeOOkNFKOb+Ty UdlwswdOXKDMPD/OulWPku6qpNZR/8Q== X-Received: from wmpj41.prod.google.com ([2002:a05:600c:48a9:b0:485:3a2f:2f7e]) (user=sebastianene job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:46cb:b0:485:3dfc:57c with SMTP id 5b1f17b1804b1-4853dfc073cmr92510315e9.21.1773146996957; Tue, 10 Mar 2026 05:49:56 -0700 (PDT) Date: Tue, 10 Mar 2026 12:49:31 +0000 In-Reply-To: <20260310124933.830025-1-sebastianene@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260310124933.830025-1-sebastianene@google.com> X-Mailer: git-send-email 2.53.0.473.g4a7958ca14-goog Message-ID: <20260310124933.830025-13-sebastianene@google.com> Subject: [PATCH 12/14] KVM: arm64: Restrict host updates to GITS_CBASER From: Sebastian Ene To: alexandru.elisei@arm.com, kvmarm@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, android-kvm@google.com Cc: catalin.marinas@arm.com, dbrazdil@google.com, joey.gouly@arm.com, kees@kernel.org, mark.rutland@arm.com, maz@kernel.org, oupton@kernel.org, perlarsen@google.com, qperret@google.com, rananta@google.com, sebastianene@google.com, smostafa@google.com, suzuki.poulose@arm.com, tabba@google.com, tglx@kernel.org, vdonnefort@google.com, bgrzesik@google.com, will@kernel.org, yuzenghui@huawei.com Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Prevent the host from updating the ITS command queue base address (GITS_CBASER) while the ITS is enabled or not in a quiescent state. This enforcement prevents unpredictable hardware behavior and ensures the host cannot update the hardware with a new queue address behind the hypervisor's back, which would bypass the command queue shadowing mechanism. Signed-off-by: Sebastian Ene --- arch/arm64/kvm/hyp/nvhe/its_emulate.c | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/arch/arm64/kvm/hyp/nvhe/its_emulate.c b/arch/arm64/kvm/hyp/nvh= e/its_emulate.c index 539d2ee3b58e..9715f15cd432 100644 --- a/arch/arm64/kvm/hyp/nvhe/its_emulate.c +++ b/arch/arm64/kvm/hyp/nvhe/its_emulate.c @@ -291,6 +291,30 @@ static void ctlr_write(struct its_priv_state *its, u64= offset, u64 value) writeq_relaxed(value, its->base + GITS_CTLR); } =20 +static void cbaser_write(struct its_priv_state *its, u64 offset, u64 value) +{ + u64 ctlr =3D readq_relaxed(its->base + GITS_CTLR); + int num_pages; + + if ((ctlr & GITS_CTLR_ENABLE) || + !(ctlr & GITS_CTLR_QUIESCENT)) + return; + + num_pages =3D its->shadow->cmdq_len / SZ_4K; + value &=3D ~GENMASK(7, 0) | ~GENMASK_ULL(51, 12); + + value |=3D (num_pages - 1) & GENMASK(7, 0); + value |=3D __hyp_pa(its->cmd_hyp_base) & GENMASK_ULL(51, 12); + + its->cmd_host_cwriter =3D its->cmd_host_base; + writeq_relaxed(value, its->base + GITS_CBASER); +} + +static void cbaser_read(struct its_priv_state *its, u64 offset, u64 *read) +{ + *read =3D readq_relaxed(its->base + GITS_CBASER); +} + #define ITS_HANDLER(off, sz, write_cb, read_cb) \ { \ .offset =3D (off), \ @@ -302,6 +326,7 @@ static void ctlr_write(struct its_priv_state *its, u64 = offset, u64 value) static struct its_handler its_handlers[] =3D { ITS_HANDLER(GITS_CWRITER, sizeof(u64), cwriter_write, cwriter_read), ITS_HANDLER(GITS_CTLR, sizeof(u64), ctlr_write, ctlr_read), + ITS_HANDLER(GITS_CBASER, sizeof(u64), cbaser_write, cbaser_read), {}, }; =20 --=20 2.53.0.473.g4a7958ca14-goog