From nobody Thu Apr 9 07:16:34 2026 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 982CA3EE1C3 for ; Tue, 10 Mar 2026 12:49:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773147000; cv=none; b=cp8rqSZTY4rcBJI5skNl/6NXgpqwVqhL+5RYiuMjkS9nKuOepJOrMbWjsUlIaIyg/9UJ+F5zn8vcYG81N5f3DUwZ1cZtLxOrtR8MBcP0r+f1iViRfRQm6lq6WwBD6p4/wRXVdB5aQollL3F3AF7TX6uDvIHMPszJe7aceeu3pgc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773147000; c=relaxed/simple; bh=dQXB6lQBS0QKJpL+HhStZfpp+h+pcXSATbZcztl2TJk=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=Qip0b7ZTUrztEaL/Cfm6RdmGFv/KegWuHgPisZmkiWRClN/ShLuzmzfVyou9qb68aTxbyN1ij0wrcjlpB6GM68SD7Eve7NXfE3Y7GsHNmsq21P4OzmO6nJ/Ozqbkvd4d3soiOGO7Sf75YbAYLY5TPXR1BHT1oQsOP9K3nAE8VDA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--sebastianene.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=GwX4sqWQ; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--sebastianene.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="GwX4sqWQ" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-4853b00f9f5so17898085e9.2 for ; Tue, 10 Mar 2026 05:49:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1773146998; x=1773751798; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=ok3Trxc1drhi1LSuLE9o9e58C6eJmakQglQiNgbjypE=; b=GwX4sqWQd3r0zmd6yeLBTi1cCOFGJC55fMRl7xVuStR4bB5YhmItBj3+89cDklAmqR zr4vTKeF/6u+dZQ7VVFTW2TZlzxAlNEwAABtRmPXJFnwCy3aNV+fJFI7VWR9xsFSisjf HZZbe/rkWVNx89rc9u0WvFBeoorfj3DCePCtylRtnxBOg5KltfxJxaL8jHjkPfk6ZLH5 8gXKplv5SN/QSCRiGrMFvF36WtOq7ysP/NmO2dfARYcpkkuUukTl7yWCt6qfg+aPmpY2 hb7Ky+c2NDPGIYt6LHwEovMCgGKyESOv0UTmc3U5AJUJmKPqWnk00W1Hl3xATBjcc/js ypHA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1773146998; x=1773751798; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=ok3Trxc1drhi1LSuLE9o9e58C6eJmakQglQiNgbjypE=; b=cxmxiBH7Wc2lKchbbsNmj2QIgHNfOTgAyryM/SuLpOIldktTZNSK1B0c7iZrIcMd8R W1CTBEYwSpBKnKuZKIsukf9vmMdXDEVGtJ9Rom36z5wBezLJj5Af/ieaWXLkcfZ7aWIC OOCNbhj4dwTRyczEZhwMwXxGk/FI9qvVrbbvwDPyJu58GavkR0UCHwYwMm6AlqtPIupg tgQpEeUSvIM+1LwRzvVgRE/AZu0BuxMMvlUqlTs6V7nPfWhPtJo/gb93vVAVUZsbDPLJ Wp2HHoJ3I0dcSgMLJBn6nUJKw5OVLJgtC6wxQGLNucethQwKkuVgwdweWDNzn932Gdht lckA== X-Forwarded-Encrypted: i=1; AJvYcCVZ0kfJHHBnbfKU/f7IfiCNoaLFGQ5p8g0bFEPjPGCV/uJcvhTuCXGyr/Km4AHe68gAPeu0nvlHgZjMwn0=@vger.kernel.org X-Gm-Message-State: AOJu0Ywi/RR9B571PwCrr6RZE/5Dx+wrDI3CmRsevnXC61WJvQB7AGbc uS99jlwm2LYa1RqmD0wl7wU0t7UJocUXtxfDM7+LYUeRZU4XRUQK0stZLyVC66Nm5ySZPF3Kuhc VqDqAWxVU2eg48EXOYnTR6j85ZZsq5g== X-Received: from wrbeh2.prod.google.com ([2002:a05:6000:4102:b0:439:e77e:e4b4]) (user=sebastianene job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:8708:b0:485:3a03:ceca with SMTP id 5b1f17b1804b1-4853c39afc4mr90731285e9.23.1773146998009; Tue, 10 Mar 2026 05:49:58 -0700 (PDT) Date: Tue, 10 Mar 2026 12:49:32 +0000 In-Reply-To: <20260310124933.830025-1-sebastianene@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260310124933.830025-1-sebastianene@google.com> X-Mailer: git-send-email 2.53.0.473.g4a7958ca14-goog Message-ID: <20260310124933.830025-14-sebastianene@google.com> Subject: [PATCH 13/14] KVM: arm64: Restrict host updates to GITS_BASER From: Sebastian Ene To: alexandru.elisei@arm.com, kvmarm@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, android-kvm@google.com Cc: catalin.marinas@arm.com, dbrazdil@google.com, joey.gouly@arm.com, kees@kernel.org, mark.rutland@arm.com, maz@kernel.org, oupton@kernel.org, perlarsen@google.com, qperret@google.com, rananta@google.com, sebastianene@google.com, smostafa@google.com, suzuki.poulose@arm.com, tabba@google.com, tglx@kernel.org, vdonnefort@google.com, bgrzesik@google.com, will@kernel.org, yuzenghui@huawei.com Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Prevent the host from updating the ITS tables while the ITS is enabled and the tables are already set. This enforcement prevents unpredictable hardware behavior and ensures the host cannot update the hardware with an unverified table address or size or change its layout. Signed-off-by: Sebastian Ene --- arch/arm64/kvm/hyp/nvhe/its_emulate.c | 45 +++++++++++++++++++++++---- 1 file changed, 39 insertions(+), 6 deletions(-) diff --git a/arch/arm64/kvm/hyp/nvhe/its_emulate.c b/arch/arm64/kvm/hyp/nvh= e/its_emulate.c index 9715f15cd432..e4136a4a2ecb 100644 --- a/arch/arm64/kvm/hyp/nvhe/its_emulate.c +++ b/arch/arm64/kvm/hyp/nvhe/its_emulate.c @@ -22,6 +22,7 @@ struct its_priv_state { struct its_handler { u64 offset; u8 access_size; + u8 num_registers; void (*write)(struct its_priv_state *its, u64 offset, u64 value); void (*read)(struct its_priv_state *its, u64 offset, u64 *read); }; @@ -315,18 +316,48 @@ static void cbaser_read(struct its_priv_state *its, u= 64 offset, u64 *read) *read =3D readq_relaxed(its->base + GITS_CBASER); } =20 -#define ITS_HANDLER(off, sz, write_cb, read_cb) \ +static void baser_write(struct its_priv_state *its, u64 offset, u64 value) +{ + u64 baser, ctlr =3D readq_relaxed(its->base + GITS_CTLR); + int baser_idx; + + if ((ctlr & GITS_CTLR_ENABLE) || + !(ctlr & GITS_CTLR_QUIESCENT)) + return; + + baser_idx =3D (offset - GITS_BASER) >> 3; + baser =3D its->shadow->tables[baser_idx].val; + if ((value & GITS_BASER_INDIRECT) !=3D (baser & GITS_BASER_INDIRECT)) + return; + + value &=3D ~GENMASK(47, 12) | ~GENMASK(9, 0); + value |=3D (baser & GENMASK(47, 12)) | (baser & GENMASK(9, 0)); + + writeq_relaxed(value, its->base + offset); +} + +static void baser_read(struct its_priv_state *its, u64 offset, u64 *read) +{ + *read =3D readq_relaxed(its->base + offset); +} + +#define ITS_HANDLER(off, sz, num, write_cb, read_cb) \ { \ .offset =3D (off), \ .access_size =3D (sz), \ + .num_registers =3D (num), \ .write =3D (write_cb), \ .read =3D (read_cb), \ } =20 +#define ITS_REG(off, sz, write_cb, read_cb) \ + ITS_HANDLER(off, sz, 1, write_cb, read_cb) + static struct its_handler its_handlers[] =3D { - ITS_HANDLER(GITS_CWRITER, sizeof(u64), cwriter_write, cwriter_read), - ITS_HANDLER(GITS_CTLR, sizeof(u64), ctlr_write, ctlr_read), - ITS_HANDLER(GITS_CBASER, sizeof(u64), cbaser_write, cbaser_read), + ITS_REG(GITS_CWRITER, sizeof(u64), cwriter_write, cwriter_read), + ITS_REG(GITS_CTLR, sizeof(u64), ctlr_write, ctlr_read), + ITS_REG(GITS_CBASER, sizeof(u64), cbaser_write, cbaser_read), + ITS_HANDLER(GITS_BASER, sizeof(u64), 8, baser_write, baser_read), {}, }; =20 @@ -354,14 +385,16 @@ void pkvm_handle_gic_emulation(struct pkvm_protected_= reg *region, u64 offset, bo struct its_priv_state *its_priv =3D region->priv; void __iomem *addr; struct its_handler *reg_handler; + u64 end; =20 if (!its_priv) return; =20 addr =3D its_priv->base + offset; for (reg_handler =3D its_handlers; reg_handler->access_size; reg_handler+= +) { - if (reg_handler->offset > offset || - reg_handler->offset + reg_handler->access_size <=3D offset) + end =3D reg_handler->offset + reg_handler->access_size * reg_handler->nu= m_registers; + + if (reg_handler->offset > offset || end <=3D offset) continue; =20 if (reg_handler->access_size & (reg_size - 1)) --=20 2.53.0.473.g4a7958ca14-goog