Commit 2890ac99 authored by Marc Zyngier's avatar Marc Zyngier
Browse files

KVM: arm64: PSCI: Narrow input registers when using 32bit functions 



When a guest delibarately uses an SMC32 function number (which is allowed),
we should make sure we drop the top 32bits from the input arguments, as they
could legitimately be junk.

Reported-by: default avatarChristoffer Dall <christoffer.dall@arm.com>
Reviewed-by: default avatarChristoffer Dall <christoffer.dall@arm.com>
Reviewed-by: default avatarAlexandru Elisei <alexandru.elisei@arm.com>
Signed-off-by: default avatarMarc Zyngier <maz@kernel.org>
parent 8f3d9f35

virt/kvm/arm/psci.c

+16 −0
Original line number Diff line number Diff line
@@ -186,6 +186,18 @@ static void kvm_psci_system_reset(struct kvm_vcpu *vcpu) 
	kvm_prepare_system_event(vcpu, KVM_SYSTEM_EVENT_RESET);

}



static void kvm_psci_narrow_to_32bit(struct kvm_vcpu *vcpu)

{

	int i;



	/*

	 * Zero the input registers' upper 32 bits. They will be fully

	 * zeroed on exit, so we're fine changing them in place.

	 */

	for (i = 1; i < 4; i++)

		vcpu_set_reg(vcpu, i, lower_32_bits(vcpu_get_reg(vcpu, i)));

}



static int kvm_psci_0_2_call(struct kvm_vcpu *vcpu)

{

	struct kvm *kvm = vcpu->kvm;
@@ -210,12 +222,16 @@ static int kvm_psci_0_2_call(struct kvm_vcpu *vcpu) 
		val = PSCI_RET_SUCCESS;

		break;

	case PSCI_0_2_FN_CPU_ON:

		kvm_psci_narrow_to_32bit(vcpu);

		fallthrough;

	case PSCI_0_2_FN64_CPU_ON:

		mutex_lock(&kvm->lock);

		val = kvm_psci_vcpu_on(vcpu);

		mutex_unlock(&kvm->lock);

		break;

	case PSCI_0_2_FN_AFFINITY_INFO:

		kvm_psci_narrow_to_32bit(vcpu);

		fallthrough;

	case PSCI_0_2_FN64_AFFINITY_INFO:

		val = kvm_psci_vcpu_affinity_info(vcpu);

		break;

CRA Git | Maintained and supported by SUSTech CRA and CCSE