KVM: arm64: Support runtime sysreg visibility filtering

author Dave Martin <Dave.Martin@arm.com>

Fri, 28 Sep 2018 13:39:15 +0000 (14:39 +0100)

committer Marc Zyngier <marc.zyngier@arm.com>

Fri, 29 Mar 2019 14:41:53 +0000 (14:41 +0000)
author Dave Martin <Dave.Martin@arm.com>
Fri, 28 Sep 2018 13:39:15 +0000 (14:39 +0100)
committer Marc Zyngier <marc.zyngier@arm.com>
Fri, 29 Mar 2019 14:41:53 +0000 (14:41 +0000)
diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c

index a5d14b5e2ea4296ce439ab134c60d9b9b66b7ae8..c86a7b0d3e6b84aac668d2ea0d668c321a473814 100644 (file)
--- a/arch/arm64/kvm/sys_regs.c
+++ b/arch/arm64/kvm/sys_regs.c
@@ -1927,6 +1927,12 @@ static void perform_access(struct kvm_vcpu *vcpu,
  {
         trace_kvm_sys_access(*vcpu_pc(vcpu), params, r);
  
+       /* Check for regs disabled by runtime config */
+       if (sysreg_hidden_from_guest(vcpu, r)) {
+               kvm_inject_undefined(vcpu);
+               return;
+       }
+
         /*
          * Not having an accessor means that we have configured a trap
          * that we don't know how to handle. This certainly qualifies
@@ -2438,6 +2444,10 @@ int kvm_arm_sys_reg_get_reg(struct kvm_vcpu *vcpu, const struct kvm_one_reg *reg
         if (!r)
                 return get_invariant_sys_reg(reg->id, uaddr);
  
+       /* Check for regs disabled by runtime config */
+       if (sysreg_hidden_from_user(vcpu, r))
+               return -ENOENT;
+
         if (r->get_user)
                 return (r->get_user)(vcpu, r, reg, uaddr);
  
@@ -2459,6 +2469,10 @@ int kvm_arm_sys_reg_set_reg(struct kvm_vcpu *vcpu, const struct kvm_one_reg *reg
         if (!r)
                 return set_invariant_sys_reg(reg->id, uaddr);
  
+       /* Check for regs disabled by runtime config */
+       if (sysreg_hidden_from_user(vcpu, r))
+               return -ENOENT;
+
         if (r->set_user)
                 return (r->set_user)(vcpu, r, reg, uaddr);
  
@@ -2515,7 +2529,8 @@ static bool copy_reg_to_user(const struct sys_reg_desc *reg, u64 __user **uind)
         return true;
  }
  
-static int walk_one_sys_reg(const struct sys_reg_desc *rd,
+static int walk_one_sys_reg(const struct kvm_vcpu *vcpu,
+                           const struct sys_reg_desc *rd,
                             u64 __user **uind,
                             unsigned int *total)
  {
@@ -2526,6 +2541,9 @@ static int walk_one_sys_reg(const struct sys_reg_desc *rd,
         if (!(rd->reg || rd->get_user))
                 return 0;
  
+       if (sysreg_hidden_from_user(vcpu, rd))
+               return 0;
+
         if (!copy_reg_to_user(rd, uind))
                 return -EFAULT;
  
@@ -2554,9 +2572,9 @@ static int walk_sys_regs(struct kvm_vcpu *vcpu, u64 __user *uind)
                 int cmp = cmp_sys_reg(i1, i2);
                 /* target-specific overrides generic entry. */
                 if (cmp <= 0)
-                       err = walk_one_sys_reg(i1, &uind, &total);
+                       err = walk_one_sys_reg(vcpu, i1, &uind, &total);
                 else
-                       err = walk_one_sys_reg(i2, &uind, &total);
+                       err = walk_one_sys_reg(vcpu, i2, &uind, &total);
  
                 if (err)
                         return err;
diff --git a/arch/arm64/kvm/sys_regs.h b/arch/arm64/kvm/sys_regs.h

index 3b1bc7f01d0bd284314308898f7aa1448f5e0436..2be99508dcb9a892f943a064ea958d429f645182 100644 (file)
--- a/arch/arm64/kvm/sys_regs.h
+++ b/arch/arm64/kvm/sys_regs.h
@@ -64,8 +64,15 @@ struct sys_reg_desc {
                         const struct kvm_one_reg *reg, void __user *uaddr);
         int (*set_user)(struct kvm_vcpu *vcpu, const struct sys_reg_desc *rd,
                         const struct kvm_one_reg *reg, void __user *uaddr);
+
+       /* Return mask of REG_* runtime visibility overrides */
+       unsigned int (*visibility)(const struct kvm_vcpu *vcpu,
+                                  const struct sys_reg_desc *rd);
  };
  
+#define REG_HIDDEN_USER                (1 << 0) /* hidden from userspace ioctls */
+#define REG_HIDDEN_GUEST       (1 << 1) /* hidden from guest */
+
  static inline void print_sys_reg_instr(const struct sys_reg_params *p)
  {
         /* Look, we even formatted it for you to paste into the table! */
@@ -102,6 +109,24 @@ static inline void reset_val(struct kvm_vcpu *vcpu, const struct sys_reg_desc *r
         __vcpu_sys_reg(vcpu, r->reg) = r->val;
  }
  
+static inline bool sysreg_hidden_from_guest(const struct kvm_vcpu *vcpu,
+                                           const struct sys_reg_desc *r)
+{
+       if (likely(!r->visibility))
+               return false;
+
+       return r->visibility(vcpu, r) & REG_HIDDEN_GUEST;
+}
+
+static inline bool sysreg_hidden_from_user(const struct kvm_vcpu *vcpu,
+                                          const struct sys_reg_desc *r)
+{
+       if (likely(!r->visibility))
+               return false;
+
+       return r->visibility(vcpu, r) & REG_HIDDEN_USER;
+}
+
  static inline int cmp_sys_reg(const struct sys_reg_desc *i1,
                               const struct sys_reg_desc *i2)
  {
author	Dave Martin <Dave.Martin@arm.com>
	Fri, 28 Sep 2018 13:39:15 +0000 (14:39 +0100)
committer	Marc Zyngier <marc.zyngier@arm.com>
	Fri, 29 Mar 2019 14:41:53 +0000 (14:41 +0000)
arch/arm64/kvm/sys_regs.c		patch \| blob \| history
arch/arm64/kvm/sys_regs.h		patch \| blob \| history