If read_id_reg() is called for an ID register which is Read-As-Zero
(RAZ), it initializes the return value to zero, then goes through a list
of registers which require special handling.
By not returning as soon as it tests if the register is RAZ, it creates
the opportunity for bugs, if a patch changes a register to RAZ (like has
happened with PMSWINC_EL0 in commit 11663111cd49), but doesn't remove the
special handling from read_id_reg(); or if a register is RAZ in certain
situations, and readable in others.
Return early as to make it impossible for a RAZ register to be anything
other than zero.
Signed-off-by: Alexandru Elisei <alexandru.elisei@xxxxxxx>
---
arch/arm64/kvm/sys_regs.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c
index 1d46e185f31e..4adda8bf3168 100644
--- a/arch/arm64/kvm/sys_regs.c
+++ b/arch/arm64/kvm/sys_regs.c
@@ -1064,7 +1064,12 @@ static u64 read_id_reg(const struct kvm_vcpu *vcpu,
struct sys_reg_desc const *r, bool raz)
{
u32 id = reg_to_encoding(r);
- u64 val = raz ? 0 : read_sanitised_ftr_reg(id);
+ u64 val;
+
+ if (raz)
+ return 0;
+
+ val = read_sanitised_ftr_reg(id);
switch (id) {
case SYS_ID_AA64PFR0_EL1:
--
2.33.0
_______________________________________________
kvmarm mailing list
kvmarm@xxxxxxxxxxxxxxxxxxxxx
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
