Hi Marc,
On 01/03/18 15:55, Marc Zyngier wrote:
> We're now ready to map our vectors in weird and wonderful locations.
> On enabling ARM64_HARDEN_EL2_VECTORS, a vector slots gets allocated
> if this hasn't been already done via ARM64_HARDEN_BRANCH_PREDICTOR
> and gets mapped outside of the normal RAM region, next to the
> idmap.
>
> That way, being able to obtain VBAR_EL2 doesn't reveal the mapping
> of the rest of the hypervisor code.
> diff --git a/arch/arm64/include/asm/kvm_mmu.h b/arch/arm64/include/asm/kvm_mmu.h
> index 3da9e5aea936..433d13d0c271 100644
> --- a/arch/arm64/include/asm/kvm_mmu.h
> +++ b/arch/arm64/include/asm/kvm_mmu.h
[..]
>
> +/* This is only called on a !VHE system */
> static inline int kvm_map_vectors(void)
> {
> - return create_hyp_mappings(kvm_ksym_ref(__bp_harden_hyp_vecs_start),
> - kvm_ksym_ref(__bp_harden_hyp_vecs_end),
> - PAGE_HYP_EXEC);
> -}
> + phys_addr_t vect_pa = virt_to_phys(__bp_harden_hyp_vecs_start);
__pa_symbol()?
A gift from CONFIG_DEBUG_VIRTUAL:
[ 3.479878] kvm [1]: 8-bit VMID
[ 3.500761] ------------[ cut here ]------------
[ 3.505608] virt_to_phys used for non-linear address: 000000006fa7ae39
(__bp_harden_hyp_vecs_start+0x0/0x2000)
[ 3.515907] WARNING: CPU: 3 PID: 1 at ../arch/arm64/mm/physaddr.c:15
__virt_to_phys+0x48/0x68
[ 3.524614] Modules linked in:
[ 3.527782] CPU: 3 PID: 1 Comm: swapper/0 Not tainted
4.16.0-rc4-00024-gf6f4460e41ba-dirty #9396
[ 3.536751] Hardware name: ARM Juno development board (r1) (DT)
[ 3.542806] pstate: 80400005 (Nzcv daif +PAN -UAO)
[ 3.547716] pc : __virt_to_phys+0x48/0x68
[ 3.551832] lr : __virt_to_phys+0x48/0x68
[ 3.641447] Call trace:
[ 3.643975] __virt_to_phys+0x48/0x68
[ 3.647739] kvm_arch_init+0x2fc/0x734
[ 3.651589] kvm_init+0x28/0x2b0
[ 3.654910] arm_init+0x1c/0x24
[ 3.658143] do_one_initcall+0x38/0x11c
[ 3.662083] kernel_init_freeable+0x1e0/0x27c
[ 3.666552] kernel_init+0x10/0xfc
[ 3.670049] ret_from_fork+0x10/0x18
[ 3.673731] ---[ end trace d4ef061e4bf05fc6 ]---
[ 3.678870] kvm [1]: vgic-v2@2c04f000
[ 3.683424] kvm [1]: vgic interrupt IRQ1
[ 3.687675] kvm [1]: virtual timer IRQ5
[ 3.692375] kvm [1]: Hyp mode initialized successfully
[ 3.718640] Initialise system trusted keyrings
> + unsigned long size = __bp_harden_hyp_vecs_end - __bp_harden_hyp_vecs_start;
> +
> + if (cpus_have_const_cap(ARM64_HARDEN_BRANCH_PREDICTOR)) {
> + int ret;
> +
> + ret = create_hyp_mappings(kvm_ksym_ref(__bp_harden_hyp_vecs_start),
> + kvm_ksym_ref(__bp_harden_hyp_vecs_end),
> + PAGE_HYP_EXEC);
> +
> + if (ret)
> + return ret;
> +
> + __kvm_bp_vect_base = kvm_ksym_ref(__bp_harden_hyp_vecs_start);
> + __kvm_bp_vect_base = kern_hyp_va(__kvm_bp_vect_base);
> + }
> +
> + if (cpus_have_const_cap(ARM64_HARDEN_EL2_VECTORS)) {
> + __kvm_harden_el2_vector_slot = atomic_inc_return(&arm64_el2_vector_last_slot);
> + BUG_ON(__kvm_harden_el2_vector_slot >= BP_HARDEN_EL2_SLOTS);
> + return create_hyp_exec_mappings(vect_pa, size,
> + &__kvm_bp_vect_base);
> + }
>
> + return 0;
> +}
Thanks,
James
