On 3/18/22 12:38 PM, Oliver Upton wrote:
> The SMCCC does not allow the SMC64 calling convention to be used from
> AArch32. While KVM checks to see if the calling convention is allowed in
> PSCI_1_0_FN_PSCI_FEATURES, it does not actually prevent calls to
> unadvertised PSCI v1.0+ functions.
>
> Check to see if the requested function is allowed from the guest's
> execution state. Deny the call if it is not.
>
> Fixes: d43583b890e7 ("KVM: arm64: Expose PSCI SYSTEM_RESET2 call to the guest")
> Cc: Will Deacon <will@xxxxxxxxxx>
> Signed-off-by: Oliver Upton <oupton@xxxxxxxxxx>
Reviewed-by: Reiji Watanabe <reijiw@xxxxxxxxxx>
BTW, considering the new kvm_psci_check_allowed_function()implementation
in the patch-1, it might be better to call kvm_psci_check_allowed_function()
from kvm_psci_call() instead? Then, we could avoid the similar issue
next time we support a newer PSCI version.
Thanks,
Reiji
> ---
> arch/arm64/kvm/psci.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/arch/arm64/kvm/psci.c b/arch/arm64/kvm/psci.c
> index cd3ee947485f..0d771468b708 100644
> --- a/arch/arm64/kvm/psci.c
> +++ b/arch/arm64/kvm/psci.c
> @@ -318,6 +318,10 @@ static int kvm_psci_1_x_call(struct kvm_vcpu *vcpu, u32 minor)
> if (minor > 1)
> return -EINVAL;
>
> + val = kvm_psci_check_allowed_function(vcpu, psci_fn);
> + if (val)
> + goto out;
> +
> switch(psci_fn) {
> case PSCI_0_2_FN_PSCI_VERSION:
> val = minor == 0 ? KVM_ARM_PSCI_1_0 : KVM_ARM_PSCI_1_1;
> @@ -378,6 +382,7 @@ static int kvm_psci_1_x_call(struct kvm_vcpu *vcpu, u32 minor)
> return kvm_psci_0_2_call(vcpu);
> }
>
> +out:
> smccc_set_retval(vcpu, val, 0, 0, 0);
> return ret;
> }
