On Thu, Dec 13, 2018 at 06:30:39PM +0000, Dave Martin wrote: > On Wed, Dec 12, 2018 at 08:17:03PM +0000, Dave Martin wrote: > > Since commit d26c25a9d19b ("arm64: KVM: Tighten guest core register > > access from userspace"), KVM_{GET,SET}_ONE_REG rejects register IDs > > that do not correspond to a single underlying architectural register. > > > > KVM_GET_REG_LIST was not changed to match however: instead, it > > simply yields a list of 32-bit register IDs that together cover the > > whole kvm_regs struct. This means that if userspace tries to use > > the resulting list of IDs directly to drive calls to KVM_*_ONE_REG, > > some of those calls will now fail. > > > > This was not the intention. Instead, iterating KVM_*_ONE_REG over > > the list of IDs returned by KVM_GET_REG_LIST should be guaranteed > > to work. > > > > This patch fixes the problem by splitting validate_core_reg_id() > > into a backend core_reg_size_from_offset() which does all of the > > work except for checking that the size field in the register ID > > matches, and kvm_arm_copy_reg_indices() and num_core_regs() are > > converted to use this to enumerate the valid offsets. > > > > kvm_arm_copy_reg_indices() now also sets the register ID size field > > appropriately based on the value returned, so the register ID > > supplied to userspace is fully qualified for use with the register > > access ioctls. > > > > Cc: stable@xxxxxxxxxxxxxxx > > Fixes: d26c25a9d19b ("arm64: KVM: Tighten guest core register access from userspace") > > Signed-off-by: Dave Martin <Dave.Martin@xxxxxxx> > > Tested now with [1], which obtains the reg list with KVM_GET_REG_LIST > and then tries to read each register listed. > > (Comparing v4.19 with a patches v4.20-rc5 was a bit lazy here, but there > is no reason to suppose the results would be different.) > > > This confirms both the exactly expected bug behaviour and the fix. > > > I have not yet checked what qemu does with the KVM_GET_REG_LIST data. Further to this, qemu seems only to use the non-KVM_REG_ARM_CORE registers from the KVM_GET_REG_LIST output, and uses its own built-in knowledge to enumerate the core regs (since that is a fixed set anyway). qemu already explicitly marks core regs with the correct size (32-/64- or 128-bit) when doing KVM_GET_ONE_REG/KVM_SET_ONE_REG. So it shouldn't be affected by this patch. [...] Cheers ---Dave