From patchwork Mon Oct 12 14:04:50 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Rutland X-Patchwork-Id: 54763 Return-Path: X-Original-To: linaro@patches.linaro.org Delivered-To: linaro@patches.linaro.org Received: from mail-wi0-f198.google.com (mail-wi0-f198.google.com [209.85.212.198]) by patches.linaro.org (Postfix) with ESMTPS id 0E4F422DB6 for ; Mon, 12 Oct 2015 14:06:52 +0000 (UTC) Received: by wijq8 with SMTP id q8sf34742459wij.1 for ; Mon, 12 Oct 2015 07:06:51 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:delivered-to:from:to:subject:date:message-id :precedence:list-id:list-unsubscribe:list-archive:list-post :list-help:list-subscribe:cc:mime-version:content-type :content-transfer-encoding:sender:errors-to:x-original-sender :x-original-authentication-results:mailing-list; bh=Nay+oQcpXHsW0uDcZlPrN0KpZgPR/yDGqzOs1TZrH2A=; b=msfO2cRtznnlAfIt/V2+mklIb+HM8QH3zzr1DDrZxYCco/4NKDFM9tCJut6vI3xnfw F6GeJqWb9d9GcDlvSYxde4e89qnpfET5aYlUMYns5/iEl1mIgIpG4VoCXp4MF3ZE7ok5 0x2qslD7FOgRx6ci17YF7oQ6v01Z/z7ggeo1LhisTyyHMIy6fhVasIDQic3No90V9z4m PG94mDLEM2b4dkeYKa0hAkMuZnPmTaOcX9ioZ20w6rTm87YeFSsbA7ky2pj8h4tZC4DY fpiTuManlimlTf/aTtQtuWMm1e9LAXOzkuGnqiUW482EsEjjVlKZqRKbAQLKMvxiX2K2 cTXg== X-Gm-Message-State: ALoCoQlKBuiSXhaO3EhhX5V6qOlgDhkdBGIkFlGjVMQy8huTZ1wcGVRlpSJa7fFvA7SQE9eSzOGG X-Received: by 10.180.9.104 with SMTP id y8mr2915184wia.7.1444658811261; Mon, 12 Oct 2015 07:06:51 -0700 (PDT) X-BeenThere: patchwork-forward@linaro.org Received: by 10.25.89.207 with SMTP id n198ls486162lfb.54.gmail; Mon, 12 Oct 2015 07:06:51 -0700 (PDT) X-Received: by 10.112.200.202 with SMTP id ju10mr12203964lbc.97.1444658811108; Mon, 12 Oct 2015 07:06:51 -0700 (PDT) Received: from mail-lb0-f170.google.com (mail-lb0-f170.google.com. [209.85.217.170]) by mx.google.com with ESMTPS id r10si11339202lfg.142.2015.10.12.07.06.50 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 12 Oct 2015 07:06:50 -0700 (PDT) Received-SPF: pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.217.170 as permitted sender) client-ip=209.85.217.170; Received: by lbcao8 with SMTP id ao8so144342660lbc.3 for ; Mon, 12 Oct 2015 07:06:50 -0700 (PDT) X-Received: by 10.112.64.72 with SMTP id m8mr12192076lbs.41.1444658810563; Mon, 12 Oct 2015 07:06:50 -0700 (PDT) X-Forwarded-To: patchwork-forward@linaro.org X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org Delivered-To: patch@linaro.org Received: by 10.112.59.35 with SMTP id w3csp1569266lbq; Mon, 12 Oct 2015 07:06:49 -0700 (PDT) X-Received: by 10.66.161.7 with SMTP id xo7mr34005665pab.57.1444658809522; Mon, 12 Oct 2015 07:06:49 -0700 (PDT) Received: from bombadil.infradead.org (bombadil.infradead.org. [2001:1868:205::9]) by mx.google.com with ESMTPS id cd5si26293989pbb.185.2015.10.12.07.06.49 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 12 Oct 2015 07:06:49 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org designates 2001:1868:205::9 as permitted sender) client-ip=2001:1868:205::9; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.80.1 #2 (Red Hat Linux)) id 1ZldjS-0000Ea-Mp; Mon, 12 Oct 2015 14:05:42 +0000 Received: from foss.arm.com ([217.140.101.70]) by bombadil.infradead.org with esmtp (Exim 4.80.1 #2 (Red Hat Linux)) id 1ZldjQ-000088-2o for linux-arm-kernel@lists.infradead.org; Mon, 12 Oct 2015 14:05:40 +0000 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 2F18E3C; Mon, 12 Oct 2015 07:05:16 -0700 (PDT) Received: from leverpostej.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 4239C3F21A; Mon, 12 Oct 2015 07:05:17 -0700 (PDT) From: Mark Rutland To: linux-arm-kernel@lists.infradead.org Subject: [PATCH] arm64: kvm: restore EL1N SP for panic Date: Mon, 12 Oct 2015 15:04:50 +0100 Message-Id: <1444658690-8180-1-git-send-email-mark.rutland@arm.com> X-Mailer: git-send-email 1.9.1 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20151012_070540_172774_92A4EFB4 X-CRM114-Status: GOOD ( 12.03 ) X-Spam-Score: -6.9 (------) X-Spam-Report: SpamAssassin version 3.4.0 on bombadil.infradead.org summary: Content analysis details: (-6.9 points) pts rule name description ---- ---------------------- -------------------------------------------------- -5.0 RCVD_IN_DNSWL_HI RBL: Sender listed at http://www.dnswl.org/, high trust [217.140.101.70 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record -0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay domain -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: , List-Help: , List-Subscribe: , Cc: Mark Rutland , kvmarm@lists.cs.columbia.edu, Christoffer Dall MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org X-Removed-Original-Auth: Dkim didn't pass. X-Original-Sender: mark.rutland@arm.com X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.217.170 as permitted sender) smtp.mailfrom=patch+caf_=patchwork-forward=linaro.org@linaro.org Mailing-list: list patchwork-forward@linaro.org; contact patchwork-forward+owners@linaro.org X-Google-Group-Id: 836684582541 If we panic in hyp mode, we inject a call to panic() into the EL1N host kernel. If a guest context is active, we first attempt to restore the minimal amount of state necessary to execute the host kernel with restore_sysregs. However, the SP is restored as part of restore_common_regs, and so we may return to the host's panic() function with the SP of the guest. Any calculations based on the SP will be bogus, and any attempt to access the stack will result in recursive data aborts. When running Linux as a guest, the guest's EL1N SP is like to be some valid kernel address. In this case, the host kernel may use that region as a stack for panic(), corrupting it in the process. Avoid the problem by restoring the host SP prior to returning to the host. To prevent misleading backtraces in the host, the FP is zeroed at the same time. We don't need any of the other "common" registers in order to panic successfully. Signed-off-by: Mark Rutland Acked-by: Marc Zyngier Cc: Christoffer Dall Cc: --- arch/arm64/kvm/hyp.S | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/arch/arm64/kvm/hyp.S b/arch/arm64/kvm/hyp.S index e583613..1599701 100644 --- a/arch/arm64/kvm/hyp.S +++ b/arch/arm64/kvm/hyp.S @@ -880,6 +880,14 @@ __kvm_hyp_panic: bl __restore_sysregs + /* + * Make sure we have a valid host stack, and don't leave junk in the + * frame pointer that will give us a misleading host stack unwinding. + */ + ldr x22, [x2, #CPU_GP_REG_OFFSET(CPU_SP_EL1)] + msr sp_el1, x22 + mov x29, xzr + 1: adr x0, __hyp_panic_str adr x1, 2f ldp x2, x3, [x1]