• Marc Zyngier's avatar
    KVM: arm64: PMU: Sanitise PMCR_EL0.LP on first vcpu run · 64d6820d
    Marc Zyngier authored
    Userspace can play some dirty tricks on us by selecting a given
    PMU version (such as PMUv3p5), restore a PMCR_EL0 value that
    has PMCR_EL0.LP set, and then switch the PMU version to PMUv3p1,
    for example. In this situation, we end-up with PMCR_EL0.LP being
    set and spreading havoc in the PMU emulation.
    
    This is specially hard as the first two step can be done on
    one vcpu and the third step on another, meaning that we need
    to sanitise *all* vcpus when the PMU version is changed.
    
    In orer to avoid a pretty complicated locking situation,
    defer the sanitisation of PMCR_EL0 to the point where the
    vcpu is actually run for the first tine, using the existing
    KVM_REQ_RELOAD_PMU request that calls into kvm_pmu_handle_pmcr().
    
    There is still an obscure corner case where userspace could
    do the above trick, and then save the VM without running it.
    They would then observe an inconsistent state (PMUv3.1 + LP set),
    but that state will be fixed on the first run anyway whenever
    the guest gets restored on a host.
    Reported-by: default avatarReiji Watanabe <reijiw@google.com>
    Signed-off-by: default avatarMarc Zyngier <maz@kernel.org>
    64d6820d
pmu-emul.c 25.5 KB