KVM: arm/arm64: Extract GICv3 max APRn index calculation

As we are about to access the APRs from the GICv2 uaccess interface,
make this logic generally available.

Reviewed-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Christoffer Dall <cdall@linaro.org>
(cherry picked from commit 50f5bd5718df9e71d1f4ba69a6480dbad54b2f24)

CVE-2017-5753
CVE-2017-5715
CVE-2017-5754

Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
Acked-by: Brad Figg <brad.figg@canonical.com>
Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com>

diff --git a/arch/arm64/kvm/vgic-sys-reg-v3.c b/arch/arm64/kvm/vgic-sys-reg-v3.c
index 116786d2e8e8fdbe7c2dfc4056b87918e4bf25bf..c77d508b74620e0d5c5868a542346efff9f70ab9 100644 (file)
--- a/arch/arm64/kvm/vgic-sys-reg-v3.c
+++ b/arch/arm64/kvm/vgic-sys-reg-v3.c
@@ -208,29 +208,12 @@ static void vgic_v3_access_apr_reg(struct kvm_vcpu *vcpu,
 static bool access_gic_aprn(struct kvm_vcpu *vcpu, struct sys_reg_params *p,
                            const struct sys_reg_desc *r, u8 apr)
 {
-       struct vgic_cpu *vgic_v3_cpu = &vcpu->arch.vgic_cpu;
        u8 idx = r->Op2 & 3;
 
-       /*
-        * num_pri_bits are initialized with HW supported values.
-        * We can rely safely on num_pri_bits even if VM has not
-        * restored ICC_CTLR_EL1 before restoring APnR registers.
-        */
-       switch (vgic_v3_cpu->num_pri_bits) {
-       case 7:
-               vgic_v3_access_apr_reg(vcpu, p, apr, idx);
-               break;
-       case 6:
-               if (idx > 1)
-                       goto err;
-               vgic_v3_access_apr_reg(vcpu, p, apr, idx);
-               break;
-       default:
-               if (idx > 0)
-                       goto err;
-               vgic_v3_access_apr_reg(vcpu, p, apr, idx);
-       }
+       if (idx > vgic_v3_max_apr_idx(vcpu))
+               goto err;
 
+       vgic_v3_access_apr_reg(vcpu, p, apr, idx);
        return true;
 err:
        if (!p->is_write)

diff --git a/virt/kvm/arm/vgic/vgic.h b/virt/kvm/arm/vgic/vgic.h
index bba7fa22a7f7c41a5d1fa88c02fb15c158992ccd..bf9ceab67c770c94d84b1e4a38e1479435f81325 100644 (file)
--- a/virt/kvm/arm/vgic/vgic.h
+++ b/virt/kvm/arm/vgic/vgic.h
@@ -220,4 +220,20 @@ int vgic_debug_destroy(struct kvm *kvm);
 bool lock_all_vcpus(struct kvm *kvm);
 void unlock_all_vcpus(struct kvm *kvm);
 
+static inline int vgic_v3_max_apr_idx(struct kvm_vcpu *vcpu)
+{
+       struct vgic_cpu *cpu_if = &vcpu->arch.vgic_cpu;
+
+       /*
+        * num_pri_bits are initialized with HW supported values.
+        * We can rely safely on num_pri_bits even if VM has not
+        * restored ICC_CTLR_EL1 before restoring APnR registers.
+        */
+       switch (cpu_if->num_pri_bits) {
+       case 7: return 3;
+       case 6: return 1;
+       default: return 0;
+       }
+}
+
 #endif