[PATCH v1 0/4] KVM: arm64: Prevent sysreg helper parameter transposition

[Fuad Tabba]

Some of the KVM/arm64 sysreg helper functions and macros, such as
vcpu_write_sys_reg() and __vcpu_assign_sys_reg(), are prone to parameter
transposition bugs. The 'reg'/'r' (enum vcpu_sysreg) and 'val'/'v' (u64)
can be easily swapped, as the types are not distinct enough to be caught
by the compiler.

There are a few functions and macros that have similar parameters and
behavior, e.g., vcpu_write_sys_reg(), __vcpu_assign_sys_reg(), and
__vcpu_rmw_sys_reg(). However, the ordering of the reg and value
parameters is not consitent across them [*].

Moreover, there is neither a compile time nor a runtime check that
catches these errors. This has caused at least one bug that made it
upsteam: commit 798eb5978700 ("KVM: arm64: Sync protected guest VBAR_EL1
on injecting an undef exception"), and other kernel developers have also
run into similar issues from speaking to them.

This series addresses this in two ways:

* The parameter order of vcpu_write_sys_reg() is changed from (vcpu,
  val, reg) to (vcpu, reg, val), making it consistent with similar
  functions and macros.
* Compile-time checks are added to prevent the 'reg' parameter from
  having a 'u64' type, which directly catches the transposition bug.

No functional change is intended in this series.

Based on Linux 6.18-rc3.

Cheers,
/fuad

[*] Just take look at __vcpu_write_sys_reg() in
  arch/arm64/kvm/hyp/exception.c for example:

static inline void __vcpu_write_sys_reg(struct kvm_vcpu *vcpu, u64 val, int reg)
{
	if (has_vhe())
		vcpu_write_sys_reg(vcpu, val, reg);
	else
		__vcpu_assign_sys_reg(vcpu, reg, val);
}

Fuad Tabba (4):
  KVM: arm64: Switch reg and val parameter ordering in
    vcpu_write_sys_reg()
  KVM: arm64: Add compile-time type check for register in
    __vcpu_assign_sys_reg()
  KVM: arm64: Add compile-time type check to vcpu_write_sys_reg()
  KVM: arm64: Add compile-time type check for register in
    __vcpu_rmw_sys_reg()

 arch/arm64/include/asm/kvm_emulate.h |  2 +-
 arch/arm64/include/asm/kvm_host.h    | 44 ++++++++++++++++------------
 arch/arm64/kvm/at.c                  |  6 ++--
 arch/arm64/kvm/emulate-nested.c      |  4 +--
 arch/arm64/kvm/hyp/exception.c       | 14 ++++-----
 arch/arm64/kvm/hyp/vhe/switch.c      |  2 +-
 arch/arm64/kvm/inject_fault.c        | 16 +++++-----
 arch/arm64/kvm/nested.c              |  4 +--
 arch/arm64/kvm/pmu-emul.c            |  7 +++--
 arch/arm64/kvm/sys_regs.c            | 16 +++++-----
 arch/arm64/kvm/sys_regs.h            |  2 +-
 11 files changed, 63 insertions(+), 54 deletions(-)


base-commit: dcb6fa37fd7bc9c3d2b066329b0d27dedf8becaa
-- 
2.51.1.838.g19442a804e-goog