[PATCH v1 3/4] KVM: arm64: Add compile-time type check to vcpu_write_sys_reg()
Fuad Tabba
tabba at google.com
Mon Oct 27 04:39:42 PDT 2025
The vcpu_write_sys_reg() function, like __vcpu_assign_sys_reg(),
is susceptible to parameter transposition bugs where the 'u64 val' is
accidentally passed in the 'reg' slot.
Even with the now-consistent parameter ordering, this remains a risk.
To apply the same compile-time checks, vcpu_write_sys_reg() is converted
into a macro. The original function implementation is converted into a
helper as _vcpu_write_sys_reg(). The new macro wrapper performs the same
type compatibility check as its `__vcpu_assign_sys_reg` counterpart,
preventing the 'reg' parameter from being a 'u64'.
This patch also includes related cleanups made necessary or apparent by
this change:
* The 'reg' parameters for __vcpu_read_sys_reg() and
__vcpu_write_sys_reg() are tightened from 'int' to 'enum vcpu_sysreg'.
* The 'struct sys_reg_desc.reg' field is changed from 'int' to 'enum
vcpu_sysreg'.
No functional change intended.
Signed-off-by: Fuad Tabba <tabba at google.com>
---
arch/arm64/include/asm/kvm_host.h | 8 +++++++-
arch/arm64/kvm/hyp/exception.c | 4 ++--
arch/arm64/kvm/sys_regs.c | 2 +-
arch/arm64/kvm/sys_regs.h | 2 +-
4 files changed, 11 insertions(+), 5 deletions(-)
diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h
index 2c33ea5fdb1c..2b7c8ba8802d 100644
--- a/arch/arm64/include/asm/kvm_host.h
+++ b/arch/arm64/include/asm/kvm_host.h
@@ -1168,7 +1168,13 @@ u64 kvm_vcpu_apply_reg_masks(const struct kvm_vcpu *, enum vcpu_sysreg, u64);
})
u64 vcpu_read_sys_reg(const struct kvm_vcpu *, enum vcpu_sysreg);
-void vcpu_write_sys_reg(struct kvm_vcpu *, enum vcpu_sysreg, u64);
+void _vcpu_write_sys_reg(struct kvm_vcpu *, enum vcpu_sysreg, u64);
+
+#define vcpu_write_sys_reg(v, r, val) \
+ do { \
+ BUILD_BUG_ON_ZERO(__builtin_types_compatible_p(typeof(r), u64));\
+ _vcpu_write_sys_reg(v, r, val); \
+ } while (0)
struct kvm_vm_stat {
struct kvm_vm_stat_generic generic;
diff --git a/arch/arm64/kvm/hyp/exception.c b/arch/arm64/kvm/hyp/exception.c
index a5e5eda7aba0..6f8b1b5f2cab 100644
--- a/arch/arm64/kvm/hyp/exception.c
+++ b/arch/arm64/kvm/hyp/exception.c
@@ -20,7 +20,7 @@
#error Hypervisor code only!
#endif
-static inline u64 __vcpu_read_sys_reg(const struct kvm_vcpu *vcpu, int reg)
+static inline u64 __vcpu_read_sys_reg(const struct kvm_vcpu *vcpu, enum vcpu_sysreg reg)
{
if (has_vhe())
return vcpu_read_sys_reg(vcpu, reg);
@@ -28,7 +28,7 @@ static inline u64 __vcpu_read_sys_reg(const struct kvm_vcpu *vcpu, int reg)
return __vcpu_sys_reg(vcpu, reg);
}
-static inline void __vcpu_write_sys_reg(struct kvm_vcpu *vcpu, int reg, u64 val)
+static inline void __vcpu_write_sys_reg(struct kvm_vcpu *vcpu, enum vcpu_sysreg reg, u64 val)
{
if (has_vhe())
vcpu_write_sys_reg(vcpu, reg, val);
diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c
index d0d696d0819a..8e323353383c 100644
--- a/arch/arm64/kvm/sys_regs.c
+++ b/arch/arm64/kvm/sys_regs.c
@@ -338,7 +338,7 @@ u64 vcpu_read_sys_reg(const struct kvm_vcpu *vcpu, enum vcpu_sysreg reg)
return __vcpu_sys_reg(vcpu, reg);
}
-void vcpu_write_sys_reg(struct kvm_vcpu *vcpu, enum vcpu_sysreg reg, u64 val)
+void _vcpu_write_sys_reg(struct kvm_vcpu *vcpu, enum vcpu_sysreg reg, u64 val)
{
struct sr_loc loc = {};
diff --git a/arch/arm64/kvm/sys_regs.h b/arch/arm64/kvm/sys_regs.h
index b3f904472fac..a98c3aadcdbd 100644
--- a/arch/arm64/kvm/sys_regs.h
+++ b/arch/arm64/kvm/sys_regs.h
@@ -78,7 +78,7 @@ struct sys_reg_desc {
u64 (*reset)(struct kvm_vcpu *, const struct sys_reg_desc *);
/* Index into sys_reg[], or 0 if we don't need to save it. */
- int reg;
+ enum vcpu_sysreg reg;
/* Value (usually reset value), or write mask for idregs */
u64 val;
--
2.51.1.838.g19442a804e-goog
More information about the linux-arm-kernel
mailing list