diff mbox series

[V3,02/16] arm64/cpufeature: Drop TraceFilt feature exposure from ID_DFR0 register

Message ID 1588426445-24344-3-git-send-email-anshuman.khandual@arm.com (mailing list archive)
State New, archived
Headers show
Series arm64/cpufeature: Introduce ID_PFR2, ID_DFR1, ID_MMFR5 and other changes | expand

Commit Message

Anshuman Khandual May 2, 2020, 1:33 p.m. UTC 
ID_DFR0 based TraceFilt feature should not be exposed to guests. Hence lets
drop it.

Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will@kernel.org>
Cc: Marc Zyngier <maz@kernel.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: James Morse <james.morse@arm.com>
Cc: Suzuki K Poulose <suzuki.poulose@arm.com>
Cc: linux-arm-kernel@lists.infradead.org
Cc: linux-kernel@vger.kernel.org

Suggested-by: Mark Rutland <mark.rutland@arm.com>
Reviewed-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Signed-off-by: Anshuman Khandual <anshuman.khandual@arm.com>
---
 arch/arm64/kernel/cpufeature.c | 1 -
 1 file changed, 1 deletion(-)

Comments

Will Deacon May 4, 2020, 8:24 p.m. UTC | #1 
On Sat, May 02, 2020 at 07:03:51PM +0530, Anshuman Khandual wrote:
> ID_DFR0 based TraceFilt feature should not be exposed to guests. Hence lets
> drop it.
> 
> Cc: Catalin Marinas <catalin.marinas@arm.com>
> Cc: Will Deacon <will@kernel.org>
> Cc: Marc Zyngier <maz@kernel.org>
> Cc: Mark Rutland <mark.rutland@arm.com>
> Cc: James Morse <james.morse@arm.com>
> Cc: Suzuki K Poulose <suzuki.poulose@arm.com>
> Cc: linux-arm-kernel@lists.infradead.org
> Cc: linux-kernel@vger.kernel.org
> 
> Suggested-by: Mark Rutland <mark.rutland@arm.com>
> Reviewed-by: Suzuki K Poulose <suzuki.poulose@arm.com>
> Signed-off-by: Anshuman Khandual <anshuman.khandual@arm.com>
> ---
>  arch/arm64/kernel/cpufeature.c | 1 -
>  1 file changed, 1 deletion(-)
> 
> diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
> index 6d032fbe416f..51386dade423 100644
> --- a/arch/arm64/kernel/cpufeature.c
> +++ b/arch/arm64/kernel/cpufeature.c
> @@ -435,7 +435,6 @@ static const struct arm64_ftr_bits ftr_id_pfr1[] = {
>  };
>  
>  static const struct arm64_ftr_bits ftr_id_dfr0[] = {
> -	ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, 28, 4, 0),

Hmm, this still confuses me. Is this not now FTR_NONSTRICT? Why is that ok?

Will
Anshuman Khandual May 5, 2020, 6:50 a.m. UTC | #2 
On 05/05/2020 01:54 AM, Will Deacon wrote:
> On Sat, May 02, 2020 at 07:03:51PM +0530, Anshuman Khandual wrote:
>> ID_DFR0 based TraceFilt feature should not be exposed to guests. Hence lets
>> drop it.
>>
>> Cc: Catalin Marinas <catalin.marinas@arm.com>
>> Cc: Will Deacon <will@kernel.org>
>> Cc: Marc Zyngier <maz@kernel.org>
>> Cc: Mark Rutland <mark.rutland@arm.com>
>> Cc: James Morse <james.morse@arm.com>
>> Cc: Suzuki K Poulose <suzuki.poulose@arm.com>
>> Cc: linux-arm-kernel@lists.infradead.org
>> Cc: linux-kernel@vger.kernel.org
>>
>> Suggested-by: Mark Rutland <mark.rutland@arm.com>
>> Reviewed-by: Suzuki K Poulose <suzuki.poulose@arm.com>
>> Signed-off-by: Anshuman Khandual <anshuman.khandual@arm.com>
>> ---
>>  arch/arm64/kernel/cpufeature.c | 1 -
>>  1 file changed, 1 deletion(-)
>>
>> diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
>> index 6d032fbe416f..51386dade423 100644
>> --- a/arch/arm64/kernel/cpufeature.c
>> +++ b/arch/arm64/kernel/cpufeature.c
>> @@ -435,7 +435,6 @@ static const struct arm64_ftr_bits ftr_id_pfr1[] = {
>>  };
>>  
>>  static const struct arm64_ftr_bits ftr_id_dfr0[] = {
>> -	ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, 28, 4, 0),
> 
> Hmm, this still confuses me. Is this not now FTR_NONSTRICT? Why is that ok?

Mark had mentioned about it earlier (https://patchwork.kernel.org/patch/11287805/)
Did I misinterpret the first part ? Could not figure "capping the emulated debug
features" part. Probably, Mark could give some more details.

From the earlier discussion:

* ID_DFR0 fields need more thought; we should limit what we expose here.
  I don't think it's valid for us to expose TraceFilt, and I suspect we
  need to add capping for debug features we currently emulate.
Will Deacon May 5, 2020, 10:42 a.m. UTC | #3 
On Tue, May 05, 2020 at 12:20:41PM +0530, Anshuman Khandual wrote:
> On 05/05/2020 01:54 AM, Will Deacon wrote:
> > On Sat, May 02, 2020 at 07:03:51PM +0530, Anshuman Khandual wrote:
> >> ID_DFR0 based TraceFilt feature should not be exposed to guests. Hence lets
> >> drop it.
> >>
> >> Cc: Catalin Marinas <catalin.marinas@arm.com>
> >> Cc: Will Deacon <will@kernel.org>
> >> Cc: Marc Zyngier <maz@kernel.org>
> >> Cc: Mark Rutland <mark.rutland@arm.com>
> >> Cc: James Morse <james.morse@arm.com>
> >> Cc: Suzuki K Poulose <suzuki.poulose@arm.com>
> >> Cc: linux-arm-kernel@lists.infradead.org
> >> Cc: linux-kernel@vger.kernel.org
> >>
> >> Suggested-by: Mark Rutland <mark.rutland@arm.com>
> >> Reviewed-by: Suzuki K Poulose <suzuki.poulose@arm.com>
> >> Signed-off-by: Anshuman Khandual <anshuman.khandual@arm.com>
> >> ---
> >>  arch/arm64/kernel/cpufeature.c | 1 -
> >>  1 file changed, 1 deletion(-)
> >>
> >> diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
> >> index 6d032fbe416f..51386dade423 100644
> >> --- a/arch/arm64/kernel/cpufeature.c
> >> +++ b/arch/arm64/kernel/cpufeature.c
> >> @@ -435,7 +435,6 @@ static const struct arm64_ftr_bits ftr_id_pfr1[] = {
> >>  };
> >>  
> >>  static const struct arm64_ftr_bits ftr_id_dfr0[] = {
> >> -	ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, 28, 4, 0),
> > 
> > Hmm, this still confuses me. Is this not now FTR_NONSTRICT? Why is that ok?
> 
> Mark had mentioned about it earlier (https://patchwork.kernel.org/patch/11287805/)
> Did I misinterpret the first part ? Could not figure "capping the emulated debug
> features" part. Probably, Mark could give some more details.
> 
> From the earlier discussion:
> 
> * ID_DFR0 fields need more thought; we should limit what we expose here.
>   I don't think it's valid for us to expose TraceFilt, and I suspect we
>   need to add capping for debug features we currently emulate.

Sorry, I for confused (again) by the cpufeature code :) I'm going to add
the following to my comment:


diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
index c1d44d127baa..9b05843d67af 100644
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -53,6 +53,11 @@
  *   arbitrary physical CPUs, but some features not present on the host are
  *   also advertised and emulated. Look at sys_reg_descs[] for the gory
  *   details.
+ *
+ * - If the arm64_ftr_bits[] for a register has a missing field, then this
+ *   field is treated as STRICT RES0, including for read_sanitised_ftr_reg().
+ *   This is stronger than FTR_HIDDEN and can be used to hide features from
+ *   KVM guests.
  */
 
 #define pr_fmt(fmt) "CPU features: " fmt


However, I think we really want to get rid of ftr_generic_32bits[] entirely
and spell out all of the register fields, even just using comments for the
fields we're omitting:


@@ -425,7 +430,7 @@ static const struct arm64_ftr_bits ftr_id_pfr1[] = {
 };
 
 static const struct arm64_ftr_bits ftr_id_dfr0[] = {
-	ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, 28, 4, 0),
+	/* 31:28	TraceFilt */
 	S_ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, 24, 4, 0xf),	/* PerfMon */
 	ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, 20, 4, 0),
 	ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, 16, 4, 0),


Longer term, I think we'll probably want to handle these within
ARM64_FTR_BITS, as we may end up with features that we want to hide from
KVM guests but not from the host kernel.

Will
Anshuman Khandual May 8, 2020, 4:25 a.m. UTC | #4 
On 05/05/2020 04:12 PM, Will Deacon wrote:
> On Tue, May 05, 2020 at 12:20:41PM +0530, Anshuman Khandual wrote:
>> On 05/05/2020 01:54 AM, Will Deacon wrote:
>>> On Sat, May 02, 2020 at 07:03:51PM +0530, Anshuman Khandual wrote:
>>>> ID_DFR0 based TraceFilt feature should not be exposed to guests. Hence lets
>>>> drop it.
>>>>
>>>> Cc: Catalin Marinas <catalin.marinas@arm.com>
>>>> Cc: Will Deacon <will@kernel.org>
>>>> Cc: Marc Zyngier <maz@kernel.org>
>>>> Cc: Mark Rutland <mark.rutland@arm.com>
>>>> Cc: James Morse <james.morse@arm.com>
>>>> Cc: Suzuki K Poulose <suzuki.poulose@arm.com>
>>>> Cc: linux-arm-kernel@lists.infradead.org
>>>> Cc: linux-kernel@vger.kernel.org
>>>>
>>>> Suggested-by: Mark Rutland <mark.rutland@arm.com>
>>>> Reviewed-by: Suzuki K Poulose <suzuki.poulose@arm.com>
>>>> Signed-off-by: Anshuman Khandual <anshuman.khandual@arm.com>
>>>> ---
>>>>  arch/arm64/kernel/cpufeature.c | 1 -
>>>>  1 file changed, 1 deletion(-)
>>>>
>>>> diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
>>>> index 6d032fbe416f..51386dade423 100644
>>>> --- a/arch/arm64/kernel/cpufeature.c
>>>> +++ b/arch/arm64/kernel/cpufeature.c
>>>> @@ -435,7 +435,6 @@ static const struct arm64_ftr_bits ftr_id_pfr1[] = {
>>>>  };
>>>>  
>>>>  static const struct arm64_ftr_bits ftr_id_dfr0[] = {
>>>> -	ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, 28, 4, 0),
>>>
>>> Hmm, this still confuses me. Is this not now FTR_NONSTRICT? Why is that ok?
>>
>> Mark had mentioned about it earlier (https://patchwork.kernel.org/patch/11287805/)
>> Did I misinterpret the first part ? Could not figure "capping the emulated debug
>> features" part. Probably, Mark could give some more details.
>>
>> From the earlier discussion:
>>
>> * ID_DFR0 fields need more thought; we should limit what we expose here.
>>   I don't think it's valid for us to expose TraceFilt, and I suspect we
>>   need to add capping for debug features we currently emulate.
> 
> Sorry, I for confused (again) by the cpufeature code :) I'm going to add
> the following to my comment:
> 
> 
> diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
> index c1d44d127baa..9b05843d67af 100644
> --- a/arch/arm64/kernel/cpufeature.c
> +++ b/arch/arm64/kernel/cpufeature.c
> @@ -53,6 +53,11 @@
>   *   arbitrary physical CPUs, but some features not present on the host are
>   *   also advertised and emulated. Look at sys_reg_descs[] for the gory
>   *   details.
> + *
> + * - If the arm64_ftr_bits[] for a register has a missing field, then this
> + *   field is treated as STRICT RES0, including for read_sanitised_ftr_reg().
> + *   This is stronger than FTR_HIDDEN and can be used to hide features from
> + *   KVM guests.
>   */
>  
>  #define pr_fmt(fmt) "CPU features: " fmt
> 

Wondering if you will take this comment via a separate patch/branch or
should I fold it here instead.

> 
> However, I think we really want to get rid of ftr_generic_32bits[] entirely
> and spell out all of the register fields, even just using comments for the
> fields we're omitting:

Should we do that later or in this series itself ?

> 
> 
> @@ -425,7 +430,7 @@ static const struct arm64_ftr_bits ftr_id_pfr1[] = {
>  };
>  
>  static const struct arm64_ftr_bits ftr_id_dfr0[] = {
> -	ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, 28, 4, 0),
> +	/* 31:28	TraceFilt */
>  	S_ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, 24, 4, 0xf),	/* PerfMon */
>  	ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, 20, 4, 0),
>  	ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, 16, 4, 0),
> 
> 
> Longer term, I think we'll probably want to handle these within
> ARM64_FTR_BITS, as we may end up with features that we want to hide from
> KVM guests but not from the host kernel.

Sure, but for now will fold the above changes here.
diff mbox series

Patch

diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
index 6d032fbe416f..51386dade423 100644
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -435,7 +435,6 @@  static const struct arm64_ftr_bits ftr_id_pfr1[] = {
 };
 
 static const struct arm64_ftr_bits ftr_id_dfr0[] = {
-	ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, 28, 4, 0),
 	S_ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, 24, 4, 0xf),	/* PerfMon */
 	ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, 20, 4, 0),
 	ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, 16, 4, 0),