| Message ID | 20240405080008.1225223-6-anshuman.khandual@arm.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | arm64/hw_breakpoint: Enable FEAT_Debugv8p9 | expand |
On Fri, 05 Apr 2024 09:00:05 +0100, Anshuman Khandual <anshuman.khandual@arm.com> wrote: > > Currently read_sanitised_id_aa64dfr0_el1() caps the ID_AA64DFR0.DebugVer to > ID_AA64DFR0_DebugVer_V8P8, resulting in FEAT_Debugv8p9 not being exposed to > the guest. MDSELR_EL1 register access in the guest, is currently trapped by > the existing configuration of the fine-grained traps. Please add support for the HDFGxTR2_EL2 registers in the trap routing arrays, add support for the corresponding FGUs in the corresponding structure, and condition the UNDEF on the lack of *guest* support for the feature. In short, implement the architecture as described in the pseudocode, and not a cheap shortcut. Thanks, M.
On 4/5/24 15:45, Marc Zyngier wrote: > On Fri, 05 Apr 2024 09:00:05 +0100, > Anshuman Khandual <anshuman.khandual@arm.com> wrote: >> >> Currently read_sanitised_id_aa64dfr0_el1() caps the ID_AA64DFR0.DebugVer to >> ID_AA64DFR0_DebugVer_V8P8, resulting in FEAT_Debugv8p9 not being exposed to >> the guest. MDSELR_EL1 register access in the guest, is currently trapped by >> the existing configuration of the fine-grained traps. > > Please add support for the HDFGxTR2_EL2 registers in the trap routing > arrays, add support for the corresponding FGUs in the corresponding Afraid that I might not have enough background here to sufficiently understand your suggestion above, but nonetheless here is an attempt in this regard. - Add HDFGRTR2_EL2/HDFGWTR2_EL2 to enum vcpu_sysreg enum vcpu_sysreg { .......... VNCR(HDFGRTR2_EL2), VNCR(HDFGWTR2_EL2), .......... } - Add their VNCR mappings addresses #define VNCR_HDFGRTR2_EL2 0x1A0 #define VNCR_HDFGWTR2_EL2 0x1B0 - Add HDFGRTR2_EL2/HDFGWTR2_EL2 to sys_reg_descs[] static const struct sys_reg_desc sys_reg_descs[] = { .......... EL2_REG_VNCR(HDFGRTR2_EL2, reset_val, 0), EL2_REG_VNCR(HDFGWTR2_EL2, reset_val, 0), .......... } - Add HDFGRTR2_GROUP to enum fgt_group_id - Add HDFGRTR2_GROUP to reg_to_fgt_group_id() - Update triage_sysreg_trap() for HDFGRTR2_GROUP - Update __activate_traps_hfgxtr() both for HDFGRTR2_EL2 and HDFGWTR2_EL2 - Updated __deactivate_traps_hfgxtr() both for HDFGRTR2_EL2 and HDFGWTR2_EL2 > structure, and condition the UNDEF on the lack of *guest* support for > the feature. Does something like the following looks OK for preventing guest access into MDSELR_EL1 instead ? --- a/arch/arm64/kvm/sys_regs.c +++ b/arch/arm64/kvm/sys_regs.c @@ -1711,6 +1711,19 @@ static u64 read_sanitised_id_aa64dfr0_el1(struct kvm_vcpu *vcpu, return val; } +static bool trap_mdselr_el1(struct kvm_vcpu *vcpu, + struct sys_reg_params *p, + const struct sys_reg_desc *r) +{ + u64 dfr0 = read_sanitised_id_aa64dfr0_el1(vcpu, r); + int dver = cpuid_feature_extract_unsigned_field(dfr0, ID_AA64DFR0_EL1_DebugVer_SHIFT); + + if (dver != ID_AA64DFR0_EL1_DebugVer_V8P9) + return undef_access(vcpu, p, r); + + return true; +} + static int set_id_aa64dfr0_el1(struct kvm_vcpu *vcpu, const struct sys_reg_desc *rd, u64 val) @@ -2203,7 +2216,7 @@ static const struct sys_reg_desc sys_reg_descs[] = { { SYS_DESC(SYS_MDSCR_EL1), trap_debug_regs, reset_val, MDSCR_EL1, 0 }, DBG_BCR_BVR_WCR_WVR_EL1(2), DBG_BCR_BVR_WCR_WVR_EL1(3), - { SYS_DESC(SYS_MDSELR_EL1), undef_access }, + { SYS_DESC(SYS_MDSELR_EL1), trap_mdselr_el1 }, DBG_BCR_BVR_WCR_WVR_EL1(4), DBG_BCR_BVR_WCR_WVR_EL1(5), DBG_BCR_BVR_WCR_WVR_EL1(6), I am sure this is rather incomplete, but will really appreciate if you could provide some details and pointers. > > In short, implement the architecture as described in the pseudocode, > and not a cheap shortcut. > > Thanks, > > M. >
On Fri, 12 Apr 2024 03:41:23 +0100, Anshuman Khandual <anshuman.khandual@arm.com> wrote: > > > > On 4/5/24 15:45, Marc Zyngier wrote: > > On Fri, 05 Apr 2024 09:00:05 +0100, > > Anshuman Khandual <anshuman.khandual@arm.com> wrote: > >> > >> Currently read_sanitised_id_aa64dfr0_el1() caps the ID_AA64DFR0.DebugVer to > >> ID_AA64DFR0_DebugVer_V8P8, resulting in FEAT_Debugv8p9 not being exposed to > >> the guest. MDSELR_EL1 register access in the guest, is currently trapped by > >> the existing configuration of the fine-grained traps. > > > > Please add support for the HDFGxTR2_EL2 registers in the trap routing > > arrays, add support for the corresponding FGUs in the corresponding > > Afraid that I might not have enough background here to sufficiently understand > your suggestion above, but nonetheless here is an attempt in this regard. Thanks for at least giving it a try, this is *MUCH* appreciated. > > - Add HDFGRTR2_EL2/HDFGWTR2_EL2 to enum vcpu_sysreg > enum vcpu_sysreg { > .......... > VNCR(HDFGRTR2_EL2), > VNCR(HDFGWTR2_EL2), > .......... > } Yes. > > - Add their VNCR mappings addresses > > #define VNCR_HDFGRTR2_EL2 0x1A0 > #define VNCR_HDFGWTR2_EL2 0x1B0 Yes. > > - Add HDFGRTR2_EL2/HDFGWTR2_EL2 to sys_reg_descs[] > > static const struct sys_reg_desc sys_reg_descs[] = { > .......... > EL2_REG_VNCR(HDFGRTR2_EL2, reset_val, 0), > EL2_REG_VNCR(HDFGWTR2_EL2, reset_val, 0), > .......... > } Yes > > - Add HDFGRTR2_GROUP to enum fgt_group_id > - Add HDFGRTR2_GROUP to reg_to_fgt_group_id() > - Update triage_sysreg_trap() for HDFGRTR2_GROUP > - Update __activate_traps_hfgxtr() both for HDFGRTR2_EL2 and HDFGWTR2_EL2 > - Updated __deactivate_traps_hfgxtr() both for HDFGRTR2_EL2 and HDFGWTR2_EL2 Yes. Don't miss check_fgt_bit() though. You also need to update kvm_init_nv_sysregs() to ensure that these new registers have the correct RES0/RES1 behaviour depending on the supported feature set for the guest. > > > structure, and condition the UNDEF on the lack of *guest* support for > > the feature. > > Does something like the following looks OK for preventing guest access into > MDSELR_EL1 instead ? > > --- a/arch/arm64/kvm/sys_regs.c > +++ b/arch/arm64/kvm/sys_regs.c > @@ -1711,6 +1711,19 @@ static u64 read_sanitised_id_aa64dfr0_el1(struct kvm_vcpu *vcpu, > return val; > } > > +static bool trap_mdselr_el1(struct kvm_vcpu *vcpu, > + struct sys_reg_params *p, > + const struct sys_reg_desc *r) > +{ > + u64 dfr0 = read_sanitised_id_aa64dfr0_el1(vcpu, r); > + int dver = cpuid_feature_extract_unsigned_field(dfr0, ID_AA64DFR0_EL1_DebugVer_SHIFT); > + > + if (dver != ID_AA64DFR0_EL1_DebugVer_V8P9) > + return undef_access(vcpu, p, r); This is very cumbersome, and we now have a much better infrastructure for the stuff that is handled with FGTs, see below. > + > + return true; > +} > + > static int set_id_aa64dfr0_el1(struct kvm_vcpu *vcpu, > const struct sys_reg_desc *rd, > u64 val) > @@ -2203,7 +2216,7 @@ static const struct sys_reg_desc sys_reg_descs[] = { > { SYS_DESC(SYS_MDSCR_EL1), trap_debug_regs, reset_val, MDSCR_EL1, 0 }, > DBG_BCR_BVR_WCR_WVR_EL1(2), > DBG_BCR_BVR_WCR_WVR_EL1(3), > - { SYS_DESC(SYS_MDSELR_EL1), undef_access }, > + { SYS_DESC(SYS_MDSELR_EL1), trap_mdselr_el1 }, > DBG_BCR_BVR_WCR_WVR_EL1(4), > DBG_BCR_BVR_WCR_WVR_EL1(5), > DBG_BCR_BVR_WCR_WVR_EL1(6), > > I am sure this is rather incomplete, but will really appreciate if you could > provide some details and pointers. What is missing is the Fine-Grained-Undef part. You need to update kvm_init_sysreg() so that kvm->arch.fgu[HDFGRTR2_GROUP] has all the correct bits set for anything that needs to UNDEF depending on the guest configuration. For example, in your case, I'd expect to see something like: if (!kvm_has_feat(kvm, ID_AA64DFR0_EL1, DebugVer, V8P9)) kvm->arch.fgu[HDFGRTR2_GROUP] |= ~(HDFGRTR2_EL2_nMDSELR_EL1 | [...]); Then allowing the feature becomes conditioned on the bit being clear, and the trap handler only needs to deal with the actual emulation, and not the feature checking. I appreciate that this is a lot to swallow, but I'd be very happy to review patches implementing this and provide guidance. It is all pretty simple, just that there is a lot of parts all over the place. In the end, this is only about following the architecture. Thanks again, M.
On 4/12/24 16:35, Marc Zyngier wrote: > On Fri, 12 Apr 2024 03:41:23 +0100, > Anshuman Khandual <anshuman.khandual@arm.com> wrote: >> >> >> >> On 4/5/24 15:45, Marc Zyngier wrote: >>> On Fri, 05 Apr 2024 09:00:05 +0100, >>> Anshuman Khandual <anshuman.khandual@arm.com> wrote: >>>> >>>> Currently read_sanitised_id_aa64dfr0_el1() caps the ID_AA64DFR0.DebugVer to >>>> ID_AA64DFR0_DebugVer_V8P8, resulting in FEAT_Debugv8p9 not being exposed to >>>> the guest. MDSELR_EL1 register access in the guest, is currently trapped by >>>> the existing configuration of the fine-grained traps. >>> >>> Please add support for the HDFGxTR2_EL2 registers in the trap routing >>> arrays, add support for the corresponding FGUs in the corresponding >> >> Afraid that I might not have enough background here to sufficiently understand >> your suggestion above, but nonetheless here is an attempt in this regard. > > Thanks for at least giving it a try, this is *MUCH* appreciated. > >> >> - Add HDFGRTR2_EL2/HDFGWTR2_EL2 to enum vcpu_sysreg >> enum vcpu_sysreg { >> .......... >> VNCR(HDFGRTR2_EL2), >> VNCR(HDFGWTR2_EL2), >> .......... >> } > > Yes. > >> >> - Add their VNCR mappings addresses >> >> #define VNCR_HDFGRTR2_EL2 0x1A0 >> #define VNCR_HDFGWTR2_EL2 0x1B0 > > Yes. > >> >> - Add HDFGRTR2_EL2/HDFGWTR2_EL2 to sys_reg_descs[] >> >> static const struct sys_reg_desc sys_reg_descs[] = { >> .......... >> EL2_REG_VNCR(HDFGRTR2_EL2, reset_val, 0), >> EL2_REG_VNCR(HDFGWTR2_EL2, reset_val, 0), >> .......... >> } > > Yes > >> >> - Add HDFGRTR2_GROUP to enum fgt_group_id >> - Add HDFGRTR2_GROUP to reg_to_fgt_group_id() >> - Update triage_sysreg_trap() for HDFGRTR2_GROUP >> - Update __activate_traps_hfgxtr() both for HDFGRTR2_EL2 and HDFGWTR2_EL2 >> - Updated __deactivate_traps_hfgxtr() both for HDFGRTR2_EL2 and HDFGWTR2_EL2 > > Yes. Don't miss check_fgt_bit() though. You also need to update Right, added the following in there. case HDFGRTR2_GROUP: sr = is_read ? HDFGRTR2_EL2 : HDFGWTR2_EL2; break; > kvm_init_nv_sysregs() to ensure that these new registers have the > correct RES0/RES1 behaviour depending on the supported feature set for > the guest. Following might be sufficient for MDSELR_EL1, but wondering if these fine grained control registers (HDFG[RW]TR2_EL2) need to be completely defined for the entire guest feature set, probably required. /* HDFG[RW]TR2_EL2 */ res0 = res1 = 0; if (!kvm_has_feat(kvm, ID_AA64DFR0_EL1, DebugVer, V8P9)) res0 |= HDFGRTR2_EL2_nMDSELR_EL1; set_sysreg_masks(kvm, HDFGRTR2_EL2, res0 | HDFGRTR2_EL2_RES0, res1); set_sysreg_masks(kvm, HDFGWTR2_EL2, res0 | HDFGWTR2_EL2_RES0, res1); > >> >>> structure, and condition the UNDEF on the lack of *guest* support for >>> the feature. >> >> Does something like the following looks OK for preventing guest access into >> MDSELR_EL1 instead ? >> >> --- a/arch/arm64/kvm/sys_regs.c >> +++ b/arch/arm64/kvm/sys_regs.c >> @@ -1711,6 +1711,19 @@ static u64 read_sanitised_id_aa64dfr0_el1(struct kvm_vcpu *vcpu, >> return val; >> } >> >> +static bool trap_mdselr_el1(struct kvm_vcpu *vcpu, >> + struct sys_reg_params *p, >> + const struct sys_reg_desc *r) >> +{ >> + u64 dfr0 = read_sanitised_id_aa64dfr0_el1(vcpu, r); >> + int dver = cpuid_feature_extract_unsigned_field(dfr0, ID_AA64DFR0_EL1_DebugVer_SHIFT); >> + >> + if (dver != ID_AA64DFR0_EL1_DebugVer_V8P9) >> + return undef_access(vcpu, p, r); > > This is very cumbersome, and we now have a much better infrastructure > for the stuff that is handled with FGTs, see below. Okay > >> + >> + return true; >> +} >> + >> static int set_id_aa64dfr0_el1(struct kvm_vcpu *vcpu, >> const struct sys_reg_desc *rd, >> u64 val) >> @@ -2203,7 +2216,7 @@ static const struct sys_reg_desc sys_reg_descs[] = { >> { SYS_DESC(SYS_MDSCR_EL1), trap_debug_regs, reset_val, MDSCR_EL1, 0 }, >> DBG_BCR_BVR_WCR_WVR_EL1(2), >> DBG_BCR_BVR_WCR_WVR_EL1(3), >> - { SYS_DESC(SYS_MDSELR_EL1), undef_access }, >> + { SYS_DESC(SYS_MDSELR_EL1), trap_mdselr_el1 }, >> DBG_BCR_BVR_WCR_WVR_EL1(4), >> DBG_BCR_BVR_WCR_WVR_EL1(5), >> DBG_BCR_BVR_WCR_WVR_EL1(6), >> >> I am sure this is rather incomplete, but will really appreciate if you could >> provide some details and pointers. > > What is missing is the Fine-Grained-Undef part. You need to update > kvm_init_sysreg() so that kvm->arch.fgu[HDFGRTR2_GROUP] has all the > correct bits set for anything that needs to UNDEF depending on the > guest configuration. > > For example, in your case, I'd expect to see something like: > > if (!kvm_has_feat(kvm, ID_AA64DFR0_EL1, DebugVer, V8P9)) > kvm->arch.fgu[HDFGRTR2_GROUP] |= ~(HDFGRTR2_EL2_nMDSELR_EL1 | [...]); Understood. > > Then allowing the feature becomes conditioned on the bit being clear, > and the trap handler only needs to deal with the actual emulation, and > not the feature checking. Got it. > > I appreciate that this is a lot to swallow, but I'd be very happy to > review patches implementing this and provide guidance. It is all > pretty simple, just that there is a lot of parts all over the place. > In the end, this is only about following the architecture. Sure, will read through all these pointers you have mentioned here, and be back with an implementation. > > Thanks again, Thanks for the detailed explanation. > > M. >
On Tue, 16 Apr 2024 06:46:13 +0100, Anshuman Khandual <anshuman.khandual@arm.com> wrote: > > On 4/12/24 16:35, Marc Zyngier wrote: > > kvm_init_nv_sysregs() to ensure that these new registers have the > > correct RES0/RES1 behaviour depending on the supported feature set for > > the guest. > > Following might be sufficient for MDSELR_EL1, but wondering if these fine > grained control registers (HDFG[RW]TR2_EL2) need to be completely defined > for the entire guest feature set, probably required. Yes, you should check for all features defining a valid bit in these registers, and apply the correct mask if the feature isn't advertised to the guest, even if KVM doesn't currently support the feature at all. This is a bit cumbersome at first, but we don't have to revisit it when the feature gets enabled, which is a massive maintainability improvement. It also means that we just have to read the documentation and match it against the code, which should be pretty trivial. > > /* HDFG[RW]TR2_EL2 */ > res0 = res1 = 0; > if (!kvm_has_feat(kvm, ID_AA64DFR0_EL1, DebugVer, V8P9)) > res0 |= HDFGRTR2_EL2_nMDSELR_EL1; > set_sysreg_masks(kvm, HDFGRTR2_EL2, res0 | HDFGRTR2_EL2_RES0, res1); > set_sysreg_masks(kvm, HDFGWTR2_EL2, res0 | HDFGWTR2_EL2_RES0, res1); Yup, this looks sensible for that particular bit. A few more to go... ;-) Thanks, M.
diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c index c9f4f387155f..2956bdcd358e 100644 --- a/arch/arm64/kvm/sys_regs.c +++ b/arch/arm64/kvm/sys_regs.c @@ -2203,6 +2203,7 @@ static const struct sys_reg_desc sys_reg_descs[] = { { SYS_DESC(SYS_MDSCR_EL1), trap_debug_regs, reset_val, MDSCR_EL1, 0 }, DBG_BCR_BVR_WCR_WVR_EL1(2), DBG_BCR_BVR_WCR_WVR_EL1(3), + { SYS_DESC(SYS_MDSELR_EL1), undef_access }, DBG_BCR_BVR_WCR_WVR_EL1(4), DBG_BCR_BVR_WCR_WVR_EL1(5), DBG_BCR_BVR_WCR_WVR_EL1(6),
Currently read_sanitised_id_aa64dfr0_el1() caps the ID_AA64DFR0.DebugVer to ID_AA64DFR0_DebugVer_V8P8, resulting in FEAT_Debugv8p9 not being exposed to the guest. MDSELR_EL1 register access in the guest, is currently trapped by the existing configuration of the fine-grained traps. As the register is not described in sys_reg_descs[] table emulate_sys_reg() will warn that this is unknown access before injecting an UNDEFINED exception into the guest. Any well-behaved guests shouldn't try to use this register, but any badly-behaved guests could, thus resulting in unnecessary warnings. To avoid such warnings, access to MDSELR_EL1 should be explicitly handled as UNDEFINED via updating sys_reg_desc[] as required. Cc: Marc Zyngier <maz@kernel.org> Cc: Oliver Upton <oliver.upton@linux.dev> Cc: James Morse <james.morse@arm.com> Cc: Suzuki K Poulose <suzuki.poulose@arm.com> Cc: Catalin Marinas <catalin.marinas@arm.com> Cc: Will Deacon <will@kernel.org> Cc: linux-arm-kernel@lists.infradead.org Cc: kvmarm@lists.linux.dev Cc: linux-kernel@vger.kernel.org Signed-off-by: Anshuman Khandual <anshuman.khandual@arm.com> --- arch/arm64/kvm/sys_regs.c | 1 + 1 file changed, 1 insertion(+)