| Message ID | 20241128123515.1709777-1-tabba@google.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | KVM: arm64: Rework guest VM fixed feature handling and trapping in pKVM | expand |
On 28/11/2024 12:35 pm, Fuad Tabba wrote: > Changes from v2 (Marc): > - Added three patches that remove the per-vcpu flags of PtrAuth > and SVE being enabled for guests, in favor of them being per VM > - Tidying up > > This patch series redoes how fixed features for protected guests > are specified in pKVM, as well as how trapping is handled based > on the features available for the VM. It also fixes a couple of > existing bugs in the process. > > For protected VMs, some features should be trapped if the guest > tries to use them because they are not supported (e.g., SME), or > if they are not enabled for the particular VM (e.g., SVE). > > Initially, pKVM took the approach of specifying these features > using macros and grouping their handling by feature id register. > This proved to be difficult to maintain and bug prone. Moreover, > since the nested virt work there is a framework in KVM for > storing feature id register values per vm, as well as how to > handle traps based on these values. > > This patch series uses the vm's feature id registers to track the > supported features, a framework similar to nested virt to set the > trap values, and removes the need to store cptr_el2 per vcpu in > favor of setting its value when traps are activated, as VHE mode > does. > > The changes should not affect the behavior of non-protected VMs > nor the behavior of VMs outside of protected mode in general. > > This series is based on kvmarm/next (60ad25e14ab5), since it > requires the patches from the series that fixes initialization of > trap register values in pKVM [2]. > > Cheers, > /fuad > > [1] https://lore.kernel.org/all/20241122110622.3010118-1-tabba@google.com/ > [2] https://lore.kernel.org/all/20241018074833.2563674-1-tabba@google.com/ > > Fuad Tabba (15): > KVM: arm64: Consolidate allowed and restricted VM feature checks > KVM: arm64: Group setting traps for protected VMs by control register > KVM: arm64: Move checking protected vcpu features to a separate > function > KVM: arm64: Use KVM extension checks for allowed protected VM > capabilities > KVM: arm64: Initialize feature id registers for protected VMs > KVM: arm64: Set protected VM traps based on its view of feature > registers > KVM: arm64: Rework specifying restricted features for protected VMs > KVM: arm64: Remove fixed_config.h header > KVM: arm64: Remove redundant setting of HCR_EL2 trap bit > KVM: arm64: Calculate cptr_el2 traps on activating traps > KVM: arm64: Refactor kvm_reset_cptr_el2() > KVM: arm64: Fix the value of the CPTR_EL2 RES1 bitmask for nVHE > KVM: arm64: Remove PtrAuth guest vcpu flag > KVM: arm64: Convert the SVE guest vcpu flag to a vm flag > KVM: arm64: Renumber remaining vcpu guest configuration flags > > arch/arm64/include/asm/kvm_arm.h | 2 +- > arch/arm64/include/asm/kvm_emulate.h | 23 +- > arch/arm64/include/asm/kvm_host.h | 21 +- > arch/arm64/include/asm/kvm_pkvm.h | 25 ++ > arch/arm64/kvm/arm.c | 30 +- > arch/arm64/kvm/hyp/include/hyp/switch.h | 2 +- > .../arm64/kvm/hyp/include/nvhe/fixed_config.h | 223 ---------- > arch/arm64/kvm/hyp/include/nvhe/pkvm.h | 5 + > arch/arm64/kvm/hyp/nvhe/hyp-main.c | 2 +- > arch/arm64/kvm/hyp/nvhe/pkvm.c | 335 +++++---------- > arch/arm64/kvm/hyp/nvhe/setup.c | 1 - > arch/arm64/kvm/hyp/nvhe/switch.c | 56 ++- > arch/arm64/kvm/hyp/nvhe/sys_regs.c | 402 ++++++++++-------- > arch/arm64/kvm/hyp/vhe/switch.c | 2 +- > arch/arm64/kvm/reset.c | 6 +- > 15 files changed, 430 insertions(+), 705 deletions(-) > delete mode 100644 arch/arm64/kvm/hyp/include/nvhe/fixed_config.h > > > base-commit: 60ad25e14ab5a4e56c8bf7f7d6846eacb9cd53df Tested-by: James Clark <james.clark@linaro.org>
On Thu, Nov 28, 2024 at 12:35:00PM +0000, Fuad Tabba wrote: > This patch series redoes how fixed features for protected guests > are specified in pKVM, as well as how trapping is handled based > on the features available for the VM. It also fixes a couple of > existing bugs in the process. Tested-by: Mark Brown <broonie@kernel.org>
Changes from v2 (Marc): - Added three patches that remove the per-vcpu flags of PtrAuth and SVE being enabled for guests, in favor of them being per VM - Tidying up This patch series redoes how fixed features for protected guests are specified in pKVM, as well as how trapping is handled based on the features available for the VM. It also fixes a couple of existing bugs in the process. For protected VMs, some features should be trapped if the guest tries to use them because they are not supported (e.g., SME), or if they are not enabled for the particular VM (e.g., SVE). Initially, pKVM took the approach of specifying these features using macros and grouping their handling by feature id register. This proved to be difficult to maintain and bug prone. Moreover, since the nested virt work there is a framework in KVM for storing feature id register values per vm, as well as how to handle traps based on these values. This patch series uses the vm's feature id registers to track the supported features, a framework similar to nested virt to set the trap values, and removes the need to store cptr_el2 per vcpu in favor of setting its value when traps are activated, as VHE mode does. The changes should not affect the behavior of non-protected VMs nor the behavior of VMs outside of protected mode in general. This series is based on kvmarm/next (60ad25e14ab5), since it requires the patches from the series that fixes initialization of trap register values in pKVM [2]. Cheers, /fuad [1] https://lore.kernel.org/all/20241122110622.3010118-1-tabba@google.com/ [2] https://lore.kernel.org/all/20241018074833.2563674-1-tabba@google.com/ Fuad Tabba (15): KVM: arm64: Consolidate allowed and restricted VM feature checks KVM: arm64: Group setting traps for protected VMs by control register KVM: arm64: Move checking protected vcpu features to a separate function KVM: arm64: Use KVM extension checks for allowed protected VM capabilities KVM: arm64: Initialize feature id registers for protected VMs KVM: arm64: Set protected VM traps based on its view of feature registers KVM: arm64: Rework specifying restricted features for protected VMs KVM: arm64: Remove fixed_config.h header KVM: arm64: Remove redundant setting of HCR_EL2 trap bit KVM: arm64: Calculate cptr_el2 traps on activating traps KVM: arm64: Refactor kvm_reset_cptr_el2() KVM: arm64: Fix the value of the CPTR_EL2 RES1 bitmask for nVHE KVM: arm64: Remove PtrAuth guest vcpu flag KVM: arm64: Convert the SVE guest vcpu flag to a vm flag KVM: arm64: Renumber remaining vcpu guest configuration flags arch/arm64/include/asm/kvm_arm.h | 2 +- arch/arm64/include/asm/kvm_emulate.h | 23 +- arch/arm64/include/asm/kvm_host.h | 21 +- arch/arm64/include/asm/kvm_pkvm.h | 25 ++ arch/arm64/kvm/arm.c | 30 +- arch/arm64/kvm/hyp/include/hyp/switch.h | 2 +- .../arm64/kvm/hyp/include/nvhe/fixed_config.h | 223 ---------- arch/arm64/kvm/hyp/include/nvhe/pkvm.h | 5 + arch/arm64/kvm/hyp/nvhe/hyp-main.c | 2 +- arch/arm64/kvm/hyp/nvhe/pkvm.c | 335 +++++---------- arch/arm64/kvm/hyp/nvhe/setup.c | 1 - arch/arm64/kvm/hyp/nvhe/switch.c | 56 ++- arch/arm64/kvm/hyp/nvhe/sys_regs.c | 402 ++++++++++-------- arch/arm64/kvm/hyp/vhe/switch.c | 2 +- arch/arm64/kvm/reset.c | 6 +- 15 files changed, 430 insertions(+), 705 deletions(-) delete mode 100644 arch/arm64/kvm/hyp/include/nvhe/fixed_config.h base-commit: 60ad25e14ab5a4e56c8bf7f7d6846eacb9cd53df