From patchwork Tue May 3 06:01:58 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Oliver Upton X-Patchwork-Id: 12835000 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id A8010C433EF for ; Tue, 3 May 2022 06:03:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:Mime-Version: Message-Id:Date:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Owner; bh=3wfp3+xbzHG44qVJZromg0HBv8dudP7F1el1TqcPXTM=; b=y0y k4uabvH5MXy/GNiKKFxX6M0AzBZvwW+YW6cR0yJugMa+HpFernVr9zYz+qQztncpgGamf+kk8QpB1 XW8vYGJBICepeUldgQc+aP2bJUkXn7c2uwsRiV4gJ3DAfrU4YCu6Ew8Dl9jeZ9LDTmBvm4URuPD9K ls/Z5kQlonlqnfVkoVjOYLMtruogbPAa99OsQZ/hvCxoX+mhWkoIeqwN6HWGDZEIxmCVb3hTIaT3O jKrjQB4HT1gJw/dT4ph5R5RHHXEiY8HBiueKTvBBYC2NnjsWwVyNzxPtwxY2UqYNpYOf9hRRyq2kj eGOW/Ov8r8O4kcTRWr+NmpKMLxFWCNw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1nllc7-003mta-OZ; Tue, 03 May 2022 06:02:23 +0000 Received: from mail-pg1-x54a.google.com ([2607:f8b0:4864:20::54a]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1nllbw-003moU-42 for linux-arm-kernel@lists.infradead.org; Tue, 03 May 2022 06:02:13 +0000 Received: by mail-pg1-x54a.google.com with SMTP id z18-20020a631912000000b003a392265b64so7998732pgl.2 for ; Mon, 02 May 2022 23:02:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:message-id:mime-version:subject:from:to:cc; bh=kTAg03mTTCXeCcuJ04g4+/5QXg1dJs7XUUQ18YoBJb4=; b=rYqaf7w+n9R8fMyETNl8zks1oz19oMgwwIZFfSNhYFA2UP8u5AzxkwgHYcSPkBooid p+G9GcN5huLi7FPuX4EGni+svFvcJv16TOswggp82WXCVi9Eq/Ldj9PhDQxyIFba+VAF 1cPMhaUJZ1KNjVL1I0dJQamZV5GPFbe9gHtBUloFbWxpJGKBsP9tjFzDKI8pYho5i1bP bLvoa5N6qESOumCtzSx2A3GHpXLNQ8uD2Hjx1yGC2LUWMosQW/bjTcStClrRuu1u7YeH 952Svo9e0nL45s/DKWKHkm8/KzZj/+7M/RXUnSqcy080vsTzroFDfMi+Az3NuzVBU8Jv l7DA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:message-id:mime-version:subject:from:to:cc; bh=kTAg03mTTCXeCcuJ04g4+/5QXg1dJs7XUUQ18YoBJb4=; b=xVk0G8IWgA6VucyIONiYOO+QhgQkX7bB9flLOZP9zxoPSjER+gn2GYWQxIFdMJV1nB QaaSZ23X6UdDCUA6Vws+UGaGe8kDwQT+TKxnpy4bPX/xMxrRMbMQAWpMpSghodsk//Y1 3NXeLP165JmXdNzkaD0Nb/B+DCVtOz/BEwgVEN3iBe35GnDivSPgkCuIWSMrfsAKOl+e Fl+sZCGftwYrN+2qT5x6f5xqUeVDXEq2ggSwToW+QvWIEqPaXAkDO+gYi9yzYI28Y1WP ji7vcnSlgju6JD4Ze5SbDAYabSe1e2AHDLsIfuMK+fynt5N6eV2Sw+i1g9UFTpAu2XW7 /H2g== X-Gm-Message-State: AOAM5309MCmzU7mzXr8i2vT5A0Yb/LJPzcKIwJzUIGqX3H63AYu8XjgS HAsQgIIcrIDeobwMU4EoBdyrDiL8WvI= X-Google-Smtp-Source: ABdhPJzUW8Zgn8Un8J9KldDH91O2q0lgCYaxF4H1EN1LSeVf5TqYyQZd5GZhdrxDdg37sAXbWxGDWZSODGs= X-Received: from oupton3.c.googlers.com ([fda3:e722:ac3:cc00:24:72f4:c0a8:21eb]) (user=oupton job=sendgmr) by 2002:aa7:91c8:0:b0:50c:d1d5:3525 with SMTP id z8-20020aa791c8000000b0050cd1d53525mr14936138pfa.50.1651557728500; Mon, 02 May 2022 23:02:08 -0700 (PDT) Date: Tue, 3 May 2022 06:01:58 +0000 Message-Id: <20220503060205.2823727-1-oupton@google.com> Mime-Version: 1.0 X-Mailer: git-send-email 2.36.0.464.gb9c8b46e94-goog Subject: [PATCH v4 0/7] KVM: arm64: Limit feature register reads from AArch32 From: Oliver Upton To: kvmarm@lists.cs.columbia.edu Cc: kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, maz@kernel.org, james.morse@arm.com, alexandru.elisei@arm.com, suzuki.poulose@arm.com, reijiw@google.com, ricarkol@google.com, Oliver Upton X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220502_230212_225538_AB5072BC X-CRM114-Status: GOOD ( 18.01 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org KVM/arm64 does not restrict the guest's view of the AArch32 feature registers when read from AArch32. HCR_EL2.TID3 is cleared for AArch32 guests, meaning that register reads come straight from hardware. This is problematic as KVM relies on read_sanitised_ftr_reg() to expose a set of features consistent for a particular system. Appropriate handlers must first be put in place for CP10 and CP15 ID register accesses before setting TID3. Rather than exhaustively enumerating each of the encodings for CP10 and CP15 registers, take the lazy route and aim the register accesses at the AArch64 system register table. Patches 1-2 are small cleanups to how we handle register emulation failure. No functional change for current KVM, but required to do register emulation correctly in this series. Patch 3 reroutes the CP15 registers into the AArch64 table, taking care to immediately RAZ undefined ranges of registers. This is done to avoid possibly conflicting with encodings for future AArch64 registers. Patch 4 installs an exit handler for the CP10 ID registers and also relies on the general AArch64 register handler to implement reads. Patch 5 actually sets TID3 for AArch32 guests, providing known-safe values for feature register accesses. Patch 6 makes KVM UNDEF the guest on an unsupported PMU reg access. Finally, patch 7 drops the intermediate fix of returning early from register accesses if the PMU is disabled. There is an argument that the series is in fact a bug fix for running AArch32 VMs on heterogeneous systems. To that end, it could be blamed/backported to when we first knew better: 93390c0a1b20 ("arm64: KVM: Hide unsupported AArch64 CPU features from guests") But I left that tag off as in the aforementioned change skipping AArch32 was intentional. Up to you, Marc, if you want to call it a bugfix ;-) Applies cleanly to 5.18-rc5. Tested with AArch32 kvm-unit-tests and booting an AArch32 debian guest on a Raspberry Pi 4. Additionally, I tested AArch32 kvm-unit-tests w/ pmu={on,off} and saw no splat, as Alex had discovered [1]. The test correctly skips with the PMU feature bit disabled now. Furthermore, I hacked up the test even more to ignore ID_DFR0.PerfMon to verify that the guest UNDEFs when the PMU is disabled (and doesn't blow up the host kernel). [1]: https://lore.kernel.org/r/20220425145530.723858-1-alexandru.elisei@arm.com v1: https://lore.kernel.org/kvmarm/20220329011301.1166265-1-oupton@google.com/ v2: https://lore.kernel.org/r/20220401010832.3425787-1-oupton@google.com v3: https://lore.kernel.org/kvmarm/20220425235342.3210912-1-oupton@google.com v3 -> v4: - Grab Alex's patch for using pmu_visibility() to hide PMU regs - Revert Alex's intermediate fix of silently sinking PMU reg read/writes v2 -> v3: - Collect R-b from Reiji (thanks!) - Adopt Marc's suggestion for CP15 register handling - Avoid writing to Rt when emulation fails (Marc) - Print some debug info on an unexpected CP10 register access (Reiji) v1 -> v2: - Actually set TID3! Oops. - Refactor kvm_emulate_cp15_id_reg() to check preconditions before proceeding to emulation (Reiji) - Tighten up comment on kvm_is_cp15_id_reg() to indicate that the only other trapped ID register (CTR) is already handled in the cp15 Alexandru Elisei (1): KVM/arm64: Hide AArch32 PMU registers when not available Oliver Upton (6): KVM: arm64: Return a bool from emulate_cp() KVM: arm64: Don't write to Rt unless sys_reg emulation succeeds KVM: arm64: Wire up CP15 feature registers to their AArch64 equivalents KVM: arm64: Plumb cp10 ID traps through the AArch64 sysreg handler KVM: arm64: Start trapping ID registers for 32 bit guests Revert "KVM/arm64: Don't emulate a PMU for 32-bit guests if feature not set" arch/arm64/include/asm/kvm_arm.h | 3 +- arch/arm64/include/asm/kvm_emulate.h | 7 - arch/arm64/include/asm/kvm_host.h | 1 + arch/arm64/kvm/handle_exit.c | 1 + arch/arm64/kvm/pmu-emul.c | 23 +-- arch/arm64/kvm/sys_regs.c | 257 +++++++++++++++++++++------ arch/arm64/kvm/sys_regs.h | 9 +- 7 files changed, 211 insertions(+), 90 deletions(-)