| Message ID | 20240214131827.2856277-1-maz@kernel.org (mailing list archive) |
|---|---|
| Headers | show |
| Series | KVM/arm64: VM configuration enforcement | expand |
On Wed, Feb 14, 2024 at 01:18:01PM +0000, Marc Zyngier wrote: > This is the fourth version of this configurationm enforcement series > after additional reviewing from Suzuki and Oliver. Many thanks to > both. I'm leaning towards applying the whole series, this is looking good. I'm going to take it for a spin on a few machines, especially AmpereOne to make sure that hack still works :)
On Wed, 14 Feb 2024 13:18:01 +0000, Marc Zyngier wrote: > This is the fourth version of this configurationm enforcement series > after additional reviewing from Suzuki and Oliver. Many thanks to > both. > > I think I have taken most of the feedback into account, but please > shout if I have ignored something. > > [...] Applied to kvmarm/next, thanks! [01/26] arm64: sysreg: Add missing ID_AA64ISAR[13]_EL1 fields and variants https://git.kernel.org/kvmarm/kvmarm/c/aeddd5b214c8 [02/26] KVM: arm64: Add feature checking helpers https://git.kernel.org/kvmarm/kvmarm/c/c62d7a23b947 [03/26] KVM: arm64: nv: Add sanitising to VNCR-backed sysregs https://git.kernel.org/kvmarm/kvmarm/c/888f08807022 [04/26] KVM: arm64: nv: Add sanitising to EL2 configuration registers https://git.kernel.org/kvmarm/kvmarm/c/81ffcace31c2 [05/26] KVM: arm64: nv: Add sanitising to VNCR-backed FGT sysregs https://git.kernel.org/kvmarm/kvmarm/c/11adda4010ba [06/26] KVM: arm64: nv: Add sanitising to VNCR-backed HCRX_EL2 https://git.kernel.org/kvmarm/kvmarm/c/d39051d39269 [07/26] KVM: arm64: nv: Drop sanitised_sys_reg() helper https://git.kernel.org/kvmarm/kvmarm/c/76b457a5cdea [08/26] KVM: arm64: Unify HDFG[WR]TR_GROUP FGT identifiers https://git.kernel.org/kvmarm/kvmarm/c/0beb14de740d [09/26] KVM: arm64: nv: Correctly handle negative polarity FGTs https://git.kernel.org/kvmarm/kvmarm/c/9958d58779c9 [10/26] KVM: arm64: nv: Turn encoding ranges into discrete XArray stores https://git.kernel.org/kvmarm/kvmarm/c/fdd8e3452359 [11/26] KVM: arm64: Drop the requirement for XARRAY_MULTI https://git.kernel.org/kvmarm/kvmarm/c/52571d058b07 [12/26] KVM: arm64: nv: Move system instructions to their own sys_reg_desc array https://git.kernel.org/kvmarm/kvmarm/c/89bc63fabc8a [13/26] KVM: arm64: Always populate the trap configuration xarray https://git.kernel.org/kvmarm/kvmarm/c/7fd498f473f1 [14/26] KVM: arm64: Register AArch64 system register entries with the sysreg xarray https://git.kernel.org/kvmarm/kvmarm/c/19f3e7ea29f8 [15/26] KVM: arm64: Use the xarray as the primary sysreg/sysinsn walker https://git.kernel.org/kvmarm/kvmarm/c/cc5f84fbb008 [16/26] KVM: arm64: Rename __check_nv_sr_forward() to triage_sysreg_trap() https://git.kernel.org/kvmarm/kvmarm/c/085eabaa74a1 [17/26] KVM: arm64: Add Fine-Grained UNDEF tracking information https://git.kernel.org/kvmarm/kvmarm/c/2fd8f31c32f0 [18/26] KVM: arm64: Propagate and handle Fine-Grained UNDEF bits https://git.kernel.org/kvmarm/kvmarm/c/f5a5a406b4b8 [19/26] KVM: arm64: Move existing feature disabling over to FGU infrastructure https://git.kernel.org/kvmarm/kvmarm/c/c5bac1ef7df6 [20/26] KVM: arm64: Streamline save/restore of HFG[RW]TR_EL2 https://git.kernel.org/kvmarm/kvmarm/c/d196c20c6e58 [21/26] KVM: arm64: Make TLBI OS/Range UNDEF if not advertised to the guest https://git.kernel.org/kvmarm/kvmarm/c/8ecdccb9e5db [22/26] KVM: arm64: Make PIR{,E0}_EL1 UNDEF if S1PIE is not advertised to the guest https://git.kernel.org/kvmarm/kvmarm/c/58627b722ee2 [23/26] KVM: arm64: Make AMU sysreg UNDEF if FEAT_AMU is not advertised to the guest https://git.kernel.org/kvmarm/kvmarm/c/b03e8bb5a906 [24/26] KVM: arm64: Make FEAT_MOPS UNDEF if not advertised to the guest https://git.kernel.org/kvmarm/kvmarm/c/84de212d739e [25/26] KVM: arm64: Snapshot all non-zero RES0/RES1 sysreg fields for later checking https://git.kernel.org/kvmarm/kvmarm/c/b80b701d5a67 [26/26] KVM: arm64: Add debugfs file for guest's ID registers https://git.kernel.org/kvmarm/kvmarm/c/891766581dea -- Best, Oliver
This is the fourth version of this configurationm enforcement series after additional reviewing from Suzuki and Oliver. Many thanks to both. I think I have taken most of the feedback into account, but please shout if I have ignored something. * From v3: [3] - Fixed copy-paste issue while testing for the PAC flags - Added Suzuki's RB on patch #2 * From v2: [2] - Fix totally broken handling of negative features by delegating the work that requires a functionnal brain to other people - Fix handling of HCR_ENSCXT as RES0 instead of RES1 (and its consequences...) - Add handling of VTTBR_EL2.CNP being RES0 - Add a snapshot of all RES0/RES1 fields so that we can catch them being changed behind our backs - Various cleanups * From v1: [1] - Fix embarrassing crash with FEAT_MOPS - Better error handling in the FGT code - Added/Fixed comments - Simplified the __vcpu_sys_reg() macro - Fixed FEAT_PIR handling - Folded in Oliver's PMU rework [1] https://lore.kernel.org/all/20240122201852.262057-1-maz@kernel.org [2] https://lore.kernel.org/all/20240130204533.693853-1-maz@kernel.org [3] https://lore.kernel.org/all/20240205103431.1104133-1-maz@kernel.org Marc Zyngier (26): arm64: sysreg: Add missing ID_AA64ISAR[13]_EL1 fields and variants KVM: arm64: Add feature checking helpers KVM: arm64: nv: Add sanitising to VNCR-backed sysregs KVM: arm64: nv: Add sanitising to EL2 configuration registers KVM: arm64: nv: Add sanitising to VNCR-backed FGT sysregs KVM: arm64: nv: Add sanitising to VNCR-backed HCRX_EL2 KVM: arm64: nv: Drop sanitised_sys_reg() helper KVM: arm64: Unify HDFG[WR]TR_GROUP FGT identifiers KVM: arm64: nv: Correctly handle negative polarity FGTs KVM: arm64: nv: Turn encoding ranges into discrete XArray stores KVM: arm64: Drop the requirement for XARRAY_MULTI KVM: arm64: nv: Move system instructions to their own sys_reg_desc array KVM: arm64: Always populate the trap configuration xarray KVM: arm64: Register AArch64 system register entries with the sysreg xarray KVM: arm64: Use the xarray as the primary sysreg/sysinsn walker KVM: arm64: Rename __check_nv_sr_forward() to triage_sysreg_trap() KVM: arm64: Add Fine-Grained UNDEF tracking information KVM: arm64: Propagate and handle Fine-Grained UNDEF bits KVM: arm64: Move existing feature disabling over to FGU infrastructure KVM: arm64: Streamline save/restore of HFG[RW]TR_EL2 KVM: arm64: Make TLBI OS/Range UNDEF if not advertised to the guest KVM: arm64: Make PIR{,E0}_EL1 UNDEF if S1PIE is not advertised to the guest KVM: arm64: Make AMU sysreg UNDEF if FEAT_AMU is not advertised to the guest KVM: arm64: Make FEAT_MOPS UNDEF if not advertised to the guest KVM: arm64: Snapshot all non-zero RES0/RES1 sysreg fields for later checking KVM: arm64: Add debugfs file for guest's ID registers arch/arm64/include/asm/kvm_arm.h | 4 +- arch/arm64/include/asm/kvm_host.h | 98 +++++++- arch/arm64/include/asm/kvm_nested.h | 1 - arch/arm64/kvm/Kconfig | 1 - arch/arm64/kvm/arm.c | 7 + arch/arm64/kvm/check-res-bits.h | 121 ++++++++++ arch/arm64/kvm/emulate-nested.c | 231 +++++++++++++----- arch/arm64/kvm/hyp/include/hyp/switch.h | 130 +++++----- arch/arm64/kvm/hyp/include/hyp/sysreg-sr.h | 24 +- arch/arm64/kvm/nested.c | 267 ++++++++++++++++++++- arch/arm64/kvm/pmu-emul.c | 11 +- arch/arm64/kvm/sys_regs.c | 238 +++++++++++++++--- arch/arm64/kvm/sys_regs.h | 2 + arch/arm64/tools/sysreg | 8 +- include/kvm/arm_pmu.h | 11 - 15 files changed, 973 insertions(+), 181 deletions(-) create mode 100644 arch/arm64/kvm/check-res-bits.h