Message ID | 20240528125914.277057-1-tabba@google.com (mailing list archive) |
---|---|
Headers | show |
Series | KVM: arm64: Fix handling of host fpsimd/sve state in protected mode | expand |
Hi, On Tue, May 28, 2024 at 1:59 PM Fuad Tabba <tabba@google.com> wrote: > > Changes since v2 [1] > - Rebased on Linux 6.10-rc1 (1613e604df0c) > - Apply suggestions/fixes suggested for V2 (Marc) > - Add an isb() to __hyp_sve_restore_guest() > - Squash patch that introduces kvm_host_sve_max_vl with following > patch, since it's used there > - Some refactoring and tidying up > - Introduce and use sve_cond_update_zcr_vq_isb(), which only does > an isb() if ZCR is updated (RFC, next to last patch) Just realized that "An indirect read of ZCR_EL1.LEN appears to occur in program order relative to a direct write of the same register, without the need for explicit synchronization." https://developer.arm.com/documentation/ddi0595/2021-03/AArch64-Registers/ZCR-EL2--SVE-Control-Register--EL2- I'll wait until I get comments on this series as it is before respinning. Apologies for the spam. Cheers, /fuad > - Remove sve_cond_update_zcr_vq_*, since it's not likely to help > much (RFC, last patch) > > With the KVM host data rework [2], handling of fpsimd and sve > state in protected mode is done at hyp. For protected VMs, we > don't want to leak any guest state to the host, including whether > a guest has used fpsimd/sve. > > To complete the work started with the host data rework, in > regards to protected mode, ensure that the host's fpsimd context > and its sve context are restored on guest exit, since the rework > has hidden the fpsimd/sve state from the host. > > This patch series eagerly restores the host fpsimd/sve state on > guest exit when running in protected mode, which happens only if > the guest has used fpsimd/sve. This means that the saving of the > state is lazy, similar to the behavior of KVM in other modes, but > the restoration of the host state is eager. > > The last two patches are not essential to this patch series, and > the last one undoes the next-to-last. Please consider only one > (or neither) of these two patches for inclusion. > > This series is based on Linux 6.10-rc1 (1613e604df0c). > > Tested on qemu, with the kernel sve stress tests. > > Cheers, > /fuad > > [1] https://lore.kernel.org/all/20240521163720.3812851-1-tabba@google.com/ > [2] https://lore.kernel.org/all/20240322170945.3292593-1-maz@kernel.org/ > > Fuad Tabba (11): > KVM: arm64: Reintroduce __sve_save_state > KVM: arm64: Abstract set/clear of CPTR_EL2 bits behind helper > KVM: arm64: Specialize handling of host fpsimd state on trap > KVM: arm64: Allocate memory mapped at hyp for host sve state in pKVM > KVM: arm64: Eagerly restore host fpsimd/sve state in pKVM > KVM: arm64: Consolidate initializing the host data's fpsimd_state/sve > in pKVM > KVM: arm64: Refactor CPACR trap bit setting/clearing to use ELx format > KVM: arm64: Add an isb before restoring guest sve state > KVM: arm64: Do not use sve_cond_update_zcr updating with > ZCR_ELx_LEN_MASK > KVM: arm64: Do not perform an isb() if ZCR_EL2 isn't updated > KVM: arm64: Drop sve_cond_update_zcr_vq_* > > arch/arm64/include/asm/el2_setup.h | 6 +- > arch/arm64/include/asm/fpsimd.h | 11 ---- > arch/arm64/include/asm/kvm_arm.h | 6 ++ > arch/arm64/include/asm/kvm_emulate.h | 71 +++++++++++++++++++++-- > arch/arm64/include/asm/kvm_host.h | 25 +++++++- > arch/arm64/include/asm/kvm_hyp.h | 2 + > arch/arm64/include/asm/kvm_pkvm.h | 9 +++ > arch/arm64/kvm/arm.c | 76 +++++++++++++++++++++++++ > arch/arm64/kvm/fpsimd.c | 8 +-- > arch/arm64/kvm/hyp/fpsimd.S | 6 ++ > arch/arm64/kvm/hyp/include/hyp/switch.h | 36 ++++++------ > arch/arm64/kvm/hyp/include/nvhe/pkvm.h | 1 - > arch/arm64/kvm/hyp/nvhe/hyp-main.c | 75 +++++++++++++++++++++--- > arch/arm64/kvm/hyp/nvhe/pkvm.c | 17 ++---- > arch/arm64/kvm/hyp/nvhe/setup.c | 25 +++++++- > arch/arm64/kvm/hyp/nvhe/switch.c | 24 +++++++- > arch/arm64/kvm/hyp/vhe/switch.c | 12 ++-- > arch/arm64/kvm/reset.c | 3 + > 18 files changed, 342 insertions(+), 71 deletions(-) > > > base-commit: 1613e604df0cd359cf2a7fbd9be7a0bcfacfabd0 > -- > 2.45.1.288.g0e0cd299f1-goog >
On Tue, May 28, 2024 at 01:59:03PM +0100, Fuad Tabba wrote: > Changes since v2 [1] > - Rebased on Linux 6.10-rc1 (1613e604df0c) > - Apply suggestions/fixes suggested for V2 (Marc) > - Add an isb() to __hyp_sve_restore_guest() > - Squash patch that introduces kvm_host_sve_max_vl with following > patch, since it's used there > - Some refactoring and tidying up > - Introduce and use sve_cond_update_zcr_vq_isb(), which only does > an isb() if ZCR is updated (RFC, next to last patch) > - Remove sve_cond_update_zcr_vq_*, since it's not likely to help > much (RFC, last patch) > > With the KVM host data rework [2], handling of fpsimd and sve > state in protected mode is done at hyp. For protected VMs, we > don't want to leak any guest state to the host, including whether > a guest has used fpsimd/sve. > > To complete the work started with the host data rework, in > regards to protected mode, ensure that the host's fpsimd context > and its sve context are restored on guest exit, since the rework > has hidden the fpsimd/sve state from the host. > > This patch series eagerly restores the host fpsimd/sve state on > guest exit when running in protected mode, which happens only if > the guest has used fpsimd/sve. This means that the saving of the > state is lazy, similar to the behavior of KVM in other modes, but > the restoration of the host state is eager. > > The last two patches are not essential to this patch series, and > the last one undoes the next-to-last. Please consider only one > (or neither) of these two patches for inclusion. For patches 1-7 (with the unnecessary isb()'s addressed): Reviewed-by: Oliver Upton <oliver.upton@linux.dev> I think we can do without the rest of the series for 6.10. I also tested this on Neoverse V2.