From patchwork Tue May 28 12:59:03 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Fuad Tabba <tabba@google.com>
X-Patchwork-Id: 13676662
Return-Path: 
 <linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from bombadil.infradead.org (bombadil.infradead.org
 [198.137.202.133])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.lore.kernel.org (Postfix) with ESMTPS id 6638DC25B78
	for <linux-arm-kernel@archiver.kernel.org>;
 Tue, 28 May 2024 12:59:32 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20210309; h=Sender:
	Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:
	List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:Message-ID:
	Mime-Version:Date:Reply-To:Content-ID:Content-Description:Resent-Date:
	Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:
	References:List-Owner; bh=9rqQcbzQ6SzWqtCkWjv+3AAe6moEg/bmVi3eVicimdE=; b=iUO
	SvXVjNkL0V9u7wlwdXyuFsoKtWhcG06qtNVfKolHUf/40xtAMcuZ36G5rg+kkuCvAkawnzBzydYtd
	qZL/blLVJKY0vuvLoEZNXCyqceR38TIHJXPjMGC+wjq5DVKZa/gS5m/f3kscEPEcwYclvh9TU7CH3
	gK37wGsC4zk28REimmi1i+DXUevRq7j4vLk9pipHM+KyQVWS2ibcyKWa1GgHzacoTlQ9SK3vaOYgK
	fA4wrz3SabgthqXO22oQw2lpEQGkVq9y5yeZ9lhxFgedbYiw4z6J1AHZvCE/zzSRWl/u0hNw85Lbj
	NqWIY0e8hH2QHFw4lmIeGw3CDJespng==;
Received: from localhost ([::1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux))
	id 1sBwQF-00000000fYP-2M4P;
	Tue, 28 May 2024 12:59:23 +0000
Received: from mail-wm1-x349.google.com ([2a00:1450:4864:20::349])
	by bombadil.infradead.org with esmtps (Exim 4.97.1 #2 (Red Hat Linux))
	id 1sBwQC-00000000fU2-1R2J
	for linux-arm-kernel@lists.infradead.org;
	Tue, 28 May 2024 12:59:22 +0000
Received: by mail-wm1-x349.google.com with SMTP id
 5b1f17b1804b1-421088569dcso17318065e9.1
        for <linux-arm-kernel@lists.infradead.org>;
 Tue, 28 May 2024 05:59:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1716901157; x=1717505957;
 darn=lists.infradead.org;
        h=cc:to:from:subject:message-id:mime-version:date:from:to:cc:subject
         :date:message-id:reply-to;
        bh=m3nkVC0BZfe7eSiu3kY+AhUkzuWFPIanJCfYHltbpNY=;
        b=ma4Q/h/xPF8JCgUBD+dYF7+1lbucywxy60gpPJQbF2DtV7iczVsNfNm3OMK+47P9JQ
         67PhjMzFP37v9xTEW+1Hb6uJeOrF21NThPJ9JM+Vkxsm4qmTSn7PJrKb/B2Ft0koJM6s
         jrynwOCRg9X+FnSqdgAh1UgOzrI91AWMweTZCgg6zwclKRqLgijUOsLd9Hvv5lNk5Lmj
         dL1Z+8P5HigvLsl3MPKW3STt/zaoCt9w7Tc7/U9VNJxXYEDxYInv9YwsgE6cllcPu7aZ
         FzALqzQjf7fZWvH7ATEjruIhvX3Y7AbZqRt+Gqaq64gbKxjFJ4WixqhqN8cfyucpnAKI
         aorA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1716901157; x=1717505957;
        h=cc:to:from:subject:message-id:mime-version:date:x-gm-message-state
         :from:to:cc:subject:date:message-id:reply-to;
        bh=m3nkVC0BZfe7eSiu3kY+AhUkzuWFPIanJCfYHltbpNY=;
        b=XTTQdiZdmykhPd+Pa8tKHDxyUIkrMagW1w8xtka+OSUZbG/yi3SEmA0gQsTm8CTAvr
         Isiu2IezDbOuFffv8P6oaVyiNfsfvAxCJzSGWpH5g9cDNvYC1eEIw+eXE7nzlbarW+Ay
         +3XmTroTAFTjpcaT0iuwoaeU583myrarV57+a7IYBWAOP5pd9hjauj+ykgpO8ZGeHS61
         VI5nvUReyJ9P+GUnLdZleu4qUwRfPjFGB2t2lrMl+KTDH30UGg0caM601dxphxn4LMAW
         liFtCZGQ8nZnNyyweAdT78Ux2KNk2fZvlOJzs+rM7CgLbe/TADcpeVmJSZMnQj/4Fkul
         AeUA==
X-Forwarded-Encrypted: i=1;
 AJvYcCWKvHPXXgdVkUlNsHENsVuqcpia2aQRMG1VHdpI7T5aqbB5qMzzesC2p/vTJSrL4m/SrEIkO2bO5T9tGn5gZNhm33NNbKP1kVCFGXNOC5zkkuUOaYU=
X-Gm-Message-State: AOJu0YxYgF10eMh9zr5XHzpgvERHsgtVtaNgCEcEsL/NEyxLi2cu9Sh9
	MW5E9Bkt44PF7Ti5RZptfo2hgj0L5zuIptBjS645Qqw2GQ9qhZny5INIVLHjS0QJY/J/TIeyuA=
	=
X-Google-Smtp-Source: 
 AGHT+IE/n1cPtZtexEi21BLaoq7D28W+Fb3PkBwUY3SJW2LZtL6tmxUkCNGSKyvg7ipDjbFvGKpx9hclxQ==
X-Received: from fuad.c.googlers.com ([fda3:e722:ac3:cc00:28:9cb1:c0a8:1613])
 (user=tabba job=sendgmr) by 2002:a05:600c:4704:b0:41f:41fc:318b with SMTP id
 5b1f17b1804b1-42108205095mr2539805e9.4.1716901157057; Tue, 28 May 2024
 05:59:17 -0700 (PDT)
Date: Tue, 28 May 2024 13:59:03 +0100
Mime-Version: 1.0
X-Mailer: git-send-email 2.45.1.288.g0e0cd299f1-goog
Message-ID: <20240528125914.277057-1-tabba@google.com>
Subject: [PATCH v3 00/11] KVM: arm64: Fix handling of host fpsimd/sve state in
 protected mode
From: Fuad Tabba <tabba@google.com>
To: kvmarm@lists.linux.dev, linux-arm-kernel@lists.infradead.org
Cc: maz@kernel.org, will@kernel.org, qperret@google.com, tabba@google.com,
	seanjc@google.com, alexandru.elisei@arm.com, catalin.marinas@arm.com,
	philmd@linaro.org, james.morse@arm.com, suzuki.poulose@arm.com,
	oliver.upton@linux.dev, mark.rutland@arm.com, broonie@kernel.org,
	joey.gouly@arm.com, rananta@google.com, yuzenghui@huawei.com
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20240528_055920_434948_F2DD5B01 
X-CRM114-Status: GOOD (  19.41  )
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: <linux-arm-kernel.lists.infradead.org>
List-Unsubscribe: 
 <http://lists.infradead.org/mailman/options/linux-arm-kernel>,
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/>
List-Post: <mailto:linux-arm-kernel@lists.infradead.org>
List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>
List-Subscribe: 
 <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>,
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: 
 linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org

Changes since v2 [1]
- Rebased on Linux 6.10-rc1 (1613e604df0c)
- Apply suggestions/fixes suggested for V2 (Marc)
- Add an isb() to __hyp_sve_restore_guest()
- Squash patch that introduces kvm_host_sve_max_vl with following
  patch, since it's used there
- Some refactoring and tidying up
- Introduce and use sve_cond_update_zcr_vq_isb(), which only does
  an isb() if ZCR is updated (RFC, next to last patch)
- Remove sve_cond_update_zcr_vq_*, since it's not likely to help
  much (RFC, last patch)

With the KVM host data rework [2], handling of fpsimd and sve
state in protected mode is done at hyp. For protected VMs, we
don't want to leak any guest state to the host, including whether
a guest has used fpsimd/sve.

To complete the work started with the host data rework, in
regards to protected mode, ensure that the host's fpsimd context
and its sve context are restored on guest exit, since the rework
has hidden the fpsimd/sve state from the host.

This patch series eagerly restores the host fpsimd/sve state on
guest exit when running in protected mode, which happens only if
the guest has used fpsimd/sve. This means that the saving of the
state is lazy, similar to the behavior of KVM in other modes, but
the restoration of the host state is eager.

The last two patches are not essential to this patch series, and
the last one undoes the next-to-last. Please consider only one
(or neither) of these two patches for inclusion.

This series is based on Linux 6.10-rc1 (1613e604df0c).

Tested on qemu, with the kernel sve stress tests.

Cheers,
/fuad

[1] https://lore.kernel.org/all/20240521163720.3812851-1-tabba@google.com/
[2] https://lore.kernel.org/all/20240322170945.3292593-1-maz@kernel.org/

Fuad Tabba (11):
  KVM: arm64: Reintroduce __sve_save_state
  KVM: arm64: Abstract set/clear of CPTR_EL2 bits behind helper
  KVM: arm64: Specialize handling of host fpsimd state on trap
  KVM: arm64: Allocate memory mapped at hyp for host sve state in pKVM
  KVM: arm64: Eagerly restore host fpsimd/sve state in pKVM
  KVM: arm64: Consolidate initializing the host data's fpsimd_state/sve
    in pKVM
  KVM: arm64: Refactor CPACR trap bit setting/clearing to use ELx format
  KVM: arm64: Add an isb before restoring guest sve state
  KVM: arm64: Do not use sve_cond_update_zcr updating with
    ZCR_ELx_LEN_MASK
  KVM: arm64: Do not perform an isb() if ZCR_EL2 isn't updated
  KVM: arm64: Drop sve_cond_update_zcr_vq_*

 arch/arm64/include/asm/el2_setup.h      |  6 +-
 arch/arm64/include/asm/fpsimd.h         | 11 ----
 arch/arm64/include/asm/kvm_arm.h        |  6 ++
 arch/arm64/include/asm/kvm_emulate.h    | 71 +++++++++++++++++++++--
 arch/arm64/include/asm/kvm_host.h       | 25 +++++++-
 arch/arm64/include/asm/kvm_hyp.h        |  2 +
 arch/arm64/include/asm/kvm_pkvm.h       |  9 +++
 arch/arm64/kvm/arm.c                    | 76 +++++++++++++++++++++++++
 arch/arm64/kvm/fpsimd.c                 |  8 +--
 arch/arm64/kvm/hyp/fpsimd.S             |  6 ++
 arch/arm64/kvm/hyp/include/hyp/switch.h | 36 ++++++------
 arch/arm64/kvm/hyp/include/nvhe/pkvm.h  |  1 -
 arch/arm64/kvm/hyp/nvhe/hyp-main.c      | 75 +++++++++++++++++++++---
 arch/arm64/kvm/hyp/nvhe/pkvm.c          | 17 ++----
 arch/arm64/kvm/hyp/nvhe/setup.c         | 25 +++++++-
 arch/arm64/kvm/hyp/nvhe/switch.c        | 24 +++++++-
 arch/arm64/kvm/hyp/vhe/switch.c         | 12 ++--
 arch/arm64/kvm/reset.c                  |  3 +
 18 files changed, 342 insertions(+), 71 deletions(-)


base-commit: 1613e604df0cd359cf2a7fbd9be7a0bcfacfabd0
Reviewed-by: Oliver Upton <oliver.upton@linux.dev>