From patchwork Tue Aug 17 08:11:33 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Fuad Tabba X-Patchwork-Id: 12440867 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-17.4 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_ADSP_CUSTOM_MED,DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A176FC4338F for ; Tue, 17 Aug 2021 08:22:32 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 67BCC60FA0 for ; Tue, 17 Aug 2021 08:22:32 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 67BCC60FA0 Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:References: Mime-Version:Message-Id:In-Reply-To:Date:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=mwZ2VYt3p08lSts3Dxe+JkrGq6leYQbod4EE/gaQR2w=; b=bOPsdtGNjREjxk0Gtb0Jen5vAT CgFrAuknLrITUZpJ4OizgDyiPZF9R41ifnLUhd9Oq4qZPmeOWSCRuLEncV1udflBKK2DJUGf8UEVI /l0kfbhOz8KOO7TFxfRmumWvrvuaJLV5vvkziid7t3rDaxhlK0uFWudgrM0Kf7hgXL39jkNT6oyqH 0/QJtjSp/XOIT3PiMRucpQhNytQJKPNEah0fgjHrGT+FFbaPB4dzdoB+wYO8r+sSIDyaqZJqdXNcA fTPsW/DMdLVaNQ2labQHijYS9AJ2e8V0t9gd3w7OOyHDs5HrsGaOSNiY/hZe0QZsz2SY3oKbIprUt c/rPJkVw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1mFuKF-001Ybp-Dn; Tue, 17 Aug 2021 08:20:01 +0000 Received: from mail-wr1-x449.google.com ([2a00:1450:4864:20::449]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1mFuCd-001VKM-Qh for linux-arm-kernel@lists.infradead.org; Tue, 17 Aug 2021 08:12:09 +0000 Received: by mail-wr1-x449.google.com with SMTP id r17-20020adfda510000b02901526f76d738so6323474wrl.0 for ; Tue, 17 Aug 2021 01:12:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=RY75TCp6EAmYPGA4I7+3iKQeuuwEdqY335GXVfnDS7k=; b=JYCa6cCgNtWF/sF0Bltf5bVCZmJFXv4748Iy5bRGGb+tbvHOCstp6BQWGgNwnjAz++ ykeIvouot4Gx+7bHS4lR/vf4n38EIQV5c0vwbqfIxMWQ0Duh2plc+Z1hOYwMDf/PE7ii vrpDAnMRve8T7iTnx6xxkIr8J6d4/pGuQTJBcGtf72MnjQEoMT5z3cZE0IFKB4vIYZ8N Qyi+s2nQAKNGBdoqQCdd1Xj7jHpqX8ASK00m5yoxaaItWnRhIdmYBTuHaw8wSd2taDTR qMDZNZI/1U33C12jgjXOkicmnbPFKTwXX6/BXOCPPyKK1haKx+ejllyelOjzD62GHB4r Khbg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=RY75TCp6EAmYPGA4I7+3iKQeuuwEdqY335GXVfnDS7k=; b=nuJTIN+TgKrFQft1eafGOOb4zG5dGMT4dkGnetA27E78WlNggqjSFH/Sz34m68Zk3l c2YXXCNv2Ug2aOqLzcjlmg8C3RJRtod+52qO3k7fRPli4h+Pnvd5gbpPzySJcdjfFNbe H65rDyRokJJRbw8btbUeluVN0VmeYyBLcX01mJfyCVLP/fFe/I7hxXVjFeV0XO+hpWep GRi9pWN6MLFVmPz4SrCEc4qY8LzvxgrNaQUtYGZciYICvYtzEOnYisMicE5QzdXXxNoD ZTev2p9XTXA5Ky2asmmG92Kn15zJWg3DVlJr6hqHrXM1kzddDuUtWIvspRpzWOcBNU+g NRnA== X-Gm-Message-State: AOAM532Die7W1b9YA8bhdlxOaVeHnXv8kD+OUxKRC9tTxKxIA4uglqIm j2hiwfFpk96ZCgEUQIksOVBmU2JjWw== X-Google-Smtp-Source: ABdhPJy/OtVFqjYy4H9XKyK309GPg+Qg6SCvxgN3Qdf+Y2tTkAyZkPf+vBPU02aV6SLjKwZnco28Op+O2Q== X-Received: from tabba.c.googlers.com ([fda3:e722:ac3:cc00:28:9cb1:c0a8:482]) (user=tabba job=sendgmr) by 2002:a1c:32c1:: with SMTP id y184mr2010593wmy.70.1629187925926; Tue, 17 Aug 2021 01:12:05 -0700 (PDT) Date: Tue, 17 Aug 2021 09:11:33 +0100 In-Reply-To: <20210817081134.2918285-1-tabba@google.com> Message-Id: <20210817081134.2918285-15-tabba@google.com> Mime-Version: 1.0 References: <20210817081134.2918285-1-tabba@google.com> X-Mailer: git-send-email 2.33.0.rc1.237.g0d66db33f3-goog Subject: [PATCH v4 14/15] KVM: arm64: Trap access to pVM restricted features From: Fuad Tabba To: kvmarm@lists.cs.columbia.edu Cc: maz@kernel.org, will@kernel.org, james.morse@arm.com, alexandru.elisei@arm.com, suzuki.poulose@arm.com, mark.rutland@arm.com, christoffer.dall@arm.com, pbonzini@redhat.com, drjones@redhat.com, oupton@google.com, qperret@google.com, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org, kernel-team@android.com, tabba@google.com X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210817_011207_912147_B4059CF0 X-CRM114-Status: GOOD ( 14.20 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Trap accesses to restricted features for VMs running in protected mode. Access to feature registers are emulated, and only supported features are exposed to protected VMs. Accesses to restricted registers as well as restricted instructions are trapped, and an undefined exception is injected into the protected guests, i.e., with EC = 0x0 (unknown reason). This EC is the one used, according to the Arm Architecture Reference Manual, for unallocated or undefined system registers or instructions. Only affects the functionality of protected VMs. Otherwise, should not affect non-protected VMs when KVM is running in protected mode. Acked-by: Will Deacon Signed-off-by: Fuad Tabba --- arch/arm64/kvm/hyp/include/hyp/switch.h | 3 +++ arch/arm64/kvm/hyp/nvhe/switch.c | 34 ++++++++++++++----------- 2 files changed, 22 insertions(+), 15 deletions(-) diff --git a/arch/arm64/kvm/hyp/include/hyp/switch.h b/arch/arm64/kvm/hyp/include/hyp/switch.h index 5a2b89b96c67..8431f1514280 100644 --- a/arch/arm64/kvm/hyp/include/hyp/switch.h +++ b/arch/arm64/kvm/hyp/include/hyp/switch.h @@ -33,6 +33,9 @@ extern struct exception_table_entry __start___kvm_ex_table; extern struct exception_table_entry __stop___kvm_ex_table; +int kvm_handle_pvm_sys64(struct kvm_vcpu *vcpu); +int kvm_handle_pvm_restricted(struct kvm_vcpu *vcpu); + /* Check whether the FP regs were dirtied while in the host-side run loop: */ static inline bool update_fp_enabled(struct kvm_vcpu *vcpu) { diff --git a/arch/arm64/kvm/hyp/nvhe/switch.c b/arch/arm64/kvm/hyp/nvhe/switch.c index b7f25307a7b9..398e62098898 100644 --- a/arch/arm64/kvm/hyp/nvhe/switch.c +++ b/arch/arm64/kvm/hyp/nvhe/switch.c @@ -159,27 +159,27 @@ static void __pmu_switch_to_host(struct kvm_cpu_context *host_ctxt) } static exit_handle_fn hyp_exit_handlers[] = { - [0 ... ESR_ELx_EC_MAX] = NULL, + [0 ... ESR_ELx_EC_MAX] = kvm_handle_pvm_restricted, [ESR_ELx_EC_WFx] = NULL, - [ESR_ELx_EC_CP15_32] = NULL, - [ESR_ELx_EC_CP15_64] = NULL, - [ESR_ELx_EC_CP14_MR] = NULL, - [ESR_ELx_EC_CP14_LS] = NULL, - [ESR_ELx_EC_CP14_64] = NULL, + [ESR_ELx_EC_CP15_32] = kvm_handle_pvm_restricted, + [ESR_ELx_EC_CP15_64] = kvm_handle_pvm_restricted, + [ESR_ELx_EC_CP14_MR] = kvm_handle_pvm_restricted, + [ESR_ELx_EC_CP14_LS] = kvm_handle_pvm_restricted, + [ESR_ELx_EC_CP14_64] = kvm_handle_pvm_restricted, [ESR_ELx_EC_HVC32] = NULL, [ESR_ELx_EC_SMC32] = NULL, [ESR_ELx_EC_HVC64] = NULL, [ESR_ELx_EC_SMC64] = NULL, - [ESR_ELx_EC_SYS64] = NULL, - [ESR_ELx_EC_SVE] = NULL, + [ESR_ELx_EC_SYS64] = kvm_handle_pvm_sys64, + [ESR_ELx_EC_SVE] = kvm_handle_pvm_restricted, [ESR_ELx_EC_IABT_LOW] = NULL, [ESR_ELx_EC_DABT_LOW] = NULL, - [ESR_ELx_EC_SOFTSTP_LOW] = NULL, - [ESR_ELx_EC_WATCHPT_LOW] = NULL, - [ESR_ELx_EC_BREAKPT_LOW] = NULL, - [ESR_ELx_EC_BKPT32] = NULL, - [ESR_ELx_EC_BRK64] = NULL, - [ESR_ELx_EC_FP_ASIMD] = NULL, + [ESR_ELx_EC_SOFTSTP_LOW] = kvm_handle_pvm_restricted, + [ESR_ELx_EC_WATCHPT_LOW] = kvm_handle_pvm_restricted, + [ESR_ELx_EC_BREAKPT_LOW] = kvm_handle_pvm_restricted, + [ESR_ELx_EC_BKPT32] = kvm_handle_pvm_restricted, + [ESR_ELx_EC_BRK64] = kvm_handle_pvm_restricted, + [ESR_ELx_EC_FP_ASIMD] = kvm_handle_pvm_restricted, [ESR_ELx_EC_PAC] = NULL, }; @@ -188,7 +188,11 @@ exit_handle_fn kvm_get_nvhe_exit_handler(struct kvm_vcpu *vcpu) u32 esr = kvm_vcpu_get_esr(vcpu); u8 esr_ec = ESR_ELx_EC(esr); - return hyp_exit_handlers[esr_ec]; + /* For now, only protected VMs have exit handlers. */ + if (unlikely(kvm_vm_is_protected(kern_hyp_va(vcpu->kvm)))) + return hyp_exit_handlers[esr_ec]; + else + return NULL; } /* Switch to the guest for legacy non-VHE systems */