[v4,35/36] KVM: arm64: Handle stage-1 permission overlays

Message ID	20241009190019.3222687-36-maz@kernel.org (mailing list archive)
State	New
Headers	show Return-Path: <linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org> From: Marc Zyngier <maz@kernel.org> To: kvmarm@lists.linux.dev, linux-arm-kernel@lists.infradead.org, kvm@vger.kernel.org Cc: Joey Gouly <joey.gouly@arm.com>, Suzuki K Poulose <suzuki.poulose@arm.com>, Oliver Upton <oliver.upton@linux.dev>, Zenghui Yu <yuzenghui@huawei.com>, Alexandru Elisei <alexandru.elisei@arm.com>, Mark Brown <broonie@kernel.org> Subject: [PATCH v4 35/36] KVM: arm64: Handle stage-1 permission overlays Date: Wed, 9 Oct 2024 20:00:18 +0100 Message-Id: <20241009190019.3222687-36-maz@kernel.org> In-Reply-To: <20241009190019.3222687-1-maz@kernel.org> References: <20241009190019.3222687-1-maz@kernel.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: list Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org> Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org
Series	KVM: arm64: Add EL2 support to FEAT_S1PIE/S1POE \| expand [v4,00/36] KVM: arm64: Add EL2 support to FEAT_S1PIE/S1POE [v4,01/36] arm64: Drop SKL0/SKL1 from TCR2_EL2 [v4,02/36] arm64: Remove VNCR definition for PIRE0_EL2 [v4,03/36] arm64: Add encoding for PIRE0_EL2 [v4,04/36] KVM: arm64: Drop useless struct s2_mmu in __kvm_at_s1e2() [v4,05/36] KVM: arm64: nv: Add missing EL2->EL1 mappings in get_el2_to_el1_mapping() [v4,06/36] KVM: arm64: nv: Handle CNTHCTL_EL2 specially [v4,07/36] KVM: arm64: nv: Save/Restore vEL2 sysregs [v4,08/36] KVM: arm64: Correctly access TCR2_EL1, PIR_EL1, PIRE0_EL1 with VHE [v4,09/36] KVM: arm64: Extend masking facility to arbitrary registers [v4,10/36] arm64: Define ID_AA64MMFR1_EL1.HAFDBS advertising FEAT_HAFT [v4,11/36] KVM: arm64: Add TCR2_EL2 to the sysreg arrays [v4,12/36] KVM: arm64: Sanitise TCR2_EL2 [v4,13/36] KVM: arm64: Add save/restore for TCR2_EL2 [v4,14/36] KVM: arm64: Add PIR{,E0}_EL2 to the sysreg arrays [v4,15/36] KVM: arm64: Add save/restore for PIR{,E0}_EL2 [v4,16/36] KVM: arm64: Handle PIR{,E0}_EL2 traps [v4,17/36] KVM: arm64: Sanitise ID_AA64MMFR3_EL1 [v4,18/36] KVM: arm64: Add AT fast-path support for S1PIE [v4,19/36] KVM: arm64: Split S1 permission evaluation into direct and hierarchical parts [v4,20/36] KVM: arm64: Disable hierarchical permissions when S1PIE is enabled [v4,21/36] KVM: arm64: Implement AT S1PIE support [v4,22/36] KVM: arm64: Define helper for EL2 registers with custom visibility [v4,23/36] KVM: arm64: Hide TCR2_EL1 from userspace when disabled for guests [v4,24/36] KVM: arm64: Hide S1PIE registers from userspace when disabled for guests [v4,25/36] KVM: arm64: Rely on visibility to let PIR*_ELx/TCR2_ELx UNDEF [v4,26/36] arm64: Add encoding for POR_EL2 [v4,27/36] KVM: arm64: Add a composite EL2 visibility helper [v4,28/36] KVM: arm64: Drop bogus CPTR_EL2.E0POE trap routing [v4,29/36] KVM: arm64: Subject S1PIE/S1POE registers to HCR_EL2.{TVM,TRVM} [v4,30/36] KVM: arm64: Add basic support for POR_EL2 [v4,31/36] KVM: arm64: Add save/retore support for POR_EL2 [v4,32/36] KVM: arm64: Add POE save/restore for AT emulation fast-path [v4,33/36] KVM: arm64: Disable hierarchical permissions when POE is enabled [v4,34/36] KVM: arm64: Make PAN conditions part of the S1 walk context [v4,35/36] KVM: arm64: Handle stage-1 permission overlays [v4,36/36] KVM: arm64: Handle WXN attribute

Message ID

20241009190019.3222687-36-maz@kernel.org (mailing list archive)

State

New

Headers

From: Marc Zyngier <maz@kernel.org>
To: kvmarm@lists.linux.dev,
	linux-arm-kernel@lists.infradead.org,
	kvm@vger.kernel.org
Cc: Joey Gouly <joey.gouly@arm.com>,
	Suzuki K Poulose <suzuki.poulose@arm.com>,
	Oliver Upton <oliver.upton@linux.dev>,
	Zenghui Yu <yuzenghui@huawei.com>,
	Alexandru Elisei <alexandru.elisei@arm.com>,
	Mark Brown <broonie@kernel.org>
Subject: [PATCH v4 35/36] KVM: arm64: Handle stage-1 permission overlays
Date: Wed,  9 Oct 2024 20:00:18 +0100
Message-Id: <20241009190019.3222687-36-maz@kernel.org>
In-Reply-To: <20241009190019.3222687-1-maz@kernel.org>
References: <20241009190019.3222687-1-maz@kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: list
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: 
 linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org

Series

KVM: arm64: Add EL2 support to FEAT_S1PIE/S1POE | expand

Commit Message

Marc Zyngier Oct. 9, 2024, 7 p.m. UTC

We now have the intrastructure in place to emulate S1POE:

- direct permissions are always overlay-capable
- indirect permissions are overlay-capable if the permissions are
  in the 0b0xxx range
- the overlays are strictly substractive

Signed-off-by: Marc Zyngier <maz@kernel.org>
---
 arch/arm64/kvm/at.c | 53 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 53 insertions(+)

diff --git a/arch/arm64/kvm/at.c b/arch/arm64/kvm/at.c
index 4ab87d75807ff..415f668ab2cd6 100644
--- a/arch/arm64/kvm/at.c
+++ b/arch/arm64/kvm/at.c
@@ -40,9 +40,11 @@  struct s1_walk_result {
 			u8	APTable;
 			bool	UXNTable;
 			bool	PXNTable;
+			bool	uov;
 			bool	ur;
 			bool	uw;
 			bool	ux;
+			bool	pov;
 			bool	pr;
 			bool	pw;
 			bool	px;
@@ -881,6 +883,9 @@  static void compute_s1_direct_permissions(struct kvm_vcpu *vcpu,
 		/* XN maps to UXN */
 		wr->px = !(wr->desc & PTE_UXN);
 	}
+
+	wr->pov = wi->poe;
+	wr->uov = wi->e0poe;
 }
 
 static void compute_s1_hierarchical_permissions(struct kvm_vcpu *vcpu,
@@ -1016,6 +1021,9 @@  static void compute_s1_indirect_permissions(struct kvm_vcpu *vcpu,
 	else
 		set_unpriv_perms(wr, false, false, false);
 
+	wr->pov = wi->poe && !(pp & BIT(3));
+	wr->uov = wi->e0poe && !(up & BIT(3));
+
 	/* R_VFPJF */
 	if (wr->px && wr->uw) {
 		set_priv_perms(wr, false, false, false);
@@ -1023,6 +1031,48 @@  static void compute_s1_indirect_permissions(struct kvm_vcpu *vcpu,
 	}
 }
 
+static void compute_s1_overlay_permissions(struct kvm_vcpu *vcpu,
+					   struct s1_walk_info *wi,
+					   struct s1_walk_result *wr)
+{
+	u8 idx, pov_perms, uov_perms;
+
+	idx = FIELD_GET(PTE_PO_IDX_MASK, wr->desc);
+
+	switch (wi->regime) {
+	case TR_EL10:
+		pov_perms = perm_idx(vcpu, POR_EL1, idx);
+		uov_perms = perm_idx(vcpu, POR_EL0, idx);
+		break;
+	case TR_EL20:
+		pov_perms = perm_idx(vcpu, POR_EL2, idx);
+		uov_perms = perm_idx(vcpu, POR_EL0, idx);
+		break;
+	case TR_EL2:
+		pov_perms = perm_idx(vcpu, POR_EL2, idx);
+		uov_perms = 0;
+		break;
+	}
+
+	if (pov_perms & ~POE_RXW)
+		pov_perms = POE_NONE;
+
+	if (wi->poe && wr->pov) {
+		wr->pr &= pov_perms & POE_R;
+		wr->px &= pov_perms & POE_X;
+		wr->pw &= pov_perms & POE_W;
+	}
+
+	if (uov_perms & ~POE_RXW)
+		uov_perms = POE_NONE;
+
+	if (wi->e0poe && wr->uov) {
+		wr->ur &= uov_perms & POE_R;
+		wr->ux &= uov_perms & POE_X;
+		wr->uw &= uov_perms & POE_W;
+	}
+}
+
 static void compute_s1_permissions(struct kvm_vcpu *vcpu,
 				   struct s1_walk_info *wi,
 				   struct s1_walk_result *wr)
@@ -1037,6 +1087,9 @@  static void compute_s1_permissions(struct kvm_vcpu *vcpu,
 	if (!wi->hpd)
 		compute_s1_hierarchical_permissions(vcpu, wi, wr);
 
+	if (wi->poe || wi->e0poe)
+		compute_s1_overlay_permissions(vcpu, wi, wr);
+
 	pan = wi->pan && (wr->ur || wr->uw ||
 			  (pan3_enabled(vcpu, wi->regime) && wr->ux));
 	wr->pw &= !pan;

[v4,35/36] KVM: arm64: Handle stage-1 permission overlays

Commit Message

Patch