From patchwork Mon Dec 16 10:50:41 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Fuad Tabba X-Patchwork-Id: 13909540 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id BCB00E7717F for ; Mon, 16 Dec 2024 10:53:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Type:Cc:To:From: Subject:Message-ID:References:Mime-Version:In-Reply-To:Date:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=zRQ7PRNmj+nfvYjoMEi8DazszN7AvCLCuGHxHUZQekY=; b=tm08TQcp7C+ChWqZDvvr2CqdH1 dzViHieefRjtdFc7P4g0uxWbGZ2HSIjbJFtxk7vXvnlTLdyNuUyX8HkwrY/q8tuXJzZxoNucS9FPu XeROOLrvTL+L4/xhoCxF5pthqofju7CeruduXOVONS3cBCEi9ZDUu2qqU3w+3/Cw5vCcpo3tb2CfH mVw0jCmQ5rwiEyGM8e9Rm6sWofZWd47wFx9o2oLwgUugqTPBKRSB2h1Fp1QoesJZR5TlGsVkWBp1X QiTaTbHk/lfKdMJ1Tl90lpjcNtq9rpiohTTILz+IE/HCnTHX/qH9wP9v4jUZfi9j3b/6OSmik5IB4 kIbtg9vQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tN8ix-00000009kKJ-1L65; Mon, 16 Dec 2024 10:53:15 +0000 Received: from mail-wm1-x34a.google.com ([2a00:1450:4864:20::34a]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tN8gp-00000009jvQ-3Axb for linux-arm-kernel@lists.infradead.org; Mon, 16 Dec 2024 10:51:04 +0000 Received: by mail-wm1-x34a.google.com with SMTP id 5b1f17b1804b1-436248d1240so21361085e9.0 for ; Mon, 16 Dec 2024 02:51:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1734346261; x=1734951061; darn=lists.infradead.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=zRQ7PRNmj+nfvYjoMEi8DazszN7AvCLCuGHxHUZQekY=; b=dkyk6TrPYxNVeqgTYQBSdomsevh4+AbxDjrL7VDfhry60m9KF9gRq4v2fuHlXo1Bwm pFNL/tgb+5xIleh5Ll4k77/Vo0ndtCkaVlDkHT26Y+9b7Kf/eJLzl4bng6dmYTLHulaE QsNzs4E0QAFgdg+MkHdNtzlTuGRc+qOqnukQwwcc0LMBOde30/wg2mCBt20GoJHtUxWL JLxAr4iuhQ57zzUb4cY6Mj95+8Vnlnqa8jJeRaqCP5VNu94CGEhudqyKzX4nIiz6jRQe w9kj3v03uIzSObluIH/STXENU6NqmFRsA3JeHpoI0NwkKeMT+hoVkJmL7U3c3PpoW3nl lncg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734346261; x=1734951061; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=zRQ7PRNmj+nfvYjoMEi8DazszN7AvCLCuGHxHUZQekY=; b=RtoDMMdM8omYVC0PBSSuxdWhXfMGiLXtX89vLZTeoQ5ouv1P/wUfbLuEPV+7gi2+9D NEPPWWB56cw3KpLj2Qb+0TFDf17MrY0umHNeraR9nvdUdxEqEQ2JsmxM8rzvZpv+OnHD AT86HV/Gp8BsR1J+sEYHyD51p1dOAKnoeObqS9H1F2LL0yRA7EHQU5OgLWemUh4Xrcs9 X7Z6jFlGhGeLC5bCYNe3cbNLbcrFMLEZ+MwuZ3hB4ja422DIgN1IM7knS1p68iV4FXVs wMc3JIFUBZ3A/CkJOQYfEX/MCajXKu7J18Ije8FMZoEIspgqj1yRLnkpRpHMn8zNSIRZ 3lQg== X-Forwarded-Encrypted: i=1; AJvYcCVXZXlKMH6jvdPhUck3XNQhp8AoQYYPQ4sdSCe3XJvCyukyTbdqYlR4JP7nDP1WlJjq4fN7Zbtoi37xUsUkxUZZ@lists.infradead.org X-Gm-Message-State: AOJu0YwmfRo/mrLmAnYe1owJmXdOsELHAytUJ0YQSzR3tDwqxO3/aMWl MJ87jiJYZehJsSKrKYMWzyYyWZIwkrN27wA3jTeU4kV25XOnQW7mSJd1FzsKDFzVcHdD45ffHA= = X-Google-Smtp-Source: AGHT+IHM5JhLqokh7SSz5/5oRxVL9Rs9IFvD+8QtCPfDiuD93MS42ARuKyN2VDCNYkrVzHM3iakRK0lxow== X-Received: from wmnm10.prod.google.com ([2002:a05:600c:160a:b0:434:9e7b:42c1]) (user=tabba job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:1c12:b0:434:f623:9fe3 with SMTP id 5b1f17b1804b1-4362aa3d8bbmr117978245e9.16.1734346261312; Mon, 16 Dec 2024 02:51:01 -0800 (PST) Date: Mon, 16 Dec 2024 10:50:41 +0000 In-Reply-To: <20241216105057.579031-1-tabba@google.com> Mime-Version: 1.0 References: <20241216105057.579031-1-tabba@google.com> X-Mailer: git-send-email 2.47.1.613.gc27f4b7a9f-goog Message-ID: <20241216105057.579031-2-tabba@google.com> Subject: [PATCH v5 01/17] KVM: arm64: Consolidate allowed and restricted VM feature checks From: Fuad Tabba To: kvmarm@lists.linux.dev, linux-arm-kernel@lists.infradead.org Cc: maz@kernel.org, oliver.upton@linux.dev, james.clark@linaro.org, will@kernel.org, joey.gouly@arm.com, suzuki.poulose@arm.com, yuzenghui@huawei.com, catalin.marinas@arm.com, broonie@kernel.org, qperret@google.com, kristina.martsenko@arm.com, tabba@google.com X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20241216_025103_798484_F19F0C84 X-CRM114-Status: GOOD ( 19.70 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org The definitions for features allowed and allowed with restrictions for protected guests, which are based on feature registers, were defined and checked for separately, even though they are handled in the same way. This could result in missing checks for certain features, e.g., pointer authentication, causing traps for allowed features. Consolidate the definitions into one. Use that new definition to construct the guest view of the feature registers for consistency. Signed-off-by: Fuad Tabba --- Note: This patch ends up being a no-op, since none of the changes in it survive the series. It's included because it makes the rest of the series flow more smoothly. --- .../arm64/kvm/hyp/include/nvhe/fixed_config.h | 55 +++++++------------ arch/arm64/kvm/hyp/nvhe/pkvm.c | 8 +-- arch/arm64/kvm/hyp/nvhe/sys_regs.c | 6 +- 3 files changed, 26 insertions(+), 43 deletions(-) diff --git a/arch/arm64/kvm/hyp/include/nvhe/fixed_config.h b/arch/arm64/kvm/hyp/include/nvhe/fixed_config.h index f957890c7e38..d1e59b88ff66 100644 --- a/arch/arm64/kvm/hyp/include/nvhe/fixed_config.h +++ b/arch/arm64/kvm/hyp/include/nvhe/fixed_config.h @@ -14,11 +14,8 @@ * guest virtual machines, depending on the mode KVM is running in and on the * type of guest that is running. * - * The ALLOW masks represent a bitmask of feature fields that are allowed - * without any restrictions as long as they are supported by the system. - * - * The RESTRICT_UNSIGNED masks, if present, represent unsigned fields for - * features that are restricted to support at most the specified feature. + * Each field in the masks represents the highest supported *unsigned* value for + * the feature, if supported by the system. * * If a feature field is not present in either, than it is not supported. * @@ -34,16 +31,7 @@ * - Floating-point and Advanced SIMD * - Data Independent Timing * - Spectre/Meltdown Mitigation - */ -#define PVM_ID_AA64PFR0_ALLOW (\ - ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_FP) | \ - ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_AdvSIMD) | \ - ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_DIT) | \ - ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_CSV2) | \ - ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_CSV3) \ - ) - -/* + * * Restrict to the following *unsigned* features for protected VMs: * - AArch64 guests only (no support for AArch32 guests): * AArch32 adds complexity in trap handling, emulation, condition codes, @@ -51,7 +39,12 @@ * - RAS (v1) * Supported by KVM */ -#define PVM_ID_AA64PFR0_RESTRICT_UNSIGNED (\ +#define PVM_ID_AA64PFR0_ALLOW (\ + ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_FP) | \ + ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_AdvSIMD) | \ + ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_DIT) | \ + ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_CSV2) | \ + ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_CSV3) | \ SYS_FIELD_PREP_ENUM(ID_AA64PFR0_EL1, EL0, IMP) | \ SYS_FIELD_PREP_ENUM(ID_AA64PFR0_EL1, EL1, IMP) | \ SYS_FIELD_PREP_ENUM(ID_AA64PFR0_EL1, EL2, IMP) | \ @@ -77,20 +70,16 @@ * - Distinction between Secure and Non-secure Memory * - Mixed-endian at EL0 only * - Non-context synchronizing exception entry and exit + * + * Restrict to the following *unsigned* features for protected VMs: + * - 40-bit IPA + * - 16-bit ASID */ #define PVM_ID_AA64MMFR0_ALLOW (\ ARM64_FEATURE_MASK(ID_AA64MMFR0_EL1_BIGEND) | \ ARM64_FEATURE_MASK(ID_AA64MMFR0_EL1_SNSMEM) | \ ARM64_FEATURE_MASK(ID_AA64MMFR0_EL1_BIGENDEL0) | \ - ARM64_FEATURE_MASK(ID_AA64MMFR0_EL1_EXS) \ - ) - -/* - * Restrict to the following *unsigned* features for protected VMs: - * - 40-bit IPA - * - 16-bit ASID - */ -#define PVM_ID_AA64MMFR0_RESTRICT_UNSIGNED (\ + ARM64_FEATURE_MASK(ID_AA64MMFR0_EL1_EXS) | \ FIELD_PREP(ARM64_FEATURE_MASK(ID_AA64MMFR0_EL1_PARANGE), ID_AA64MMFR0_EL1_PARANGE_40) | \ FIELD_PREP(ARM64_FEATURE_MASK(ID_AA64MMFR0_EL1_ASIDBITS), ID_AA64MMFR0_EL1_ASIDBITS_16) \ ) @@ -185,15 +174,6 @@ ) /* Restrict pointer authentication to the basic version. */ -#define PVM_ID_AA64ISAR1_RESTRICT_UNSIGNED (\ - FIELD_PREP(ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_APA), ID_AA64ISAR1_EL1_APA_PAuth) | \ - FIELD_PREP(ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_API), ID_AA64ISAR1_EL1_API_PAuth) \ - ) - -#define PVM_ID_AA64ISAR2_RESTRICT_UNSIGNED (\ - FIELD_PREP(ARM64_FEATURE_MASK(ID_AA64ISAR2_EL1_APA3), ID_AA64ISAR2_EL1_APA3_PAuth) \ - ) - #define PVM_ID_AA64ISAR1_ALLOW (\ ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_DPB) | \ ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_JSCVT) | \ @@ -206,13 +186,16 @@ ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_SPECRES) | \ ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_BF16) | \ ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_DGH) | \ - ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_I8MM) \ + ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_I8MM) | \ + FIELD_PREP(ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_APA), ID_AA64ISAR1_EL1_APA_PAuth) | \ + FIELD_PREP(ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_API), ID_AA64ISAR1_EL1_API_PAuth) \ ) #define PVM_ID_AA64ISAR2_ALLOW (\ ARM64_FEATURE_MASK(ID_AA64ISAR2_EL1_ATS1A)| \ ARM64_FEATURE_MASK(ID_AA64ISAR2_EL1_GPA3) | \ - ARM64_FEATURE_MASK(ID_AA64ISAR2_EL1_MOPS) \ + ARM64_FEATURE_MASK(ID_AA64ISAR2_EL1_MOPS) | \ + FIELD_PREP(ARM64_FEATURE_MASK(ID_AA64ISAR2_EL1_APA3), ID_AA64ISAR2_EL1_APA3_PAuth) \ ) u64 pvm_read_id_reg(const struct kvm_vcpu *vcpu, u32 id); diff --git a/arch/arm64/kvm/hyp/nvhe/pkvm.c b/arch/arm64/kvm/hyp/nvhe/pkvm.c index 01616c39a810..76a70fee7647 100644 --- a/arch/arm64/kvm/hyp/nvhe/pkvm.c +++ b/arch/arm64/kvm/hyp/nvhe/pkvm.c @@ -36,9 +36,9 @@ static void pvm_init_traps_aa64pfr0(struct kvm_vcpu *vcpu) /* Protected KVM does not support AArch32 guests. */ BUILD_BUG_ON(FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_EL0), - PVM_ID_AA64PFR0_RESTRICT_UNSIGNED) != ID_AA64PFR0_EL1_EL0_IMP); + PVM_ID_AA64PFR0_ALLOW) != ID_AA64PFR0_EL1_EL0_IMP); BUILD_BUG_ON(FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_EL1), - PVM_ID_AA64PFR0_RESTRICT_UNSIGNED) != ID_AA64PFR0_EL1_EL1_IMP); + PVM_ID_AA64PFR0_ALLOW) != ID_AA64PFR0_EL1_EL1_IMP); /* * Linux guests assume support for floating-point and Advanced SIMD. Do @@ -362,8 +362,8 @@ static void pkvm_init_features_from_host(struct pkvm_hyp_vm *hyp_vm, const struc if (FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_SVE), PVM_ID_AA64PFR0_ALLOW)) set_bit(KVM_ARM_VCPU_SVE, allowed_features); - if (FIELD_GET(ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_API), PVM_ID_AA64ISAR1_RESTRICT_UNSIGNED) && - FIELD_GET(ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_APA), PVM_ID_AA64ISAR1_RESTRICT_UNSIGNED)) + if (FIELD_GET(ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_API), PVM_ID_AA64ISAR1_ALLOW) && + FIELD_GET(ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_APA), PVM_ID_AA64ISAR1_ALLOW)) set_bit(KVM_ARM_VCPU_PTRAUTH_ADDRESS, allowed_features); if (FIELD_GET(ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_GPI), PVM_ID_AA64ISAR1_ALLOW) && diff --git a/arch/arm64/kvm/hyp/nvhe/sys_regs.c b/arch/arm64/kvm/hyp/nvhe/sys_regs.c index 2860548d4250..59fb2f056177 100644 --- a/arch/arm64/kvm/hyp/nvhe/sys_regs.c +++ b/arch/arm64/kvm/hyp/nvhe/sys_regs.c @@ -89,7 +89,7 @@ static u64 get_pvm_id_aa64pfr0(const struct kvm_vcpu *vcpu) u64 allow_mask = PVM_ID_AA64PFR0_ALLOW; set_mask |= get_restricted_features_unsigned(id_aa64pfr0_el1_sys_val, - PVM_ID_AA64PFR0_RESTRICT_UNSIGNED); + PVM_ID_AA64PFR0_ALLOW); return (id_aa64pfr0_el1_sys_val & allow_mask) | set_mask; } @@ -189,7 +189,7 @@ static u64 get_pvm_id_aa64mmfr0(const struct kvm_vcpu *vcpu) u64 set_mask; set_mask = get_restricted_features_unsigned(id_aa64mmfr0_el1_sys_val, - PVM_ID_AA64MMFR0_RESTRICT_UNSIGNED); + PVM_ID_AA64MMFR0_ALLOW); return (id_aa64mmfr0_el1_sys_val & PVM_ID_AA64MMFR0_ALLOW) | set_mask; } @@ -276,7 +276,7 @@ static bool pvm_access_id_aarch32(struct kvm_vcpu *vcpu, * of AArch32 feature id registers. */ BUILD_BUG_ON(FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_EL1), - PVM_ID_AA64PFR0_RESTRICT_UNSIGNED) > ID_AA64PFR0_EL1_EL1_IMP); + PVM_ID_AA64PFR0_ALLOW) > ID_AA64PFR0_EL1_EL1_IMP); return pvm_access_raz_wi(vcpu, p, r); } From patchwork Mon Dec 16 10:50:42 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Fuad Tabba X-Patchwork-Id: 13909542 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id A909DE7717F for ; Mon, 16 Dec 2024 10:54:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Type:Cc:To:From: Subject:Message-ID:References:Mime-Version:In-Reply-To:Date:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=oL06yE+6lsDqoEZo0B6caY1IDCsqdCdZ3FGeefrguBs=; b=QSBnKnJYlBZFCl9XV2xU6kbsFp Im8v/GV/uZ0lFX1u7kBsl8XvBgbUfrR3gAE8pkitMr0sr2p+WPpI5y9kNZ9F+G5RJZ31gBwiZQWlX 0/Fj1DNSjaN+8VLYkot+w8m3Cs5dBUXJzNATZAxoeiO0bR32l6k/YPbNAG9Lbevj4KTwpUdo257Ef 0C7lnd8TJ4AC7fEEOpl2tg5RgjESegV4U2GErJoh8zIwTys61HGbJ+BK8DUbRELmMfwq51ReLDZpD rTY7OQB3ISdhlyyRBpPCFX17r8Zereos4tbT+VQO0nf+t4InjSjI/uvvz8YksvXJCjZWCKP4d4cU8 oJsUoHSw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tN8k0-00000009kU0-3wuI; Mon, 16 Dec 2024 10:54:20 +0000 Received: from mail-wm1-x34a.google.com ([2a00:1450:4864:20::34a]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tN8gq-00000009jvq-3pCD for linux-arm-kernel@lists.infradead.org; Mon, 16 Dec 2024 10:51:06 +0000 Received: by mail-wm1-x34a.google.com with SMTP id 5b1f17b1804b1-4361ac607b6so31760835e9.0 for ; Mon, 16 Dec 2024 02:51:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1734346263; x=1734951063; darn=lists.infradead.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=oL06yE+6lsDqoEZo0B6caY1IDCsqdCdZ3FGeefrguBs=; b=bYVsep16AzfAxLb+lPMAHIPYQaAROYunzT3CNMmRqAPi6prhQy1Jm5h6A8Oby8DCr3 LDx9TTXwqBOwHENfq7xQOw9T6LDJQGxPRUfyvdH88/2i06o4iPC6OXGFEx9rAZ0YPr2u +B94CtSvnexlar1XnyQR2IOfoRYHGLsJr4UeCOShrUs1SYOPHuggWYFPXJLXR1yjGxK7 Sv0gyPyWuuxCZzQsvoessyiPRRBJII3A8iv5cJ8YolbRxT8OIkF1XQrPS1ePuXU6Z6+C CSuMmLkpu0JEw3o5lIVq30vDHKDh4PSXssKwTQhvxcMtdrqQEsjkguSCgZId4xizT8KD ZlkQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734346263; x=1734951063; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=oL06yE+6lsDqoEZo0B6caY1IDCsqdCdZ3FGeefrguBs=; b=gyDUNaFNF7DtFRJUznEU3k2l43qGPgP3FYl3e9o/CoHaS9x/vY5HAhllojPtSKoi/X c/KS7hCubjNfK0i/iElEhSBa08UsfLy74Mz1uAfxPqgLZ6D3hzv8mPaslcnZomAvW8JC 5jWwMHp0NK5gBQEmVTnBhDRCfBc+XnaOg+LK46KvEzXwK6f+a5ghV5OiTr46etx+k78g 2SMtN3PvZpMfCxhWoNjqWayqg31D8ugkxJi/R428ZYGH+MhRt0A8zuLalyQ1IUJq1Bnc m4dD489X2lMhTSdPO9TCbMleGufU+D0yhVN6WV6CKYtj7Uv7moR9jLr9EYZ98rsQ4FS8 rDwA== X-Forwarded-Encrypted: i=1; AJvYcCUhWUL3I9/I3m/SmX10zLb2IWkmupzj4ORh8U+LPx4HtJ+X28TdeAlCtLpEYQBKmk49MCoVTIKAnKnpSE2iFuaS@lists.infradead.org X-Gm-Message-State: AOJu0Yzh1bzM6v21S/w1BWe1zTooKbA91jUttoqqzNE/un7sGQpzFwoO 7VuuEY3T9B2cnUSa9AGA73gM/HvNrr7283kKZQ1yj0m9+oXsDgc5V4oUwp9mF7K8Mo5AaoV44w= = X-Google-Smtp-Source: AGHT+IFg69F+3yITUCN2X1rz1XbXd2N//273G1BVBp5meeevRiOwrmLXkI17PqET6QB/QfncGJgbAVG8Qg== X-Received: from wmd15.prod.google.com ([2002:a05:600c:604f:b0:435:4bd2:1dcd]) (user=tabba job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:1e0d:b0:42c:b9c8:2bb0 with SMTP id 5b1f17b1804b1-4362aa27057mr102733325e9.4.1734346263294; Mon, 16 Dec 2024 02:51:03 -0800 (PST) Date: Mon, 16 Dec 2024 10:50:42 +0000 In-Reply-To: <20241216105057.579031-1-tabba@google.com> Mime-Version: 1.0 References: <20241216105057.579031-1-tabba@google.com> X-Mailer: git-send-email 2.47.1.613.gc27f4b7a9f-goog Message-ID: <20241216105057.579031-3-tabba@google.com> Subject: [PATCH v5 02/17] KVM: arm64: Group setting traps for protected VMs by control register From: Fuad Tabba To: kvmarm@lists.linux.dev, linux-arm-kernel@lists.infradead.org Cc: maz@kernel.org, oliver.upton@linux.dev, james.clark@linaro.org, will@kernel.org, joey.gouly@arm.com, suzuki.poulose@arm.com, yuzenghui@huawei.com, catalin.marinas@arm.com, broonie@kernel.org, qperret@google.com, kristina.martsenko@arm.com, tabba@google.com X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20241216_025104_955586_88E69420 X-CRM114-Status: GOOD ( 18.54 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Group setting protected VM traps by control register rather than feature id register, since some trap values (e.g., PAuth), depend on more than one feature id register. Signed-off-by: Fuad Tabba --- arch/arm64/kvm/hyp/nvhe/pkvm.c | 317 +++++++++++++++------------------ 1 file changed, 144 insertions(+), 173 deletions(-) diff --git a/arch/arm64/kvm/hyp/nvhe/pkvm.c b/arch/arm64/kvm/hyp/nvhe/pkvm.c index 76a70fee7647..1744574e79b2 100644 --- a/arch/arm64/kvm/hyp/nvhe/pkvm.c +++ b/arch/arm64/kvm/hyp/nvhe/pkvm.c @@ -23,233 +23,204 @@ unsigned int kvm_arm_vmid_bits; unsigned int kvm_host_sve_max_vl; -/* - * Set trap register values based on features in ID_AA64PFR0. - */ -static void pvm_init_traps_aa64pfr0(struct kvm_vcpu *vcpu) +static void pkvm_vcpu_reset_hcr(struct kvm_vcpu *vcpu) { - const u64 feature_ids = pvm_read_id_reg(vcpu, SYS_ID_AA64PFR0_EL1); - u64 hcr_set = HCR_RW; - u64 hcr_clear = 0; - u64 cptr_set = 0; - u64 cptr_clear = 0; - - /* Protected KVM does not support AArch32 guests. */ - BUILD_BUG_ON(FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_EL0), - PVM_ID_AA64PFR0_ALLOW) != ID_AA64PFR0_EL1_EL0_IMP); - BUILD_BUG_ON(FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_EL1), - PVM_ID_AA64PFR0_ALLOW) != ID_AA64PFR0_EL1_EL1_IMP); - - /* - * Linux guests assume support for floating-point and Advanced SIMD. Do - * not change the trapping behavior for these from the KVM default. - */ - BUILD_BUG_ON(!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_FP), - PVM_ID_AA64PFR0_ALLOW)); - BUILD_BUG_ON(!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_AdvSIMD), - PVM_ID_AA64PFR0_ALLOW)); + vcpu->arch.hcr_el2 = HCR_GUEST_FLAGS; if (has_hvhe()) - hcr_set |= HCR_E2H; + vcpu->arch.hcr_el2 |= HCR_E2H; - /* Trap RAS unless all current versions are supported */ - if (FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_RAS), feature_ids) < - ID_AA64PFR0_EL1_RAS_V1P1) { - hcr_set |= HCR_TERR | HCR_TEA; - hcr_clear |= HCR_FIEN; + if (cpus_have_final_cap(ARM64_HAS_RAS_EXTN)) { + /* route synchronous external abort exceptions to EL2 */ + vcpu->arch.hcr_el2 |= HCR_TEA; + /* trap error record accesses */ + vcpu->arch.hcr_el2 |= HCR_TERR; } - /* Trap AMU */ - if (!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_AMU), feature_ids)) { - hcr_clear |= HCR_AMVOFFEN; - cptr_set |= CPTR_EL2_TAM; - } + if (cpus_have_final_cap(ARM64_HAS_STAGE2_FWB)) + vcpu->arch.hcr_el2 |= HCR_FWB; - /* Trap SVE */ - if (!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_SVE), feature_ids)) { - if (has_hvhe()) - cptr_clear |= CPACR_ELx_ZEN; - else - cptr_set |= CPTR_EL2_TZ; - } + if (cpus_have_final_cap(ARM64_HAS_EVT) && + !cpus_have_final_cap(ARM64_MISMATCHED_CACHE_TYPE)) + vcpu->arch.hcr_el2 |= HCR_TID4; + else + vcpu->arch.hcr_el2 |= HCR_TID2; - vcpu->arch.hcr_el2 |= hcr_set; - vcpu->arch.hcr_el2 &= ~hcr_clear; - vcpu->arch.cptr_el2 |= cptr_set; - vcpu->arch.cptr_el2 &= ~cptr_clear; + if (vcpu_has_ptrauth(vcpu)) + vcpu->arch.hcr_el2 |= (HCR_API | HCR_APK); } -/* - * Set trap register values based on features in ID_AA64PFR1. - */ -static void pvm_init_traps_aa64pfr1(struct kvm_vcpu *vcpu) +static void pvm_init_traps_hcr(struct kvm_vcpu *vcpu) { - const u64 feature_ids = pvm_read_id_reg(vcpu, SYS_ID_AA64PFR1_EL1); - u64 hcr_set = 0; - u64 hcr_clear = 0; + const u64 id_aa64pfr0 = pvm_read_id_reg(vcpu, SYS_ID_AA64PFR0_EL1); + const u64 id_aa64pfr1 = pvm_read_id_reg(vcpu, SYS_ID_AA64PFR1_EL1); + const u64 id_aa64mmfr1 = pvm_read_id_reg(vcpu, SYS_ID_AA64MMFR1_EL1); + u64 val = vcpu->arch.hcr_el2; + + /* No support for AArch32. */ + val |= HCR_RW; + + if (has_hvhe()) + val |= HCR_E2H; + + /* + * Always trap: + * - Feature id registers: to control features exposed to guests + * - Implementation-defined features + */ + val |= HCR_TACR | HCR_TIDCP | HCR_TID3 | HCR_TID1; + + /* Trap RAS unless all current versions are supported */ + if (FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_RAS), id_aa64pfr0) < + ID_AA64PFR0_EL1_RAS_V1P1) { + val |= HCR_TERR | HCR_TEA; + val &= ~(HCR_FIEN); + } + + /* Trap AMU */ + if (!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_AMU), id_aa64pfr0)) + val &= ~(HCR_AMVOFFEN); /* Memory Tagging: Trap and Treat as Untagged if not supported. */ - if (!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR1_EL1_MTE), feature_ids)) { - hcr_set |= HCR_TID5; - hcr_clear |= HCR_DCT | HCR_ATA; + if (!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR1_EL1_MTE), id_aa64pfr1)) { + val |= HCR_TID5; + val &= ~(HCR_DCT | HCR_ATA); } - vcpu->arch.hcr_el2 |= hcr_set; - vcpu->arch.hcr_el2 &= ~hcr_clear; + /* Trap LOR */ + if (!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64MMFR1_EL1_LO), id_aa64mmfr1)) + val |= HCR_TLOR; + + vcpu->arch.hcr_el2 = val; } -/* - * Set trap register values based on features in ID_AA64DFR0. - */ -static void pvm_init_traps_aa64dfr0(struct kvm_vcpu *vcpu) +static void pvm_init_traps_cptr(struct kvm_vcpu *vcpu) { - const u64 feature_ids = pvm_read_id_reg(vcpu, SYS_ID_AA64DFR0_EL1); - u64 mdcr_set = 0; - u64 mdcr_clear = 0; - u64 cptr_set = 0; + const u64 id_aa64pfr0 = pvm_read_id_reg(vcpu, SYS_ID_AA64PFR0_EL1); + const u64 id_aa64pfr1 = pvm_read_id_reg(vcpu, SYS_ID_AA64PFR1_EL1); + const u64 id_aa64dfr0 = pvm_read_id_reg(vcpu, SYS_ID_AA64DFR0_EL1); + u64 val = vcpu->arch.cptr_el2; - /* Trap/constrain PMU */ - if (!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64DFR0_EL1_PMUVer), feature_ids)) { - mdcr_set |= MDCR_EL2_TPM | MDCR_EL2_TPMCR; - mdcr_clear |= MDCR_EL2_HPME | MDCR_EL2_MTPME | - MDCR_EL2_HPMN_MASK; + if (!has_hvhe()) { + val |= CPTR_NVHE_EL2_RES1; + val &= ~(CPTR_NVHE_EL2_RES0); } - /* Trap Debug */ - if (!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64DFR0_EL1_DebugVer), feature_ids)) - mdcr_set |= MDCR_EL2_TDRA | MDCR_EL2_TDA | MDCR_EL2_TDE; - - /* Trap OS Double Lock */ - if (!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64DFR0_EL1_DoubleLock), feature_ids)) - mdcr_set |= MDCR_EL2_TDOSA; + /* Trap AMU */ + if (!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_AMU), id_aa64pfr0)) + val |= CPTR_EL2_TAM; - /* Trap SPE */ - if (!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64DFR0_EL1_PMSVer), feature_ids)) { - mdcr_set |= MDCR_EL2_TPMS; - mdcr_clear |= MDCR_EL2_E2PB_MASK << MDCR_EL2_E2PB_SHIFT; + /* Trap SVE */ + if (!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_SVE), id_aa64pfr0)) { + if (has_hvhe()) + val &= ~(CPACR_ELx_ZEN); + else + val |= CPTR_EL2_TZ; } - /* Trap Trace Filter */ - if (!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64DFR0_EL1_TraceFilt), feature_ids)) - mdcr_set |= MDCR_EL2_TTRF; + /* No SME support in KVM. */ + BUG_ON(FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR1_EL1_SME), id_aa64pfr1)); + if (has_hvhe()) + val &= ~(CPACR_ELx_SMEN); + else + val |= CPTR_EL2_TSM; /* Trap Trace */ - if (!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64DFR0_EL1_TraceVer), feature_ids)) { + if (!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64DFR0_EL1_TraceVer), id_aa64dfr0)) { if (has_hvhe()) - cptr_set |= CPACR_EL1_TTA; + val |= CPACR_EL1_TTA; else - cptr_set |= CPTR_EL2_TTA; + val |= CPTR_EL2_TTA; } - /* Trap External Trace */ - if (!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64DFR0_EL1_ExtTrcBuff), feature_ids)) - mdcr_clear |= MDCR_EL2_E2TB_MASK << MDCR_EL2_E2TB_SHIFT; - - vcpu->arch.mdcr_el2 |= mdcr_set; - vcpu->arch.mdcr_el2 &= ~mdcr_clear; - vcpu->arch.cptr_el2 |= cptr_set; -} - -/* - * Set trap register values based on features in ID_AA64MMFR0. - */ -static void pvm_init_traps_aa64mmfr0(struct kvm_vcpu *vcpu) -{ - const u64 feature_ids = pvm_read_id_reg(vcpu, SYS_ID_AA64MMFR0_EL1); - u64 mdcr_set = 0; - - /* Trap Debug Communications Channel registers */ - if (!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64MMFR0_EL1_FGT), feature_ids)) - mdcr_set |= MDCR_EL2_TDCC; - - vcpu->arch.mdcr_el2 |= mdcr_set; + vcpu->arch.cptr_el2 = val; } -/* - * Set trap register values based on features in ID_AA64MMFR1. - */ -static void pvm_init_traps_aa64mmfr1(struct kvm_vcpu *vcpu) -{ - const u64 feature_ids = pvm_read_id_reg(vcpu, SYS_ID_AA64MMFR1_EL1); - u64 hcr_set = 0; - - /* Trap LOR */ - if (!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64MMFR1_EL1_LO), feature_ids)) - hcr_set |= HCR_TLOR; - - vcpu->arch.hcr_el2 |= hcr_set; -} - -/* - * Set baseline trap register values. - */ -static void pvm_init_trap_regs(struct kvm_vcpu *vcpu) +static void pvm_init_traps_mdcr(struct kvm_vcpu *vcpu) { - const u64 hcr_trap_feat_regs = HCR_TID3; - const u64 hcr_trap_impdef = HCR_TACR | HCR_TIDCP | HCR_TID1; - - /* - * Always trap: - * - Feature id registers: to control features exposed to guests - * - Implementation-defined features - */ - vcpu->arch.hcr_el2 |= hcr_trap_feat_regs | hcr_trap_impdef; + const u64 id_aa64dfr0 = pvm_read_id_reg(vcpu, SYS_ID_AA64DFR0_EL1); + const u64 id_aa64mmfr0 = pvm_read_id_reg(vcpu, SYS_ID_AA64MMFR0_EL1); + u64 val = vcpu->arch.mdcr_el2; - /* Clear res0 and set res1 bits to trap potential new features. */ - vcpu->arch.hcr_el2 &= ~(HCR_RES0); - vcpu->arch.mdcr_el2 &= ~(MDCR_EL2_RES0); - if (!has_hvhe()) { - vcpu->arch.cptr_el2 |= CPTR_NVHE_EL2_RES1; - vcpu->arch.cptr_el2 &= ~(CPTR_NVHE_EL2_RES0); + /* Trap/constrain PMU */ + if (!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64DFR0_EL1_PMUVer), id_aa64dfr0)) { + val |= MDCR_EL2_TPM | MDCR_EL2_TPMCR; + val &= ~(MDCR_EL2_HPME | MDCR_EL2_MTPME | MDCR_EL2_HPMN_MASK); } -} -static void pkvm_vcpu_reset_hcr(struct kvm_vcpu *vcpu) -{ - vcpu->arch.hcr_el2 = HCR_GUEST_FLAGS; + /* Trap Debug */ + if (!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64DFR0_EL1_DebugVer), id_aa64dfr0)) + val |= MDCR_EL2_TDRA | MDCR_EL2_TDA; - if (has_hvhe()) - vcpu->arch.hcr_el2 |= HCR_E2H; + /* Trap OS Double Lock */ + if (!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64DFR0_EL1_DoubleLock), id_aa64dfr0)) + val |= MDCR_EL2_TDOSA; - if (cpus_have_final_cap(ARM64_HAS_RAS_EXTN)) { - /* route synchronous external abort exceptions to EL2 */ - vcpu->arch.hcr_el2 |= HCR_TEA; - /* trap error record accesses */ - vcpu->arch.hcr_el2 |= HCR_TERR; + /* Trap SPE */ + if (!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64DFR0_EL1_PMSVer), id_aa64dfr0)) { + val |= MDCR_EL2_TPMS; + val &= ~(MDCR_EL2_E2PB_MASK << MDCR_EL2_E2PB_SHIFT); } - if (cpus_have_final_cap(ARM64_HAS_STAGE2_FWB)) - vcpu->arch.hcr_el2 |= HCR_FWB; + /* Trap Trace Filter */ + if (!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64DFR0_EL1_TraceFilt), id_aa64dfr0)) + val |= MDCR_EL2_TTRF; - if (cpus_have_final_cap(ARM64_HAS_EVT) && - !cpus_have_final_cap(ARM64_MISMATCHED_CACHE_TYPE)) - vcpu->arch.hcr_el2 |= HCR_TID4; - else - vcpu->arch.hcr_el2 |= HCR_TID2; + /* Trap External Trace */ + if (!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64DFR0_EL1_ExtTrcBuff), id_aa64dfr0)) + val |= MDCR_EL2_E2TB_MASK << MDCR_EL2_E2TB_SHIFT; - if (vcpu_has_ptrauth(vcpu)) - vcpu->arch.hcr_el2 |= (HCR_API | HCR_APK); + /* Trap Debug Communications Channel registers */ + if (!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64MMFR0_EL1_FGT), id_aa64mmfr0)) + val |= MDCR_EL2_TDCC; + + vcpu->arch.mdcr_el2 = val; } /* * Initialize trap register values in protected mode. */ -static void pkvm_vcpu_init_traps(struct kvm_vcpu *vcpu) +static void pkvm_vcpu_init_traps(struct pkvm_hyp_vcpu *hyp_vcpu) { + struct kvm_vcpu *vcpu = &hyp_vcpu->vcpu; + vcpu->arch.cptr_el2 = kvm_get_reset_cptr_el2(vcpu); vcpu->arch.mdcr_el2 = 0; pkvm_vcpu_reset_hcr(vcpu); - if ((!vcpu_is_protected(vcpu))) + if ((!pkvm_hyp_vcpu_is_protected(hyp_vcpu))) return; - pvm_init_trap_regs(vcpu); - pvm_init_traps_aa64pfr0(vcpu); - pvm_init_traps_aa64pfr1(vcpu); - pvm_init_traps_aa64dfr0(vcpu); - pvm_init_traps_aa64mmfr0(vcpu); - pvm_init_traps_aa64mmfr1(vcpu); + /* + * PAuth is allowed if supported by the system and the vcpu. + * Properly checking for PAuth requires checking various fields in + * ID_AA64ISAR1_EL1 and ID_AA64ISAR2_EL1. The way that fixed config + * is controlled now in pKVM does not easily allow that. This will + * change later to follow the changes upstream wrt fixed configuration + * and nested virt. + */ + BUILD_BUG_ON(!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_GPI), + PVM_ID_AA64ISAR1_ALLOW)); + + /* Protected KVM does not support AArch32 guests. */ + BUILD_BUG_ON(FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_EL0), + PVM_ID_AA64PFR0_ALLOW) != ID_AA64PFR0_EL1_EL0_IMP); + BUILD_BUG_ON(FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_EL1), + PVM_ID_AA64PFR0_ALLOW) != ID_AA64PFR0_EL1_EL1_IMP); + + /* + * Linux guests assume support for floating-point and Advanced SIMD. Do + * not change the trapping behavior for these from the KVM default. + */ + BUILD_BUG_ON(!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_FP), + PVM_ID_AA64PFR0_ALLOW)); + BUILD_BUG_ON(!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_AdvSIMD), + PVM_ID_AA64PFR0_ALLOW)); + + pvm_init_traps_hcr(vcpu); + pvm_init_traps_cptr(vcpu); + pvm_init_traps_mdcr(vcpu); } /* @@ -448,7 +419,7 @@ static int init_pkvm_hyp_vcpu(struct pkvm_hyp_vcpu *hyp_vcpu, pkvm_vcpu_init_sve(hyp_vcpu, host_vcpu); pkvm_vcpu_init_ptrauth(hyp_vcpu); - pkvm_vcpu_init_traps(&hyp_vcpu->vcpu); + pkvm_vcpu_init_traps(hyp_vcpu); done: if (ret) unpin_host_vcpu(host_vcpu); From patchwork Mon Dec 16 10:50:43 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Fuad Tabba X-Patchwork-Id: 13909543 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 5A26EE77180 for ; Mon, 16 Dec 2024 10:55:38 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Type:Cc:To:From: Subject:Message-ID:References:Mime-Version:In-Reply-To:Date:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=xINd9m1enPF0BMWAgJgrGlweRAoQYidCOTnyfqcrJ34=; b=GeWucjcbpJIpVbDb9kBIYR6aLw NGLr6+f4KJUsJsMvoFqTB+CZxXELX0qb5kHhxiP5WyB/d0LMQZsAusCLEXzV4ntx87uqa8tfEz70U 7bF9KQmGmgCoov+hm+2G4+wqWYyaJbdh3Tm0QpNIJgyKTFZvd1wlESSzMpRmCwJutXovpuWoYUm7s Pohu/m5hw0FMKMynKxUuL4gq1g7rBg/Ne2ya1V0ZlVGWRp5PXCc0REJf6mRMYBOdC6ovQ9bEqUG2O Jdf1zVxAE/W73ZlmG7lwaxVp9xeIHTcX24c87NUG9xnQ/uR7c+oi9zvCZ7auTWaZBoP3YfnNMRRzj hmSXS6mA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tN8l4-00000009kdV-2EiV; Mon, 16 Dec 2024 10:55:26 +0000 Received: from mail-wm1-x349.google.com ([2a00:1450:4864:20::349]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tN8gt-00000009jwT-2Gu5 for linux-arm-kernel@lists.infradead.org; Mon, 16 Dec 2024 10:51:08 +0000 Received: by mail-wm1-x349.google.com with SMTP id 5b1f17b1804b1-43610eba55bso2941405e9.3 for ; Mon, 16 Dec 2024 02:51:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1734346265; x=1734951065; darn=lists.infradead.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=xINd9m1enPF0BMWAgJgrGlweRAoQYidCOTnyfqcrJ34=; b=Hgqhu5TQ9xEnig9iHDfziobfdKczSc3GQoRxs6kRcPmcHTAZtPKGzXRm2vDvYs3FcN UmkdZG5PQTmNPzdT5jvYoVHMgtXPf4k7WJ+VdhPJBRqzHaC+06XEFejnimk0QOcKAvlx fREnSHFIMYI4G83M+nZuGwGgiAqZldXSZAATjsUynSGbMP4DR/WEkhVONl+bntjDcBi4 MR5LYDp0U0UiIQFXg3y+EBAgNt+Vv+TxHlBjmnMo68EHzyz7Jgp/w1Ad/5bHjrNOANsh 7NrDX5+5ickzsbm22cJt6wV2WFDAV00faMnDW7fJnvQ070HnqVdlUJSuYuAFfAYuWKwN ACEA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734346265; x=1734951065; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=xINd9m1enPF0BMWAgJgrGlweRAoQYidCOTnyfqcrJ34=; b=cFbQJEdVmO//xFJM6Y9jIHXx/fnhE8IDiJPeESonmBpD6g1fDW81FzM9TqG8NoBVNg xSzYDNoe9m1pUdZGF0dL7uRW3Iha/oSSxXZCJYQCdduCgn1nGttzwmXncGHHYzexprTj txNead0D579azrNE2NRxhtXKwZVWU54m4O3+FWzcRbze/kuM8YCM5ObvXutPVmoUvK3n PFCeCHGAp/60+x1CJhNLSKOKBg5/1wwA8yfl/+dmSP3k1tugk5xNJInWuH1zz3K+f/1L f4fZBP0gZYSR3rgiFEmzFT2JnJH79zLVi/FPeA+E6re9zG0Oe3S29Txnq8VjddAY67To azhg== X-Forwarded-Encrypted: i=1; AJvYcCXlIenwP9LTq/7uTiFfUgsSOHrGsjdFNE+qdSzyNCZMHzeu+psTjVfzMIVJFFOdhH7eqmmhM1NZfm5v4clBpeD+@lists.infradead.org X-Gm-Message-State: AOJu0YyG/bYkn3M/H58CpSLCA2Oqk4ZM9gpuo+7Bf5A17NBVeBpD7/v+ 45BSmaFucsJSsvKCTxGhNmvr7kkNWkVdB7zZ2neBJdn3C4JIhE02k3NYDBgkAiJ6vTJCQkqfGQ= = X-Google-Smtp-Source: AGHT+IEkppS2FfLAL9KMtR1A3yTWzMg2ideEuEAUEGrL411aDfJOIT/6mrKwmt3iUJ4BEP1l0XAETHjHOw== X-Received: from wmfo9.prod.google.com ([2002:a05:600c:2e09:b0:436:17fc:a902]) (user=tabba job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:3503:b0:434:ff25:19a0 with SMTP id 5b1f17b1804b1-4362aa94379mr101994565e9.21.1734346265316; Mon, 16 Dec 2024 02:51:05 -0800 (PST) Date: Mon, 16 Dec 2024 10:50:43 +0000 In-Reply-To: <20241216105057.579031-1-tabba@google.com> Mime-Version: 1.0 References: <20241216105057.579031-1-tabba@google.com> X-Mailer: git-send-email 2.47.1.613.gc27f4b7a9f-goog Message-ID: <20241216105057.579031-4-tabba@google.com> Subject: [PATCH v5 03/17] KVM: arm64: Move checking protected vcpu features to a separate function From: Fuad Tabba To: kvmarm@lists.linux.dev, linux-arm-kernel@lists.infradead.org Cc: maz@kernel.org, oliver.upton@linux.dev, james.clark@linaro.org, will@kernel.org, joey.gouly@arm.com, suzuki.poulose@arm.com, yuzenghui@huawei.com, catalin.marinas@arm.com, broonie@kernel.org, qperret@google.com, kristina.martsenko@arm.com, tabba@google.com X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20241216_025107_577897_F27D938E X-CRM114-Status: GOOD ( 14.41 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org At the moment, checks for supported vcpu features for protected VMs are build-time bugs. In the following patch, they will become runtime checks based on the vcpu's features registers. Therefore, consolidate them into one function that would return an error if it encounters an unsupported feature. Signed-off-by: Fuad Tabba --- arch/arm64/kvm/hyp/nvhe/pkvm.c | 45 ++++++++++++++++++++++++---------- 1 file changed, 32 insertions(+), 13 deletions(-) diff --git a/arch/arm64/kvm/hyp/nvhe/pkvm.c b/arch/arm64/kvm/hyp/nvhe/pkvm.c index 1744574e79b2..fb733b36c6c1 100644 --- a/arch/arm64/kvm/hyp/nvhe/pkvm.c +++ b/arch/arm64/kvm/hyp/nvhe/pkvm.c @@ -178,20 +178,11 @@ static void pvm_init_traps_mdcr(struct kvm_vcpu *vcpu) } /* - * Initialize trap register values in protected mode. + * Check that cpu features that are neither trapped nor supported are not + * enabled for protected VMs. */ -static void pkvm_vcpu_init_traps(struct pkvm_hyp_vcpu *hyp_vcpu) +static int pkvm_check_pvm_cpu_features(struct kvm_vcpu *vcpu) { - struct kvm_vcpu *vcpu = &hyp_vcpu->vcpu; - - vcpu->arch.cptr_el2 = kvm_get_reset_cptr_el2(vcpu); - vcpu->arch.mdcr_el2 = 0; - - pkvm_vcpu_reset_hcr(vcpu); - - if ((!pkvm_hyp_vcpu_is_protected(hyp_vcpu))) - return; - /* * PAuth is allowed if supported by the system and the vcpu. * Properly checking for PAuth requires checking various fields in @@ -218,9 +209,34 @@ static void pkvm_vcpu_init_traps(struct pkvm_hyp_vcpu *hyp_vcpu) BUILD_BUG_ON(!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_AdvSIMD), PVM_ID_AA64PFR0_ALLOW)); + return 0; +} + +/* + * Initialize trap register values in protected mode. + */ +static int pkvm_vcpu_init_traps(struct pkvm_hyp_vcpu *hyp_vcpu) +{ + struct kvm_vcpu *vcpu = &hyp_vcpu->vcpu; + int ret; + + vcpu->arch.cptr_el2 = kvm_get_reset_cptr_el2(vcpu); + vcpu->arch.mdcr_el2 = 0; + + pkvm_vcpu_reset_hcr(vcpu); + + if ((!pkvm_hyp_vcpu_is_protected(hyp_vcpu))) + return 0; + + ret = pkvm_check_pvm_cpu_features(vcpu); + if (ret) + return ret; + pvm_init_traps_hcr(vcpu); pvm_init_traps_cptr(vcpu); pvm_init_traps_mdcr(vcpu); + + return 0; } /* @@ -417,9 +433,12 @@ static int init_pkvm_hyp_vcpu(struct pkvm_hyp_vcpu *hyp_vcpu, hyp_vcpu->vcpu.arch.cflags = READ_ONCE(host_vcpu->arch.cflags); hyp_vcpu->vcpu.arch.mp_state.mp_state = KVM_MP_STATE_STOPPED; + ret = pkvm_vcpu_init_traps(hyp_vcpu); + if (ret) + goto done; + pkvm_vcpu_init_sve(hyp_vcpu, host_vcpu); pkvm_vcpu_init_ptrauth(hyp_vcpu); - pkvm_vcpu_init_traps(hyp_vcpu); done: if (ret) unpin_host_vcpu(host_vcpu); From patchwork Mon Dec 16 10:50:44 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Fuad Tabba X-Patchwork-Id: 13909544 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 3D613E7717F for ; Mon, 16 Dec 2024 10:56:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Type:Cc:To:From: Subject:Message-ID:References:Mime-Version:In-Reply-To:Date:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=lFml3JSMGutEQ6gsrAJI0WkcZQLmE0G98yGh0i8+VMo=; b=uoSR5RLFcBjr/znwjbfstlBfZS WTyJQCnFaBqJoMmePrlQWtt0MM+ybR+UsBHX7j58BN7+2az1UCSBKhEG2qO3vxjD1qjMc/Q05GUkZ /5TT7K4Z4jK1YfUV9gZ2TD1bUJ1Db6n4lMqOIY1jvir3ayaKRMJB6TWqTr4l/VUxQyxtiKQjzMK84 OzTxJ5dhHq6HsTiN3Hy9KgFhDVsdrQYf/nXw9fE3jRbOA1XOrBI87O8ppIQ9NFngfeZXL1k31e3qS H9JnPfGTZjLUfO1tHoxhiFiRArzPzEtYg20lKntIczGVcZ8NAvi1n9x4jRObFieL9KNm7lh3+fQkA g3DpR2dw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tN8m7-00000009kmb-0ZM3; Mon, 16 Dec 2024 10:56:31 +0000 Received: from mail-wm1-x34a.google.com ([2a00:1450:4864:20::34a]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tN8gv-00000009jwu-0qPO for linux-arm-kernel@lists.infradead.org; Mon, 16 Dec 2024 10:51:10 +0000 Received: by mail-wm1-x34a.google.com with SMTP id 5b1f17b1804b1-4359206e1e4so36763495e9.2 for ; Mon, 16 Dec 2024 02:51:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1734346267; x=1734951067; darn=lists.infradead.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=lFml3JSMGutEQ6gsrAJI0WkcZQLmE0G98yGh0i8+VMo=; b=yDwx2IjlRIr3LuTw0bejTfhMqUzAkKHEK5EumvPsIyPQqPnTRnPFj6ir8MjIihqZFt ExEvVycMcVOdJl59oIEEZSWdsNkju9J8miosmO8ZFtzKd2G4Mc5FaZOfLZoEwiOxHXc3 f8zISsvKzBb3LiB79I6JDO0M+KwLXc5miMCHbpvd4V3S1ddIeGObtbf2XdCZHt5r2fYa v0DQTcvJJpi41A6bZLV63M/TjM93zHnIB34uqJFVYVjfToIgtx25/ezHJz5KZLxlFbnO dyWpsGf0iHrSiT/fdHrfXE22lwB76yY342EthsV0p/QcVexudoK0qI2Qu5iGKYqjS9k7 4YBg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734346267; x=1734951067; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=lFml3JSMGutEQ6gsrAJI0WkcZQLmE0G98yGh0i8+VMo=; b=lOQ4scO0uudktnqZILz1USvbEYeW6TcT5VyX8OzpXbc3uR7ktqM9k4kYWX3ebQsipn I8STrvGyhJNu2ZMHnJt9rIiKNTDMffijCI3/ZLkqLgsz9MV80sJYODxcpvMTUM9xsLGM kKOXAG5ioLfQFbGJJdc0sEKUWCIW8gTAMUXx2EDcDZeDWsnSUDsZg98ELKQoQ81Xtl51 BUGR2FVsGRggH23XHg2kLzbInnq7FccnANYwTbrONcsk9lauKhBuhOrNyu4eYleIHz/C 0hoX52F9sMy0EdNDfLZjV5M92Lu9trmjl2TBIjMQTu72aUbVnKELrJZoOH/Vw+OjU9fv 9z+A== X-Forwarded-Encrypted: i=1; AJvYcCV3ahMWUf1mnyJOEhmJdh4OHPx6/Bd7xzmE57zNceCOY4qAVrnEe+XT704I5df6zi+NGIx4oBHonqisgOn5DcNo@lists.infradead.org X-Gm-Message-State: AOJu0Yw3Y9jZBY3PIiZ2Yhk/yif4pgg7i4zuW1izn9Sf0NpFRvcF9pbc Fm995y6IytEPRc9hJAkRCNLYAQQHNvbcNg5qu6hAbVAN2uRc3VsSVoakCb3WPoiTv4AvDG4exA= = X-Google-Smtp-Source: AGHT+IFP4ta5i0lcC91zFRM638m44kb4PpoOHu3nr7DtprXQkYFF+xVd+4sDwByOyyfX7UPh0ah2h9SuIw== X-Received: from wmbdx10.prod.google.com ([2002:a05:600c:63ca:b0:436:1a60:654e]) (user=tabba job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:468c:b0:434:a802:e9a6 with SMTP id 5b1f17b1804b1-4362aa1b2d7mr107265045e9.7.1734346267353; Mon, 16 Dec 2024 02:51:07 -0800 (PST) Date: Mon, 16 Dec 2024 10:50:44 +0000 In-Reply-To: <20241216105057.579031-1-tabba@google.com> Mime-Version: 1.0 References: <20241216105057.579031-1-tabba@google.com> X-Mailer: git-send-email 2.47.1.613.gc27f4b7a9f-goog Message-ID: <20241216105057.579031-5-tabba@google.com> Subject: [PATCH v5 04/17] KVM: arm64: Remove KVM_ARM_VCPU_POWER_OFF from protected VMs allowed features in pKVM From: Fuad Tabba To: kvmarm@lists.linux.dev, linux-arm-kernel@lists.infradead.org Cc: maz@kernel.org, oliver.upton@linux.dev, james.clark@linaro.org, will@kernel.org, joey.gouly@arm.com, suzuki.poulose@arm.com, yuzenghui@huawei.com, catalin.marinas@arm.com, broonie@kernel.org, qperret@google.com, kristina.martsenko@arm.com, tabba@google.com X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20241216_025109_236486_46ABE762 X-CRM114-Status: UNSURE ( 9.44 ) X-CRM114-Notice: Please train this message. X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org The hypervisor is responsible for the power state of protected VMs in pKVM. Therefore, remove KVM_ARM_VCPU_POWER_OFF from the list of allowed features for protected VMs. Signed-off-by: Fuad Tabba --- arch/arm64/kvm/hyp/nvhe/pkvm.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/arch/arm64/kvm/hyp/nvhe/pkvm.c b/arch/arm64/kvm/hyp/nvhe/pkvm.c index fb733b36c6c1..d3f67189497d 100644 --- a/arch/arm64/kvm/hyp/nvhe/pkvm.c +++ b/arch/arm64/kvm/hyp/nvhe/pkvm.c @@ -331,10 +331,8 @@ static void pkvm_init_features_from_host(struct pkvm_hyp_vm *hyp_vm, const struc /* * For protected VMs, always allow: - * - CPU starting in poweroff state * - PSCI v0.2 */ - set_bit(KVM_ARM_VCPU_POWER_OFF, allowed_features); set_bit(KVM_ARM_VCPU_PSCI_0_2, allowed_features); /* From patchwork Mon Dec 16 10:50:45 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Fuad Tabba X-Patchwork-Id: 13909545 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 3C4CBE7717F for ; Mon, 16 Dec 2024 10:57:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Type:Cc:To:From: Subject:Message-ID:References:Mime-Version:In-Reply-To:Date:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=C9GBryxahmGmSZEhXWCHZRH/qGlu6UtN6W9voNHcA3Y=; b=Kx6vc0GS7+EhJkAAVl4YAsOeo2 e9mjlWFksFjcXk6elCDFxC1r8b/Co5zWIJJ3nealortNKsM1DGYXLH8EJGFuZTa3+gDvGM9k3s9Ja Ln+tDQFCKc47Dvjv9ho0neSiGWMhbJFR9C1NoNqcKegFK1w9Y8HPw7YHy6nvnXHAlrvAGfeoGg1B0 18XNH31D4KoWYd9tfT4z8p4LSOd+tjy+M7bSvUy8DcCAsa4ucpbBAx6SoKrFDp18uJH+p0mPRM+Jt ooMV9GZHKS8fJUDTz6ZrQfasrKjQowR0GxfPQo74nNqkHspOsoPxVGH1qiiuXF0eTCGE8HUYSAWH9 PjgVnZkA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tN8nA-00000009kvV-3Pog; Mon, 16 Dec 2024 10:57:36 +0000 Received: from mail-wm1-x34a.google.com ([2a00:1450:4864:20::34a]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tN8gx-00000009jxJ-1bfs for linux-arm-kernel@lists.infradead.org; Mon, 16 Dec 2024 10:51:12 +0000 Received: by mail-wm1-x34a.google.com with SMTP id 5b1f17b1804b1-43631d8d9c7so13791955e9.1 for ; Mon, 16 Dec 2024 02:51:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1734346269; x=1734951069; darn=lists.infradead.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=C9GBryxahmGmSZEhXWCHZRH/qGlu6UtN6W9voNHcA3Y=; b=EPsaP9HodLEEEdAg5Abyno7HZXVaF+vAKU0dBhJ3hLK6+GzKt56Caw8mcUDbtauUS2 5EaR88gk4xUNjxHPD+QqCv4PdEXpOX5hW+8TAJn79KXpZ04ks6bf7OxiuanFhtl/t1EB BVx/3FbhVKYE+fdYBbsZNmsAf9gAlvRwlQVNc3VnzRPGTtaGd6kem/ptYEo6Vvomq8c/ CerhKehIa29G9y6GC6+W8GigYewlcA+o181bLglH3Y4GaxH+8KPHvPQud13Qe6igLVA/ ptZjV2/amOgvtyNkxZVhjgsE2UpaFlEnXTYrUaJ2hycWcLDgHkQyJdGNURpFX1tO/MVu Y7kA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734346269; x=1734951069; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=C9GBryxahmGmSZEhXWCHZRH/qGlu6UtN6W9voNHcA3Y=; b=YS1oePLP7a03FMoiBPuiDZPnduKCs0nov8FF3lKXLTB/U14pdXuHoB6+kv8ub5pgsT a6v7WJJMgpiYRZJ5/Zs73UOlpol2Xl17KWx1GdFCsGbYklklUKX/lmwo5G4xd4wEJOvS vH40vOwIkZdMOa7xD+3mUngxwWXImx+B7KWSRVlZ6LSgPd4Y3q5iO6PjlDnqZOs7TXQd P2DOZb8Q4bKQePWV5fiwwpC6zR9DZ7ss84oBDHNFoVf1pd20kSnmn3dVJmE8AB0FcVZu 6E+xu1lAQwEX6DZhFeEcDVSM51lxuQNP7rLggrKX4AqV81y52Q9AIwIPk+LN3RRg7SK/ k5kg== X-Forwarded-Encrypted: i=1; AJvYcCXIqRyCqJ2lKw41vEwKh8RkB1Vw5hUjpul2cNjLdnUkiudHHxliJgwnBQ46y+xBmVZGVSKXZWdrp3ha0C5x6Sn/@lists.infradead.org X-Gm-Message-State: AOJu0YzCH2I5JtDCFN7K+N6iLAIAONcCrRbHluh6VmS/i7HjZAwEjafO 4jDE4B2dKBA2QAcZpcWVYthz7A/bN3ckzud2kqomQcPboE2G0twFrIxrM58YDlepRLmvjrk0zg= = X-Google-Smtp-Source: AGHT+IHPZL8XVDqNOwgL7tTd/K+CfTsG1V6K4q53OJuErIEaHTfWnYIPmNKRWoQw/rWlX6rTWd9jy0e+5w== X-Received: from wmph6.prod.google.com ([2002:a05:600c:4986:b0:434:a2c3:d51b]) (user=tabba job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:524c:b0:434:ffb2:f9cf with SMTP id 5b1f17b1804b1-4362b16b28bmr98987585e9.14.1734346269330; Mon, 16 Dec 2024 02:51:09 -0800 (PST) Date: Mon, 16 Dec 2024 10:50:45 +0000 In-Reply-To: <20241216105057.579031-1-tabba@google.com> Mime-Version: 1.0 References: <20241216105057.579031-1-tabba@google.com> X-Mailer: git-send-email 2.47.1.613.gc27f4b7a9f-goog Message-ID: <20241216105057.579031-6-tabba@google.com> Subject: [PATCH v5 05/17] KVM: arm64: Use KVM extension checks for allowed protected VM capabilities From: Fuad Tabba To: kvmarm@lists.linux.dev, linux-arm-kernel@lists.infradead.org Cc: maz@kernel.org, oliver.upton@linux.dev, james.clark@linaro.org, will@kernel.org, joey.gouly@arm.com, suzuki.poulose@arm.com, yuzenghui@huawei.com, catalin.marinas@arm.com, broonie@kernel.org, qperret@google.com, kristina.martsenko@arm.com, tabba@google.com X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20241216_025111_419825_3E773A5D X-CRM114-Status: GOOD ( 14.35 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Use KVM extension checks as the source for determining which capabilities are allowed for protected VMs. KVM extension checks is the natural place for this, since it is also the interface exposed to users. Signed-off-by: Fuad Tabba --- arch/arm64/include/asm/kvm_pkvm.h | 25 +++++++++++++++++++++++++ arch/arm64/kvm/arm.c | 29 ++--------------------------- arch/arm64/kvm/hyp/nvhe/pkvm.c | 24 ++++++------------------ 3 files changed, 33 insertions(+), 45 deletions(-) diff --git a/arch/arm64/include/asm/kvm_pkvm.h b/arch/arm64/include/asm/kvm_pkvm.h index cd56acd9a842..400f7cef1e81 100644 --- a/arch/arm64/include/asm/kvm_pkvm.h +++ b/arch/arm64/include/asm/kvm_pkvm.h @@ -20,6 +20,31 @@ int pkvm_init_host_vm(struct kvm *kvm); int pkvm_create_hyp_vm(struct kvm *kvm); void pkvm_destroy_hyp_vm(struct kvm *kvm); +/* + * This functions as an allow-list of protected VM capabilities. + * Features not explicitly allowed by this function are denied. + */ +static inline bool kvm_pvm_ext_allowed(long ext) +{ + switch (ext) { + case KVM_CAP_IRQCHIP: + case KVM_CAP_ARM_PSCI: + case KVM_CAP_ARM_PSCI_0_2: + case KVM_CAP_NR_VCPUS: + case KVM_CAP_MAX_VCPUS: + case KVM_CAP_MAX_VCPU_ID: + case KVM_CAP_MSI_DEVID: + case KVM_CAP_ARM_VM_IPA_SIZE: + case KVM_CAP_ARM_PMU_V3: + case KVM_CAP_ARM_SVE: + case KVM_CAP_ARM_PTRAUTH_ADDRESS: + case KVM_CAP_ARM_PTRAUTH_GENERIC: + return true; + default: + return false; + } +} + extern struct memblock_region kvm_nvhe_sym(hyp_memory)[]; extern unsigned int kvm_nvhe_sym(hyp_memblock_nr); diff --git a/arch/arm64/kvm/arm.c b/arch/arm64/kvm/arm.c index a102c3aebdbc..b295218cdc24 100644 --- a/arch/arm64/kvm/arm.c +++ b/arch/arm64/kvm/arm.c @@ -80,31 +80,6 @@ int kvm_arch_vcpu_should_kick(struct kvm_vcpu *vcpu) return kvm_vcpu_exiting_guest_mode(vcpu) == IN_GUEST_MODE; } -/* - * This functions as an allow-list of protected VM capabilities. - * Features not explicitly allowed by this function are denied. - */ -static bool pkvm_ext_allowed(struct kvm *kvm, long ext) -{ - switch (ext) { - case KVM_CAP_IRQCHIP: - case KVM_CAP_ARM_PSCI: - case KVM_CAP_ARM_PSCI_0_2: - case KVM_CAP_NR_VCPUS: - case KVM_CAP_MAX_VCPUS: - case KVM_CAP_MAX_VCPU_ID: - case KVM_CAP_MSI_DEVID: - case KVM_CAP_ARM_VM_IPA_SIZE: - case KVM_CAP_ARM_PMU_V3: - case KVM_CAP_ARM_SVE: - case KVM_CAP_ARM_PTRAUTH_ADDRESS: - case KVM_CAP_ARM_PTRAUTH_GENERIC: - return true; - default: - return false; - } -} - int kvm_vm_ioctl_enable_cap(struct kvm *kvm, struct kvm_enable_cap *cap) { @@ -113,7 +88,7 @@ int kvm_vm_ioctl_enable_cap(struct kvm *kvm, if (cap->flags) return -EINVAL; - if (kvm_vm_is_protected(kvm) && !pkvm_ext_allowed(kvm, cap->cap)) + if (kvm_vm_is_protected(kvm) && !kvm_pvm_ext_allowed(cap->cap)) return -EINVAL; switch (cap->cap) { @@ -311,7 +286,7 @@ int kvm_vm_ioctl_check_extension(struct kvm *kvm, long ext) { int r; - if (kvm && kvm_vm_is_protected(kvm) && !pkvm_ext_allowed(kvm, ext)) + if (kvm && kvm_vm_is_protected(kvm) && !kvm_pvm_ext_allowed(ext)) return 0; switch (ext) { diff --git a/arch/arm64/kvm/hyp/nvhe/pkvm.c b/arch/arm64/kvm/hyp/nvhe/pkvm.c index d3f67189497d..59ff6aac514c 100644 --- a/arch/arm64/kvm/hyp/nvhe/pkvm.c +++ b/arch/arm64/kvm/hyp/nvhe/pkvm.c @@ -329,32 +329,20 @@ static void pkvm_init_features_from_host(struct pkvm_hyp_vm *hyp_vm, const struc bitmap_zero(allowed_features, KVM_VCPU_MAX_FEATURES); - /* - * For protected VMs, always allow: - * - PSCI v0.2 - */ set_bit(KVM_ARM_VCPU_PSCI_0_2, allowed_features); - /* - * Check if remaining features are allowed: - * - Performance Monitoring - * - Scalable Vectors - * - Pointer Authentication - */ - if (FIELD_GET(ARM64_FEATURE_MASK(ID_AA64DFR0_EL1_PMUVer), PVM_ID_AA64DFR0_ALLOW)) + if (kvm_pvm_ext_allowed(KVM_CAP_ARM_PMU_V3)) set_bit(KVM_ARM_VCPU_PMU_V3, allowed_features); - if (FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_SVE), PVM_ID_AA64PFR0_ALLOW)) - set_bit(KVM_ARM_VCPU_SVE, allowed_features); - - if (FIELD_GET(ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_API), PVM_ID_AA64ISAR1_ALLOW) && - FIELD_GET(ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_APA), PVM_ID_AA64ISAR1_ALLOW)) + if (kvm_pvm_ext_allowed(KVM_CAP_ARM_PTRAUTH_ADDRESS)) set_bit(KVM_ARM_VCPU_PTRAUTH_ADDRESS, allowed_features); - if (FIELD_GET(ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_GPI), PVM_ID_AA64ISAR1_ALLOW) && - FIELD_GET(ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_GPA), PVM_ID_AA64ISAR1_ALLOW)) + if (kvm_pvm_ext_allowed(KVM_CAP_ARM_PTRAUTH_GENERIC)) set_bit(KVM_ARM_VCPU_PTRAUTH_GENERIC, allowed_features); + if (kvm_pvm_ext_allowed(KVM_CAP_ARM_SVE)) + set_bit(KVM_ARM_VCPU_SVE, allowed_features); + bitmap_and(kvm->arch.vcpu_features, host_kvm->arch.vcpu_features, allowed_features, KVM_VCPU_MAX_FEATURES); } From patchwork Mon Dec 16 10:50:46 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Fuad Tabba X-Patchwork-Id: 13909546 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 58D7BE7717F for ; Mon, 16 Dec 2024 10:58:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Type:Cc:To:From: Subject:Message-ID:References:Mime-Version:In-Reply-To:Date:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=RLNB90HFwi4SHqmi2KVXCppej9by7Sd91qe87vHnQQY=; b=O3BvGdQnrC17m3nEct40dbTrDt 9iHMZxENlJ92afAKllHmrk5FYNGE87jMKRkmE5Maaxd8PgbqxqdsOdhw1yGu3af8HBQqomQn9+ztK EaCH1V9d8Eg4/Ly8k8GcQT3W5OSOJqqdVXlT/0xsMINGAAuXsTok8CIn7ENJW46ZF8bYzrRx02x59 tazAZfjVo1gyRznfoGPcVi86EFekKoy8XCBTk97K78joYFQKro4XyCyuwtrUcS+DhPMWw6kREOK8G 5EReJR9ObZ08MelPxb0ZBHSWmECyjGmque8ZxdeGlgyN0SCBHdmZ6vat2d8Qmed1syJcaM8n0+hSl uul/2IVQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tN8oD-00000009l23-1loM; Mon, 16 Dec 2024 10:58:41 +0000 Received: from mail-wm1-x34a.google.com ([2a00:1450:4864:20::34a]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tN8gz-00000009jy7-0xND for linux-arm-kernel@lists.infradead.org; Mon, 16 Dec 2024 10:51:14 +0000 Received: by mail-wm1-x34a.google.com with SMTP id 5b1f17b1804b1-43626224274so15454445e9.0 for ; Mon, 16 Dec 2024 02:51:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1734346271; x=1734951071; darn=lists.infradead.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=RLNB90HFwi4SHqmi2KVXCppej9by7Sd91qe87vHnQQY=; b=frJSgEJdP0c3mTVOBR4n1yvTl/V36xaRNK4VVz0b3KZLbcSi51QzfD6Zlo6AUhIUWt PB/uib97nEGEjjQTaqGVO1W2RK8OgnVOkWDDQJUoDmnVOSNq7oS7jpwLwLDVUA+wrcWE muqp9HmUreUF9KkQxufwSk4TPX7wQfN5s07/DGaQy+SEvmvfEBmuMoGktYk6YAvtHkuf QQcv6Tc0BU3fwp9o9mj5PqJk6ktfhwQrdWIgQ3YwWf2HXblEutsSWaOoh//5x8LXC2wA U/IAfNnNP4iHdcZX1mdwWk7cegK6S+IvEDjBnJWRCuCqBtXokR5JiUBBmVzxCen8U2p1 tHHA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734346271; x=1734951071; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=RLNB90HFwi4SHqmi2KVXCppej9by7Sd91qe87vHnQQY=; b=gNwi18ZuXbzoVMKkaW45lJyjiOOZpuIQZMVICHdZyT622KYCIVd81U62HLTCsi0r/6 rWekVdt8Evm9aOJWLrNwjpyNAKEO64aK7bkMaGA6JMGRl2GbaqaEXUWdn+uFGx8Z+ybW fUgBdE4YHRUWOMseuq3orJoFyOsTJ2fMCyXnnGd/svSt6L9/R3WL1SzSITqj+95AMlWB 5xYFFj+Xv3m2ogxoUPrNeRTxvAuSl3kZxxmtUgS0F7yw/VSG72HpQYb0NicQsw3s8UBL rccgZ4rG+fMe8BSHCUudlREnKMx8hJtkOETBP+hAoNMV9ED4Xmdfopu+KqOs+3c79D/u h29A== X-Forwarded-Encrypted: i=1; AJvYcCWtuzFPcBufCNxw503DqOhRg2LuLfOedvX7fJV2juxfSqniYvy76GUaKRNgPq2qi3GZiGtRILDVQUAAg6RxkAV5@lists.infradead.org X-Gm-Message-State: AOJu0YwmLHiHmMwDLEL1uTlF5TA7a5LvtwSqDqE2e2sbgHZ61ziZHkTE ymvyw4Rbxz6fBzu4M1+Y81AU65v8UOBsaLfaGIfuBPfacNub3mP7C/Qx6jk3kGWUd4mgFBFPJg= = X-Google-Smtp-Source: AGHT+IG/KnLxBYGmhyms4gK4RJktxiZAprOlwrWk3fRnjJVEGCGWz+NgSli5dOU7sAR+DbTv+TAWqw5bCQ== X-Received: from wmol7.prod.google.com ([2002:a05:600c:47c7:b0:434:a471:130f]) (user=tabba job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:5254:b0:434:a902:97cd with SMTP id 5b1f17b1804b1-4362aa3f7damr97104285e9.12.1734346271261; Mon, 16 Dec 2024 02:51:11 -0800 (PST) Date: Mon, 16 Dec 2024 10:50:46 +0000 In-Reply-To: <20241216105057.579031-1-tabba@google.com> Mime-Version: 1.0 References: <20241216105057.579031-1-tabba@google.com> X-Mailer: git-send-email 2.47.1.613.gc27f4b7a9f-goog Message-ID: <20241216105057.579031-7-tabba@google.com> Subject: [PATCH v5 06/17] KVM: arm64: Initialize feature id registers for protected VMs From: Fuad Tabba To: kvmarm@lists.linux.dev, linux-arm-kernel@lists.infradead.org Cc: maz@kernel.org, oliver.upton@linux.dev, james.clark@linaro.org, will@kernel.org, joey.gouly@arm.com, suzuki.poulose@arm.com, yuzenghui@huawei.com, catalin.marinas@arm.com, broonie@kernel.org, qperret@google.com, kristina.martsenko@arm.com, tabba@google.com X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20241216_025113_266229_54FD55F7 X-CRM114-Status: GOOD ( 18.83 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org The hypervisor maintains the state of protected VMs. Initialize the values for feature ID registers for protected VMs, to be used when setting traps and when advertising features to protected VMs. Signed-off-by: Fuad Tabba --- .../arm64/kvm/hyp/include/nvhe/fixed_config.h | 1 + arch/arm64/kvm/hyp/include/nvhe/pkvm.h | 2 + arch/arm64/kvm/hyp/nvhe/pkvm.c | 10 +++-- arch/arm64/kvm/hyp/nvhe/sys_regs.c | 44 +++++++++++++++++-- 4 files changed, 51 insertions(+), 6 deletions(-) diff --git a/arch/arm64/kvm/hyp/include/nvhe/fixed_config.h b/arch/arm64/kvm/hyp/include/nvhe/fixed_config.h index d1e59b88ff66..69e26d1a0ebe 100644 --- a/arch/arm64/kvm/hyp/include/nvhe/fixed_config.h +++ b/arch/arm64/kvm/hyp/include/nvhe/fixed_config.h @@ -201,6 +201,7 @@ u64 pvm_read_id_reg(const struct kvm_vcpu *vcpu, u32 id); bool kvm_handle_pvm_sysreg(struct kvm_vcpu *vcpu, u64 *exit_code); bool kvm_handle_pvm_restricted(struct kvm_vcpu *vcpu, u64 *exit_code); +void kvm_init_pvm_id_regs(struct kvm_vcpu *vcpu); int kvm_check_pvm_sysreg_table(void); #endif /* __ARM64_KVM_FIXED_CONFIG_H__ */ diff --git a/arch/arm64/kvm/hyp/include/nvhe/pkvm.h b/arch/arm64/kvm/hyp/include/nvhe/pkvm.h index 24a9a8330d19..698bc20ab80b 100644 --- a/arch/arm64/kvm/hyp/include/nvhe/pkvm.h +++ b/arch/arm64/kvm/hyp/include/nvhe/pkvm.h @@ -47,6 +47,8 @@ struct pkvm_hyp_vm { struct pkvm_hyp_vcpu *vcpus[]; }; +extern hyp_spinlock_t vm_table_lock; + static inline struct pkvm_hyp_vm * pkvm_hyp_vcpu_to_hyp_vm(struct pkvm_hyp_vcpu *hyp_vcpu) { diff --git a/arch/arm64/kvm/hyp/nvhe/pkvm.c b/arch/arm64/kvm/hyp/nvhe/pkvm.c index 59ff6aac514c..3014f3295d81 100644 --- a/arch/arm64/kvm/hyp/nvhe/pkvm.c +++ b/arch/arm64/kvm/hyp/nvhe/pkvm.c @@ -257,10 +257,10 @@ static pkvm_handle_t idx_to_vm_handle(unsigned int idx) /* * Spinlock for protecting state related to the VM table. Protects writes - * to 'vm_table' and 'nr_table_entries' as well as reads and writes to - * 'last_hyp_vcpu_lookup'. + * to 'vm_table', 'nr_table_entries', and other per-vm state on initialization. + * Also protects reads and writes to 'last_hyp_vcpu_lookup'. */ -static DEFINE_HYP_SPINLOCK(vm_table_lock); +DEFINE_HYP_SPINLOCK(vm_table_lock); /* * The table of VM entries for protected VMs in hyp. @@ -381,6 +381,7 @@ static void init_pkvm_hyp_vm(struct kvm *host_kvm, struct pkvm_hyp_vm *hyp_vm, hyp_vm->kvm.created_vcpus = nr_vcpus; hyp_vm->kvm.arch.mmu.vtcr = host_mmu.arch.mmu.vtcr; hyp_vm->kvm.arch.pkvm.enabled = READ_ONCE(host_kvm->arch.pkvm.enabled); + hyp_vm->kvm.arch.flags = 0; pkvm_init_features_from_host(hyp_vm, host_kvm); } @@ -419,6 +420,9 @@ static int init_pkvm_hyp_vcpu(struct pkvm_hyp_vcpu *hyp_vcpu, hyp_vcpu->vcpu.arch.cflags = READ_ONCE(host_vcpu->arch.cflags); hyp_vcpu->vcpu.arch.mp_state.mp_state = KVM_MP_STATE_STOPPED; + if (pkvm_hyp_vcpu_is_protected(hyp_vcpu)) + kvm_init_pvm_id_regs(&hyp_vcpu->vcpu); + ret = pkvm_vcpu_init_traps(hyp_vcpu); if (ret) goto done; diff --git a/arch/arm64/kvm/hyp/nvhe/sys_regs.c b/arch/arm64/kvm/hyp/nvhe/sys_regs.c index 59fb2f056177..453a130b7a5d 100644 --- a/arch/arm64/kvm/hyp/nvhe/sys_regs.c +++ b/arch/arm64/kvm/hyp/nvhe/sys_regs.c @@ -204,8 +204,7 @@ static u64 get_pvm_id_aa64mmfr2(const struct kvm_vcpu *vcpu) return id_aa64mmfr2_el1_sys_val & PVM_ID_AA64MMFR2_ALLOW; } -/* Read a sanitized cpufeature ID register by its encoding */ -u64 pvm_read_id_reg(const struct kvm_vcpu *vcpu, u32 id) +static u64 pvm_calc_id_reg(const struct kvm_vcpu *vcpu, u32 id) { switch (id) { case SYS_ID_AA64PFR0_EL1: @@ -240,10 +239,25 @@ u64 pvm_read_id_reg(const struct kvm_vcpu *vcpu, u32 id) } } +/* Read a sanitized cpufeature ID register by its encoding */ +u64 pvm_read_id_reg(const struct kvm_vcpu *vcpu, u32 id) +{ + return pvm_calc_id_reg(vcpu, id); +} + static u64 read_id_reg(const struct kvm_vcpu *vcpu, struct sys_reg_desc const *r) { - return pvm_read_id_reg(vcpu, reg_to_encoding(r)); + struct kvm *kvm = vcpu->kvm; + u32 reg = reg_to_encoding(r); + + if (WARN_ON_ONCE(!test_bit(KVM_ARCH_FLAG_ID_REGS_INITIALIZED, &kvm->arch.flags))) + return 0; + + if (reg >= sys_reg(3, 0, 0, 1, 0) && reg <= sys_reg(3, 0, 0, 7, 7)) + return kvm->arch.id_regs[IDREG_IDX(reg)]; + + return 0; } /* Handler to RAZ/WI sysregs */ @@ -448,6 +462,30 @@ static const struct sys_reg_desc pvm_sys_reg_descs[] = { /* Performance Monitoring Registers are restricted. */ }; +/* + * Initializes feature registers for protected vms. + */ +void kvm_init_pvm_id_regs(struct kvm_vcpu *vcpu) +{ + struct kvm *kvm = vcpu->kvm; + struct kvm_arch *ka = &kvm->arch; + u32 r; + + hyp_assert_lock_held(&vm_table_lock); + + if (test_bit(KVM_ARCH_FLAG_ID_REGS_INITIALIZED, &kvm->arch.flags)) + return; + + /* + * Initialize only AArch64 id registers since AArch32 isn't supported + * for protected VMs. + */ + for (r = sys_reg(3, 0, 0, 4, 0); r <= sys_reg(3, 0, 0, 7, 7); r += sys_reg(0, 0, 0, 0, 1)) + ka->id_regs[IDREG_IDX(r)] = pvm_calc_id_reg(vcpu, r); + + set_bit(KVM_ARCH_FLAG_ID_REGS_INITIALIZED, &kvm->arch.flags); +} + /* * Checks that the sysreg table is unique and in-order. * From patchwork Mon Dec 16 10:50:47 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Fuad Tabba X-Patchwork-Id: 13909549 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 52F07E77183 for ; Mon, 16 Dec 2024 10:59:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Type:Cc:To:From: Subject:Message-ID:References:Mime-Version:In-Reply-To:Date:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=VDSaYlu5BNMFCP2Ps/7sY6DRsZy+2NDNRO3YTy1dJqE=; b=iEzPPOkuuTR5MxJrJqJInwCCM/ aI109OWz6guqn1ED1hdT94CKf9HFoe6/Dbijcf0U30V3ugeTuWyNaDc2BNt2cZ8y62l2AIJW7h5Ao LpeEco5xdaUD1nN6ucCUig4D+0MuSlBl4FOhEvF2PUdKiSAZx5yjhueS4uwyWWcb7Hl3e1DQcZcF5 tFiv51siQqZutsuIVMlGcOzNHp1+ZuInR56TAsdtrX1RJwAnqI3fZU0k6tPldN5O3c2C8H1+QoCKQ HttRGS+g0kaILrHLRV2f6BmF5gjEZyeeXuk0hsHni20fcN02X8SjXGulwApDyxiN6YGNAWSkWHVjn K8fEM1zA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tN8pH-00000009lBf-06At; Mon, 16 Dec 2024 10:59:47 +0000 Received: from mail-wm1-x349.google.com ([2a00:1450:4864:20::349]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tN8h1-00000009jyW-0Y0S for linux-arm-kernel@lists.infradead.org; Mon, 16 Dec 2024 10:51:16 +0000 Received: by mail-wm1-x349.google.com with SMTP id 5b1f17b1804b1-436328fcfeeso20789395e9.1 for ; Mon, 16 Dec 2024 02:51:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1734346273; x=1734951073; darn=lists.infradead.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=VDSaYlu5BNMFCP2Ps/7sY6DRsZy+2NDNRO3YTy1dJqE=; b=SEnN9fDLoAAGm+9pv6Fv8E2Vz7YCBLveGf/51iHFFD2e4QgAQepGigRKFhTJXd8k97 bMI+wRTB211M0+wVYs+On7Suf85MBPE2CsJuaYd/lYamsH+3DxvFzqEOHu7fo1LvmclT 501lOlXaItvYJtzNlUqHdDLcdS4QLNBU5Xycx0VzLU45xGKJLlIjM/Fu339bkWFTvE8F 4qcyCRXwC0iYO0nZBHhrbXZPC9RUcX3NjZfrZRO6lFW2urG49zVh57r6DU/5+s6Ezl1/ S6YF13fKc1DPAURoc3m+ROh5t0SzY8XapItTrxW6L1fcs+WoHXPXxdFHo3AjkAR/sElt k7hg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734346273; x=1734951073; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=VDSaYlu5BNMFCP2Ps/7sY6DRsZy+2NDNRO3YTy1dJqE=; b=o0yS9/NFX0q1PfwvccnjuILe9t7s9r10MCceUbOjFgH3Z5mkca+BvE1eI9ec9Yaut4 C24IRA0zuHzXuC4mGlv8PP5OAz/GBb8L9OkwYza9Np2sUX8NakSfUVnVdsVREpg56LJY j+J8X7K/nCpSfpjn3Huhjqyek5WIEQPEeIkDCOHBbnkRhqUWfp5WEqQv81LxjoE0ln4v YpzsSEw5eCGAxEl85K9WjqQFjiNBsmi+cZZBPOm2fuCxyx/RXz7e2oztctb1pv5OES8N OXBKDCZKlCFN3qMO4DyR9UwTeHA3T8T+sfa0qZAE/n6fD00vWZTGqp3s+HJXh1W/VaN9 nO2w== X-Forwarded-Encrypted: i=1; AJvYcCX94lrvdH9k3Vxc6o5xa0nIqpkvs6nDFCPuIz8+VnzBdrmUPZ2MhvLT72HbM98kbhbu8rkRNVZJFcSknHA35HwT@lists.infradead.org X-Gm-Message-State: AOJu0YxtemFb8WmLUUWdeFJq5IIMKeMT03NzNQc4JlRLtnn+be4vVDGp p2z460TFnY/BJihLrBEG3fPV6ZXA1WH0zPwv5f/xJ4b4tdMpaT2uEjp5xBBtx8Es4NOSQbZZQA= = X-Google-Smtp-Source: AGHT+IGTCUWt0z19T0g5/8JOxHn663C/7YVEmI38PMNTQ3Odt4zIxqDGQFfmtIF8bmQlzq9AaQluAPJkGw== X-Received: from wmik26.prod.google.com ([2002:a7b:c41a:0:b0:434:f801:bf67]) (user=tabba job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:c0d:b0:431:52b7:a499 with SMTP id 5b1f17b1804b1-4362aa97465mr91799405e9.20.1734346273238; Mon, 16 Dec 2024 02:51:13 -0800 (PST) Date: Mon, 16 Dec 2024 10:50:47 +0000 In-Reply-To: <20241216105057.579031-1-tabba@google.com> Mime-Version: 1.0 References: <20241216105057.579031-1-tabba@google.com> X-Mailer: git-send-email 2.47.1.613.gc27f4b7a9f-goog Message-ID: <20241216105057.579031-8-tabba@google.com> Subject: [PATCH v5 07/17] KVM: arm64: Fix RAS trapping in pKVM for protected VMs From: Fuad Tabba To: kvmarm@lists.linux.dev, linux-arm-kernel@lists.infradead.org Cc: maz@kernel.org, oliver.upton@linux.dev, james.clark@linaro.org, will@kernel.org, joey.gouly@arm.com, suzuki.poulose@arm.com, yuzenghui@huawei.com, catalin.marinas@arm.com, broonie@kernel.org, qperret@google.com, kristina.martsenko@arm.com, tabba@google.com X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20241216_025115_164552_20565597 X-CRM114-Status: GOOD ( 11.11 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Trap RAS in pKVM if not supported at all for protected VMs. The RAS version doesn't matter in this case. Fixes: 2a0c343386ae ("KVM: arm64: Initialize trap registers for protected VMs") Signed-off-by: Fuad Tabba --- arch/arm64/kvm/hyp/nvhe/pkvm.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/arch/arm64/kvm/hyp/nvhe/pkvm.c b/arch/arm64/kvm/hyp/nvhe/pkvm.c index 3014f3295d81..25bbd4c99d30 100644 --- a/arch/arm64/kvm/hyp/nvhe/pkvm.c +++ b/arch/arm64/kvm/hyp/nvhe/pkvm.c @@ -70,9 +70,8 @@ static void pvm_init_traps_hcr(struct kvm_vcpu *vcpu) */ val |= HCR_TACR | HCR_TIDCP | HCR_TID3 | HCR_TID1; - /* Trap RAS unless all current versions are supported */ - if (FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_RAS), id_aa64pfr0) < - ID_AA64PFR0_EL1_RAS_V1P1) { + /* Trap RAS */ + if (!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_RAS), id_aa64pfr0)) { val |= HCR_TERR | HCR_TEA; val &= ~(HCR_FIEN); } From patchwork Mon Dec 16 10:50:48 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Fuad Tabba X-Patchwork-Id: 13909550 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 75A42E7717F for ; Mon, 16 Dec 2024 11:01:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Type:Cc:To:From: Subject:Message-ID:References:Mime-Version:In-Reply-To:Date:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=ujxutKiEzpRoRUOHJtDK1atPp1a+JPpR16PSZYrqpJE=; b=Aql8AlH1DWjfZ0lBpfnWPoAGE3 0Vxj4zN0S1jJyvwRPMuGTBWci9rilZACIiVmi+Fs6J3Rsa8SNrdLAV9enzPsCebdwukYk3+kAFGH5 qpCucf+UyFKyDy1a9mLM+3rUaPrM44LuFum7qzrNRuCtT1oo8Pq3HvIEPw20MyYL9LMGzyfcWO+aZ jvmK+Fr6XhQCXBRZY1MzOQ8JexeMIrfspdlRpTjpV2K+o2fEYlJOmc0EPtX6kOZLpesOZTlQ/dfNK kSi0l3Kdwj6BZ+H1BWdN0hGICnA9lsV1mqQunrQk0K7JFoKDyxWIsUeiYyKB0Ptg7f/Hgp95gvJRQ HPbcfptg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tN8qJ-00000009lNg-2czx; Mon, 16 Dec 2024 11:00:51 +0000 Received: from mail-wm1-x349.google.com ([2a00:1450:4864:20::349]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tN8h3-00000009jyt-0D4E for linux-arm-kernel@lists.infradead.org; Mon, 16 Dec 2024 10:51:18 +0000 Received: by mail-wm1-x349.google.com with SMTP id 5b1f17b1804b1-4361c040ba8so15455955e9.1 for ; Mon, 16 Dec 2024 02:51:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1734346275; x=1734951075; darn=lists.infradead.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=ujxutKiEzpRoRUOHJtDK1atPp1a+JPpR16PSZYrqpJE=; b=CYRjXILQwOz8gah3FcWMYpLjiptzHh06RTnCJMFY0UNc/KICQl8VnjOiB0SUFncZvD c4SR4eSe44xySH4d2sLcHfkerAM1Lnfwyw+5c9/Ebj9feQI5XGm5WIlAhW3WRD7bNfh5 JiTk9kteVqMeeZhaWN7SuCfIXCIGvj19j2Md60YaBCNVUjXxWu9Oxy/wX3eiBKJN4Oqe ZgzlgOM6kqp8CYHwXXpuXnEBK+tyvHLx9fdpVDKgiMQsTguhFIp15dlAfVWzfI+ZQyXn RduRAm7oxjNso0UoBNnsGDqRiz095+iGLr4qhfMGGlNlKu0gFogZtVSFVjvC+n5SVyE9 zbsQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734346275; x=1734951075; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=ujxutKiEzpRoRUOHJtDK1atPp1a+JPpR16PSZYrqpJE=; b=QormQtdNNdyYYxLo4k/iE9wYercWmDMKzNfKr1g9Hs1B8iO1aCvYNhTLPCxdc0H4Hm 5dVO81eYCdUj/f2hCKfT1hqcwYWuZoVo8D8O/BiFXsD77KFivfIuJICUDh6qaO3RxELs tkHE+OFFRwAbzGkcTK4NbR+E443fb1R2TapfTJpIRcgkOEvEHdoR6WMDTfDKpD30ZS3k Lq1gf5USbLzhox5F6yxFawJIO30ALadRmA9tzeb3hm8kH0QCnhy5bds2HuPtacJlKfvd RU0Zph6VbR/jwS5OCIrLqqy9mC+0TpXB2S9pT7xjtmmm1wlj+PriplIMhQvINi33fr30 /NDw== X-Forwarded-Encrypted: i=1; AJvYcCXkW66xAzCLNtPl2DwgRLDJ62Mf7YPK82HR2Cgg4YovayYGDED9QFI+0iS0MRuD96nwGEaIj02BHcmDoHAXUAuO@lists.infradead.org X-Gm-Message-State: AOJu0YzSOLQN9up8K59uPAZvlvH6pwQq+KST69UqTTaqLod0mVE9VNKG CXC4TulhDJi3d6TvKGpvQTfUEx8LB5iJOMXDatP/ZJVurvXH8Y/Lq8XLUeWyaNJV65EZS2LjMw= = X-Google-Smtp-Source: AGHT+IHa+WdqVBi9JSxT0kMtz2byrWzjsdTgnr7YAt40IxNIClW0fKZP2YSxZEkC2eI1ShWd+xI+7oNUZw== X-Received: from wmc3.prod.google.com ([2002:a05:600c:6003:b0:435:dde5:2c3b]) (user=tabba job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:468b:b0:434:9f81:76d5 with SMTP id 5b1f17b1804b1-4362aaa9a4emr81806705e9.22.1734346275240; Mon, 16 Dec 2024 02:51:15 -0800 (PST) Date: Mon, 16 Dec 2024 10:50:48 +0000 In-Reply-To: <20241216105057.579031-1-tabba@google.com> Mime-Version: 1.0 References: <20241216105057.579031-1-tabba@google.com> X-Mailer: git-send-email 2.47.1.613.gc27f4b7a9f-goog Message-ID: <20241216105057.579031-9-tabba@google.com> Subject: [PATCH v5 08/17] KVM: arm64: Set protected VM traps based on its view of feature registers From: Fuad Tabba To: kvmarm@lists.linux.dev, linux-arm-kernel@lists.infradead.org Cc: maz@kernel.org, oliver.upton@linux.dev, james.clark@linaro.org, will@kernel.org, joey.gouly@arm.com, suzuki.poulose@arm.com, yuzenghui@huawei.com, catalin.marinas@arm.com, broonie@kernel.org, qperret@google.com, kristina.martsenko@arm.com, tabba@google.com X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20241216_025117_089759_44DAEBC8 X-CRM114-Status: GOOD ( 16.71 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Now that the VM's feature id registers are initialized with the values of the supported features, use those values to determine which traps to set using kvm_has_feature(). Signed-off-by: Fuad Tabba --- arch/arm64/kvm/hyp/nvhe/pkvm.c | 84 +++++++++++------------------- arch/arm64/kvm/hyp/nvhe/sys_regs.c | 7 --- 2 files changed, 30 insertions(+), 61 deletions(-) diff --git a/arch/arm64/kvm/hyp/nvhe/pkvm.c b/arch/arm64/kvm/hyp/nvhe/pkvm.c index 25bbd4c99d30..2aa349fc42b8 100644 --- a/arch/arm64/kvm/hyp/nvhe/pkvm.c +++ b/arch/arm64/kvm/hyp/nvhe/pkvm.c @@ -52,9 +52,7 @@ static void pkvm_vcpu_reset_hcr(struct kvm_vcpu *vcpu) static void pvm_init_traps_hcr(struct kvm_vcpu *vcpu) { - const u64 id_aa64pfr0 = pvm_read_id_reg(vcpu, SYS_ID_AA64PFR0_EL1); - const u64 id_aa64pfr1 = pvm_read_id_reg(vcpu, SYS_ID_AA64PFR1_EL1); - const u64 id_aa64mmfr1 = pvm_read_id_reg(vcpu, SYS_ID_AA64MMFR1_EL1); + struct kvm *kvm = vcpu->kvm; u64 val = vcpu->arch.hcr_el2; /* No support for AArch32. */ @@ -70,24 +68,20 @@ static void pvm_init_traps_hcr(struct kvm_vcpu *vcpu) */ val |= HCR_TACR | HCR_TIDCP | HCR_TID3 | HCR_TID1; - /* Trap RAS */ - if (!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_RAS), id_aa64pfr0)) { + if (!kvm_has_feat(kvm, ID_AA64PFR0_EL1, RAS, IMP)) { val |= HCR_TERR | HCR_TEA; val &= ~(HCR_FIEN); } - /* Trap AMU */ - if (!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_AMU), id_aa64pfr0)) + if (!kvm_has_feat(kvm, ID_AA64PFR0_EL1, AMU, IMP)) val &= ~(HCR_AMVOFFEN); - /* Memory Tagging: Trap and Treat as Untagged if not supported. */ - if (!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR1_EL1_MTE), id_aa64pfr1)) { + if (!kvm_has_feat(kvm, ID_AA64PFR1_EL1, MTE, IMP)) { val |= HCR_TID5; val &= ~(HCR_DCT | HCR_ATA); } - /* Trap LOR */ - if (!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64MMFR1_EL1_LO), id_aa64mmfr1)) + if (!kvm_has_feat(kvm, ID_AA64MMFR1_EL1, LO, IMP)) val |= HCR_TLOR; vcpu->arch.hcr_el2 = val; @@ -95,9 +89,7 @@ static void pvm_init_traps_hcr(struct kvm_vcpu *vcpu) static void pvm_init_traps_cptr(struct kvm_vcpu *vcpu) { - const u64 id_aa64pfr0 = pvm_read_id_reg(vcpu, SYS_ID_AA64PFR0_EL1); - const u64 id_aa64pfr1 = pvm_read_id_reg(vcpu, SYS_ID_AA64PFR1_EL1); - const u64 id_aa64dfr0 = pvm_read_id_reg(vcpu, SYS_ID_AA64DFR0_EL1); + struct kvm *kvm = vcpu->kvm; u64 val = vcpu->arch.cptr_el2; if (!has_hvhe()) { @@ -105,12 +97,11 @@ static void pvm_init_traps_cptr(struct kvm_vcpu *vcpu) val &= ~(CPTR_NVHE_EL2_RES0); } - /* Trap AMU */ - if (!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_AMU), id_aa64pfr0)) + if (!kvm_has_feat(kvm, ID_AA64PFR0_EL1, AMU, IMP)) val |= CPTR_EL2_TAM; - /* Trap SVE */ - if (!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_SVE), id_aa64pfr0)) { + /* SVE can be disabled by userspace even if supported. */ + if (!vcpu_has_sve(vcpu)) { if (has_hvhe()) val &= ~(CPACR_ELx_ZEN); else @@ -118,14 +109,13 @@ static void pvm_init_traps_cptr(struct kvm_vcpu *vcpu) } /* No SME support in KVM. */ - BUG_ON(FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR1_EL1_SME), id_aa64pfr1)); + BUG_ON(kvm_has_feat(kvm, ID_AA64PFR1_EL1, SME, IMP)); if (has_hvhe()) val &= ~(CPACR_ELx_SMEN); else val |= CPTR_EL2_TSM; - /* Trap Trace */ - if (!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64DFR0_EL1_TraceVer), id_aa64dfr0)) { + if (!kvm_has_feat(kvm, ID_AA64DFR0_EL1, TraceVer, IMP)) { if (has_hvhe()) val |= CPACR_EL1_TTA; else @@ -137,40 +127,33 @@ static void pvm_init_traps_cptr(struct kvm_vcpu *vcpu) static void pvm_init_traps_mdcr(struct kvm_vcpu *vcpu) { - const u64 id_aa64dfr0 = pvm_read_id_reg(vcpu, SYS_ID_AA64DFR0_EL1); - const u64 id_aa64mmfr0 = pvm_read_id_reg(vcpu, SYS_ID_AA64MMFR0_EL1); + struct kvm *kvm = vcpu->kvm; u64 val = vcpu->arch.mdcr_el2; - /* Trap/constrain PMU */ - if (!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64DFR0_EL1_PMUVer), id_aa64dfr0)) { + if (!kvm_has_feat(kvm, ID_AA64DFR0_EL1, PMUVer, IMP)) { val |= MDCR_EL2_TPM | MDCR_EL2_TPMCR; val &= ~(MDCR_EL2_HPME | MDCR_EL2_MTPME | MDCR_EL2_HPMN_MASK); } - /* Trap Debug */ - if (!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64DFR0_EL1_DebugVer), id_aa64dfr0)) + if (!kvm_has_feat(kvm, ID_AA64DFR0_EL1, DebugVer, IMP)) val |= MDCR_EL2_TDRA | MDCR_EL2_TDA; - /* Trap OS Double Lock */ - if (!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64DFR0_EL1_DoubleLock), id_aa64dfr0)) + if (!kvm_has_feat(kvm, ID_AA64DFR0_EL1, DoubleLock, IMP)) val |= MDCR_EL2_TDOSA; - /* Trap SPE */ - if (!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64DFR0_EL1_PMSVer), id_aa64dfr0)) { + if (!kvm_has_feat(kvm, ID_AA64DFR0_EL1, PMSVer, IMP)) { val |= MDCR_EL2_TPMS; val &= ~(MDCR_EL2_E2PB_MASK << MDCR_EL2_E2PB_SHIFT); } - /* Trap Trace Filter */ - if (!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64DFR0_EL1_TraceFilt), id_aa64dfr0)) + if (!kvm_has_feat(kvm, ID_AA64DFR0_EL1, TraceFilt, IMP)) val |= MDCR_EL2_TTRF; - /* Trap External Trace */ - if (!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64DFR0_EL1_ExtTrcBuff), id_aa64dfr0)) + if (!kvm_has_feat(kvm, ID_AA64DFR0_EL1, ExtTrcBuff, IMP)) val |= MDCR_EL2_E2TB_MASK << MDCR_EL2_E2TB_SHIFT; /* Trap Debug Communications Channel registers */ - if (!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64MMFR0_EL1_FGT), id_aa64mmfr0)) + if (!kvm_has_feat(kvm, ID_AA64MMFR0_EL1, FGT, IMP)) val |= MDCR_EL2_TDCC; vcpu->arch.mdcr_el2 = val; @@ -182,31 +165,24 @@ static void pvm_init_traps_mdcr(struct kvm_vcpu *vcpu) */ static int pkvm_check_pvm_cpu_features(struct kvm_vcpu *vcpu) { - /* - * PAuth is allowed if supported by the system and the vcpu. - * Properly checking for PAuth requires checking various fields in - * ID_AA64ISAR1_EL1 and ID_AA64ISAR2_EL1. The way that fixed config - * is controlled now in pKVM does not easily allow that. This will - * change later to follow the changes upstream wrt fixed configuration - * and nested virt. - */ - BUILD_BUG_ON(!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_GPI), - PVM_ID_AA64ISAR1_ALLOW)); + struct kvm *kvm = vcpu->kvm; /* Protected KVM does not support AArch32 guests. */ - BUILD_BUG_ON(FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_EL0), - PVM_ID_AA64PFR0_ALLOW) != ID_AA64PFR0_EL1_EL0_IMP); - BUILD_BUG_ON(FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_EL1), - PVM_ID_AA64PFR0_ALLOW) != ID_AA64PFR0_EL1_EL1_IMP); + if (kvm_has_feat(kvm, ID_AA64PFR0_EL1, EL0, AARCH32) || + kvm_has_feat(kvm, ID_AA64PFR0_EL1, EL1, AARCH32)) + return -EINVAL; /* * Linux guests assume support for floating-point and Advanced SIMD. Do * not change the trapping behavior for these from the KVM default. */ - BUILD_BUG_ON(!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_FP), - PVM_ID_AA64PFR0_ALLOW)); - BUILD_BUG_ON(!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_AdvSIMD), - PVM_ID_AA64PFR0_ALLOW)); + if (!kvm_has_feat(kvm, ID_AA64PFR0_EL1, FP, IMP) || + !kvm_has_feat(kvm, ID_AA64PFR0_EL1, AdvSIMD, IMP)) + return -EINVAL; + + /* No SME support in KVM right now. Check to catch if it changes. */ + if (kvm_has_feat(kvm, ID_AA64PFR1_EL1, SME, IMP)) + return -EINVAL; return 0; } diff --git a/arch/arm64/kvm/hyp/nvhe/sys_regs.c b/arch/arm64/kvm/hyp/nvhe/sys_regs.c index 453a130b7a5d..f2edd024786f 100644 --- a/arch/arm64/kvm/hyp/nvhe/sys_regs.c +++ b/arch/arm64/kvm/hyp/nvhe/sys_regs.c @@ -285,13 +285,6 @@ static bool pvm_access_id_aarch32(struct kvm_vcpu *vcpu, return false; } - /* - * No support for AArch32 guests, therefore, pKVM has no sanitized copy - * of AArch32 feature id registers. - */ - BUILD_BUG_ON(FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_EL1), - PVM_ID_AA64PFR0_ALLOW) > ID_AA64PFR0_EL1_EL1_IMP); - return pvm_access_raz_wi(vcpu, p, r); } From patchwork Mon Dec 16 10:50:49 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Fuad Tabba X-Patchwork-Id: 13909551 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 070ACE7717F for ; Mon, 16 Dec 2024 11:02:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Type:Cc:To:From: Subject:Message-ID:References:Mime-Version:In-Reply-To:Date:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=gXo3l55Lp0ox9GjgmST+qITI19VvMZcTAMR/irX0GuE=; b=3feUZrr/XqOtmxcR9892Jxily5 CWWonvL3A4R5Gm6DeH97wSTFLMAlXkgI2rgCnBuLtKgTosX6Nei5Nrt75756BuyYwud6Oa7hKllbo 7BAFLfXUP1NzbcHjyp1DGmyWAJaEPABB0JRu/8Blb9iazUSD154HdsHrrycPkzEXa+EVG10F3lX2J T7HBHfcMJ30t7u427YtXAOjWMDGg+teP/OdQElU74hLVxeQqEv49s9051C3Q3E8a04YgDDPZdj0Xa PRB2NMICWtNR5Obvm1CFWRPdynfYbWMWyUJ2U9I0g2nNTwYSemdEKWSRD6ZppJ93QsigEhDTAZe1e TbJQeWnQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tN8rN-00000009lZO-19Z0; Mon, 16 Dec 2024 11:01:57 +0000 Received: from mail-wm1-x34a.google.com ([2a00:1450:4864:20::34a]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tN8h4-00000009jzI-3Q73 for linux-arm-kernel@lists.infradead.org; Mon, 16 Dec 2024 10:51:19 +0000 Received: by mail-wm1-x34a.google.com with SMTP id 5b1f17b1804b1-436228ebc5eso4987225e9.3 for ; Mon, 16 Dec 2024 02:51:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1734346277; x=1734951077; darn=lists.infradead.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=gXo3l55Lp0ox9GjgmST+qITI19VvMZcTAMR/irX0GuE=; b=U90bFWQwFBAg8/vDmCCxtsQEtYP0/4HuSmtuVsStSwT21X4O9yYfP947dT6n2gGJuD JW/Nzscqg2qzabfP63v17GX8Y68T+0hRDYz+6fk9oiqS1V2V0VO6+BPo6RA1CVtAW2ZB 24uube95V8TZny4g6yBuFTKWQgkq2ZqRLhwQdKgQPWP/vfhU+PxXvHOlXYzmF96iWZJB xf47GDSI1zITvONTS/7xVsAplQH3wyF9WEdDGL8MbB2VwhiFMLtNcmdRbKK49Ayg4tXn Iijc0t2Q7X2HrZRIK5ZuWhKe4QMV2mI1/JNaX61nCvjHuUfQoLLbXcQly7IMCznM/MHO x5rg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734346277; x=1734951077; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=gXo3l55Lp0ox9GjgmST+qITI19VvMZcTAMR/irX0GuE=; b=WWBHRm181jrSTrz0hjYySOFbli34JtzdlQ5ZkYckh3tU+zXB4mmq/S0CdFFBImZPqi b0GEtPj1v0vW2RFtOmRXBksjNno9X7npG55fkTIu2nbJkTp8w7iHcY/c8SCIKbwBEvpg 4FcSFbyXjdZnkBAJIur18w4jV+fCn8xs30WyQKY412fRSrAxZmG9A1li2n1P317RP8bY vcnX0rAb+cErbGChybuaf7rKR1EvW5AHEPwVVvGN7RSOSJfQ7Klfa5tQF41O5e/YAnQS uFQAV4w86KCgFa4SLryCktCT6Y+Iatfzq8ClCqpFpSfJFPEN+wYx8iGh80kDfoFAJNUo hYKw== X-Forwarded-Encrypted: i=1; AJvYcCW6uomAItAL7Qnlmi14ke2KZhtE55ym1MUikt4CL2prDUS1KfW7MD1YraguWxKNJpZQQ0u/dasASJ60tosLmn3P@lists.infradead.org X-Gm-Message-State: AOJu0YwCrnFzWo7tY3fZpBePj1YlL7t3VQS1f5/J7NqvDzA9jvtYbBY2 SBG84XoDudHdl3Yuq85MyT+g1slOT/0PZxmwynVjawaeT98+zre1P+GS1zRkjjjeFQGXIbuCMQ= = X-Google-Smtp-Source: AGHT+IEa54ct2eRJFEUnIHtQGl0hPqDWVdOl1gNiPpuI2+ZUaNHrg6xbDPixAoMQ9QfgUPlJ9MBnP2+cqw== X-Received: from wmbjl15.prod.google.com ([2002:a05:600c:6a8f:b0:434:fab8:8a32]) (user=tabba job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:4f92:b0:434:fbcd:1382 with SMTP id 5b1f17b1804b1-4362aa2ea7dmr98063565e9.11.1734346277228; Mon, 16 Dec 2024 02:51:17 -0800 (PST) Date: Mon, 16 Dec 2024 10:50:49 +0000 In-Reply-To: <20241216105057.579031-1-tabba@google.com> Mime-Version: 1.0 References: <20241216105057.579031-1-tabba@google.com> X-Mailer: git-send-email 2.47.1.613.gc27f4b7a9f-goog Message-ID: <20241216105057.579031-10-tabba@google.com> Subject: [PATCH v5 09/17] KVM: arm64: Rework specifying restricted features for protected VMs From: Fuad Tabba To: kvmarm@lists.linux.dev, linux-arm-kernel@lists.infradead.org Cc: maz@kernel.org, oliver.upton@linux.dev, james.clark@linaro.org, will@kernel.org, joey.gouly@arm.com, suzuki.poulose@arm.com, yuzenghui@huawei.com, catalin.marinas@arm.com, broonie@kernel.org, qperret@google.com, kristina.martsenko@arm.com, tabba@google.com X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20241216_025118_860369_A4570B21 X-CRM114-Status: GOOD ( 23.72 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org The existing code didn't properly distinguish between signed and unsigned features, and was difficult to read and to maintain. Rework it using the same method used in other parts of KVM when handling vcpu features. Signed-off-by: Fuad Tabba --- arch/arm64/include/asm/kvm_host.h | 1 + .../arm64/kvm/hyp/include/nvhe/fixed_config.h | 1 - arch/arm64/kvm/hyp/nvhe/sys_regs.c | 357 +++++++++--------- 3 files changed, 189 insertions(+), 170 deletions(-) diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h index f333b189fb43..230b0638f0c2 100644 --- a/arch/arm64/include/asm/kvm_host.h +++ b/arch/arm64/include/asm/kvm_host.h @@ -1422,6 +1422,7 @@ static inline bool __vcpu_has_feature(const struct kvm_arch *ka, int feature) return test_bit(feature, ka->vcpu_features); } +#define kvm_vcpu_has_feature(k, f) __vcpu_has_feature(&(k)->arch, (f)) #define vcpu_has_feature(v, f) __vcpu_has_feature(&(v)->kvm->arch, (f)) #define kvm_vcpu_initialized(v) vcpu_get_flag(vcpu, VCPU_INITIALIZED) diff --git a/arch/arm64/kvm/hyp/include/nvhe/fixed_config.h b/arch/arm64/kvm/hyp/include/nvhe/fixed_config.h index 69e26d1a0ebe..37a6d2434e47 100644 --- a/arch/arm64/kvm/hyp/include/nvhe/fixed_config.h +++ b/arch/arm64/kvm/hyp/include/nvhe/fixed_config.h @@ -198,7 +198,6 @@ FIELD_PREP(ARM64_FEATURE_MASK(ID_AA64ISAR2_EL1_APA3), ID_AA64ISAR2_EL1_APA3_PAuth) \ ) -u64 pvm_read_id_reg(const struct kvm_vcpu *vcpu, u32 id); bool kvm_handle_pvm_sysreg(struct kvm_vcpu *vcpu, u64 *exit_code); bool kvm_handle_pvm_restricted(struct kvm_vcpu *vcpu, u64 *exit_code); void kvm_init_pvm_id_regs(struct kvm_vcpu *vcpu); diff --git a/arch/arm64/kvm/hyp/nvhe/sys_regs.c b/arch/arm64/kvm/hyp/nvhe/sys_regs.c index f2edd024786f..289f370d386a 100644 --- a/arch/arm64/kvm/hyp/nvhe/sys_regs.c +++ b/arch/arm64/kvm/hyp/nvhe/sys_regs.c @@ -28,221 +28,240 @@ u64 id_aa64mmfr1_el1_sys_val; u64 id_aa64mmfr2_el1_sys_val; u64 id_aa64smfr0_el1_sys_val; -/* - * Inject an unknown/undefined exception to an AArch64 guest while most of its - * sysregs are live. - */ -static void inject_undef64(struct kvm_vcpu *vcpu) -{ - u64 esr = (ESR_ELx_EC_UNKNOWN << ESR_ELx_EC_SHIFT); - - *vcpu_pc(vcpu) = read_sysreg_el2(SYS_ELR); - *vcpu_cpsr(vcpu) = read_sysreg_el2(SYS_SPSR); - - kvm_pend_exception(vcpu, EXCEPT_AA64_EL1_SYNC); - - __kvm_adjust_pc(vcpu); - - write_sysreg_el1(esr, SYS_ESR); - write_sysreg_el1(read_sysreg_el2(SYS_ELR), SYS_ELR); - write_sysreg_el2(*vcpu_pc(vcpu), SYS_ELR); - write_sysreg_el2(*vcpu_cpsr(vcpu), SYS_SPSR); -} - -/* - * Returns the restricted features values of the feature register based on the - * limitations in restrict_fields. - * A feature id field value of 0b0000 does not impose any restrictions. - * Note: Use only for unsigned feature field values. - */ -static u64 get_restricted_features_unsigned(u64 sys_reg_val, - u64 restrict_fields) -{ - u64 value = 0UL; - u64 mask = GENMASK_ULL(ARM64_FEATURE_FIELD_BITS - 1, 0); +struct pvm_ftr_bits { + bool sign; + u8 shift; + u8 width; + u8 max_val; + bool (*vm_supported)(const struct kvm *kvm); +}; - /* - * According to the Arm Architecture Reference Manual, feature fields - * use increasing values to indicate increases in functionality. - * Iterate over the restricted feature fields and calculate the minimum - * unsigned value between the one supported by the system, and what the - * value is being restricted to. - */ - while (sys_reg_val && restrict_fields) { - value |= min(sys_reg_val & mask, restrict_fields & mask); - sys_reg_val &= ~mask; - restrict_fields &= ~mask; - mask <<= ARM64_FEATURE_FIELD_BITS; +#define __MAX_FEAT_FUNC(id, fld, max, func, sgn) \ + { \ + .sign = sgn, \ + .shift = id##_##fld##_SHIFT, \ + .width = id##_##fld##_WIDTH, \ + .max_val = id##_##fld##_##max, \ + .vm_supported = func, \ } - return value; -} - -/* - * Functions that return the value of feature id registers for protected VMs - * based on allowed features, system features, and KVM support. - */ - -static u64 get_pvm_id_aa64pfr0(const struct kvm_vcpu *vcpu) -{ - u64 set_mask = 0; - u64 allow_mask = PVM_ID_AA64PFR0_ALLOW; - - set_mask |= get_restricted_features_unsigned(id_aa64pfr0_el1_sys_val, - PVM_ID_AA64PFR0_ALLOW); +#define MAX_FEAT_FUNC(id, fld, max, func) \ + __MAX_FEAT_FUNC(id, fld, max, func, id##_##fld##_SIGNED) - return (id_aa64pfr0_el1_sys_val & allow_mask) | set_mask; -} - -static u64 get_pvm_id_aa64pfr1(const struct kvm_vcpu *vcpu) -{ - const struct kvm *kvm = (const struct kvm *)kern_hyp_va(vcpu->kvm); - u64 allow_mask = PVM_ID_AA64PFR1_ALLOW; +#define MAX_FEAT(id, fld, max) \ + MAX_FEAT_FUNC(id, fld, max, NULL) - if (!kvm_has_mte(kvm)) - allow_mask &= ~ARM64_FEATURE_MASK(ID_AA64PFR1_EL1_MTE); +#define MAX_FEAT_ENUM(id, fld, max) \ + __MAX_FEAT_FUNC(id, fld, max, NULL, false) - return id_aa64pfr1_el1_sys_val & allow_mask; -} +#define FEAT_END { .width = 0, } -static u64 get_pvm_id_aa64zfr0(const struct kvm_vcpu *vcpu) +static bool vm_has_ptrauth(const struct kvm *kvm) { - /* - * No support for Scalable Vectors, therefore, hyp has no sanitized - * copy of the feature id register. - */ - BUILD_BUG_ON(PVM_ID_AA64ZFR0_ALLOW != 0ULL); - return 0; -} - -static u64 get_pvm_id_aa64dfr0(const struct kvm_vcpu *vcpu) -{ - /* - * No support for debug, including breakpoints, and watchpoints, - * therefore, pKVM has no sanitized copy of the feature id register. - */ - BUILD_BUG_ON(PVM_ID_AA64DFR0_ALLOW != 0ULL); - return 0; -} - -static u64 get_pvm_id_aa64dfr1(const struct kvm_vcpu *vcpu) -{ - /* - * No support for debug, therefore, hyp has no sanitized copy of the - * feature id register. - */ - BUILD_BUG_ON(PVM_ID_AA64DFR1_ALLOW != 0ULL); - return 0; -} + if (!IS_ENABLED(CONFIG_ARM64_PTR_AUTH)) + return false; -static u64 get_pvm_id_aa64afr0(const struct kvm_vcpu *vcpu) -{ - /* - * No support for implementation defined features, therefore, hyp has no - * sanitized copy of the feature id register. - */ - BUILD_BUG_ON(PVM_ID_AA64AFR0_ALLOW != 0ULL); - return 0; + return (cpus_have_final_cap(ARM64_HAS_ADDRESS_AUTH) || + cpus_have_final_cap(ARM64_HAS_GENERIC_AUTH)) && + kvm_vcpu_has_feature(kvm, KVM_ARM_VCPU_PTRAUTH_GENERIC); } -static u64 get_pvm_id_aa64afr1(const struct kvm_vcpu *vcpu) +static bool vm_has_sve(const struct kvm *kvm) { - /* - * No support for implementation defined features, therefore, hyp has no - * sanitized copy of the feature id register. - */ - BUILD_BUG_ON(PVM_ID_AA64AFR1_ALLOW != 0ULL); - return 0; + return system_supports_sve() && kvm_vcpu_has_feature(kvm, KVM_ARM_VCPU_SVE); } -static u64 get_pvm_id_aa64isar0(const struct kvm_vcpu *vcpu) -{ - return id_aa64isar0_el1_sys_val & PVM_ID_AA64ISAR0_ALLOW; -} +/* + * Definitions for features to be allowed or restricted for protected guests. + * + * Each field in the masks represents the highest supported value for the + * feature. If a feature field is not present, it is not supported. Moreover, + * these are used to generate the guest's view of the feature registers. + * + * The approach for protected VMs is to at least support features that are: + * - Needed by common Linux distributions (e.g., floating point) + * - Trivial to support, e.g., supporting the feature does not introduce or + * require tracking of additional state in KVM + * - Cannot be trapped or prevent the guest from using anyway + */ -static u64 get_pvm_id_aa64isar1(const struct kvm_vcpu *vcpu) -{ - u64 allow_mask = PVM_ID_AA64ISAR1_ALLOW; +static const struct pvm_ftr_bits pvmid_aa64pfr0[] = { + MAX_FEAT(ID_AA64PFR0_EL1, EL0, IMP), + MAX_FEAT(ID_AA64PFR0_EL1, EL1, IMP), + MAX_FEAT(ID_AA64PFR0_EL1, EL2, IMP), + MAX_FEAT(ID_AA64PFR0_EL1, EL3, IMP), + MAX_FEAT(ID_AA64PFR0_EL1, FP, FP16), + MAX_FEAT(ID_AA64PFR0_EL1, AdvSIMD, FP16), + MAX_FEAT(ID_AA64PFR0_EL1, GIC, IMP), + MAX_FEAT_FUNC(ID_AA64PFR0_EL1, SVE, IMP, vm_has_sve), + MAX_FEAT(ID_AA64PFR0_EL1, RAS, IMP), + MAX_FEAT(ID_AA64PFR0_EL1, DIT, IMP), + MAX_FEAT(ID_AA64PFR0_EL1, CSV2, IMP), + MAX_FEAT(ID_AA64PFR0_EL1, CSV3, IMP), + FEAT_END +}; - if (!vcpu_has_ptrauth(vcpu)) - allow_mask &= ~(ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_APA) | - ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_API) | - ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_GPA) | - ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_GPI)); +static const struct pvm_ftr_bits pvmid_aa64pfr1[] = { + MAX_FEAT(ID_AA64PFR1_EL1, BT, IMP), + MAX_FEAT(ID_AA64PFR1_EL1, SSBS, SSBS2), + MAX_FEAT_ENUM(ID_AA64PFR1_EL1, MTE_frac, NI), + FEAT_END +}; - return id_aa64isar1_el1_sys_val & allow_mask; -} +static const struct pvm_ftr_bits pvmid_aa64mmfr0[] = { + MAX_FEAT_ENUM(ID_AA64MMFR0_EL1, PARANGE, 40), + MAX_FEAT_ENUM(ID_AA64MMFR0_EL1, ASIDBITS, 16), + MAX_FEAT(ID_AA64MMFR0_EL1, BIGEND, IMP), + MAX_FEAT(ID_AA64MMFR0_EL1, SNSMEM, IMP), + MAX_FEAT(ID_AA64MMFR0_EL1, BIGENDEL0, IMP), + MAX_FEAT(ID_AA64MMFR0_EL1, EXS, IMP), + FEAT_END +}; -static u64 get_pvm_id_aa64isar2(const struct kvm_vcpu *vcpu) -{ - u64 allow_mask = PVM_ID_AA64ISAR2_ALLOW; +static const struct pvm_ftr_bits pvmid_aa64mmfr1[] = { + MAX_FEAT(ID_AA64MMFR1_EL1, HAFDBS, DBM), + MAX_FEAT_ENUM(ID_AA64MMFR1_EL1, VMIDBits, 16), + MAX_FEAT(ID_AA64MMFR1_EL1, HPDS, HPDS2), + MAX_FEAT(ID_AA64MMFR1_EL1, PAN, PAN3), + MAX_FEAT(ID_AA64MMFR1_EL1, SpecSEI, IMP), + MAX_FEAT(ID_AA64MMFR1_EL1, ETS, IMP), + MAX_FEAT(ID_AA64MMFR1_EL1, CMOW, IMP), + FEAT_END +}; - if (!vcpu_has_ptrauth(vcpu)) - allow_mask &= ~(ARM64_FEATURE_MASK(ID_AA64ISAR2_EL1_APA3) | - ARM64_FEATURE_MASK(ID_AA64ISAR2_EL1_GPA3)); +static const struct pvm_ftr_bits pvmid_aa64mmfr2[] = { + MAX_FEAT(ID_AA64MMFR2_EL1, CnP, IMP), + MAX_FEAT(ID_AA64MMFR2_EL1, UAO, IMP), + MAX_FEAT(ID_AA64MMFR2_EL1, IESB, IMP), + MAX_FEAT(ID_AA64MMFR2_EL1, AT, IMP), + MAX_FEAT_ENUM(ID_AA64MMFR2_EL1, IDS, 0x18), + MAX_FEAT(ID_AA64MMFR2_EL1, TTL, IMP), + MAX_FEAT(ID_AA64MMFR2_EL1, BBM, 2), + MAX_FEAT(ID_AA64MMFR2_EL1, E0PD, IMP), + FEAT_END +}; - return id_aa64isar2_el1_sys_val & allow_mask; -} +static const struct pvm_ftr_bits pvmid_aa64isar1[] = { + MAX_FEAT(ID_AA64ISAR1_EL1, DPB, DPB2), + MAX_FEAT_FUNC(ID_AA64ISAR1_EL1, APA, PAuth, vm_has_ptrauth), + MAX_FEAT_FUNC(ID_AA64ISAR1_EL1, API, PAuth, vm_has_ptrauth), + MAX_FEAT(ID_AA64ISAR1_EL1, JSCVT, IMP), + MAX_FEAT(ID_AA64ISAR1_EL1, FCMA, IMP), + MAX_FEAT(ID_AA64ISAR1_EL1, LRCPC, LRCPC3), + MAX_FEAT(ID_AA64ISAR1_EL1, GPA, IMP), + MAX_FEAT(ID_AA64ISAR1_EL1, GPI, IMP), + MAX_FEAT(ID_AA64ISAR1_EL1, FRINTTS, IMP), + MAX_FEAT(ID_AA64ISAR1_EL1, SB, IMP), + MAX_FEAT(ID_AA64ISAR1_EL1, SPECRES, COSP_RCTX), + MAX_FEAT(ID_AA64ISAR1_EL1, BF16, EBF16), + MAX_FEAT(ID_AA64ISAR1_EL1, DGH, IMP), + MAX_FEAT(ID_AA64ISAR1_EL1, I8MM, IMP), + FEAT_END +}; -static u64 get_pvm_id_aa64mmfr0(const struct kvm_vcpu *vcpu) -{ - u64 set_mask; +static const struct pvm_ftr_bits pvmid_aa64isar2[] = { + MAX_FEAT_FUNC(ID_AA64ISAR2_EL1, GPA3, IMP, vm_has_ptrauth), + MAX_FEAT_FUNC(ID_AA64ISAR2_EL1, APA3, PAuth, vm_has_ptrauth), + MAX_FEAT(ID_AA64ISAR2_EL1, ATS1A, IMP), + FEAT_END +}; - set_mask = get_restricted_features_unsigned(id_aa64mmfr0_el1_sys_val, - PVM_ID_AA64MMFR0_ALLOW); +/* + * None of the features in ID_AA64DFR0_EL1 nor ID_AA64MMFR4_EL1 are supported. + * However, both have Not-Implemented values that are non-zero. Define them + * so they can be used when getting the value of these registers. + */ +#define ID_AA64DFR0_EL1_NONZERO_NI \ +( \ + SYS_FIELD_PREP_ENUM(ID_AA64DFR0_EL1, DoubleLock, NI) | \ + SYS_FIELD_PREP_ENUM(ID_AA64DFR0_EL1, MTPMU, NI) \ +) - return (id_aa64mmfr0_el1_sys_val & PVM_ID_AA64MMFR0_ALLOW) | set_mask; -} +#define ID_AA64MMFR4_EL1_NONZERO_NI \ + SYS_FIELD_PREP_ENUM(ID_AA64MMFR4_EL1, E2H0, NI) -static u64 get_pvm_id_aa64mmfr1(const struct kvm_vcpu *vcpu) +/* + * Returns the value of the feature registers based on the system register + * value, the vcpu support for the revelant features, and the additional + * restrictions for protected VMs. + */ +static u64 get_restricted_features(const struct kvm_vcpu *vcpu, + u64 sys_reg_val, + const struct pvm_ftr_bits restrictions[]) { - return id_aa64mmfr1_el1_sys_val & PVM_ID_AA64MMFR1_ALLOW; -} + u64 val = 0UL; + int i; + + for (i = 0; restrictions[i].width != 0; i++) { + bool (*vm_supported)(const struct kvm *) = restrictions[i].vm_supported; + bool sign = restrictions[i].sign; + int shift = restrictions[i].shift; + int width = restrictions[i].width; + u64 min_signed = (1UL << width) - 1UL; + u64 sign_bit = 1UL << (width - 1); + u64 mask = GENMASK_ULL(width + shift - 1, shift); + u64 sys_val = (sys_reg_val & mask) >> shift; + u64 pvm_max = restrictions[i].max_val; + + if (vm_supported && !vm_supported(vcpu->kvm)) + val |= (sign ? min_signed : 0) << shift; + else if (sign && (sys_val >= sign_bit || pvm_max >= sign_bit)) + val |= max(sys_val, pvm_max) << shift; + else + val |= min(sys_val, pvm_max) << shift; + } -static u64 get_pvm_id_aa64mmfr2(const struct kvm_vcpu *vcpu) -{ - return id_aa64mmfr2_el1_sys_val & PVM_ID_AA64MMFR2_ALLOW; + return val; } static u64 pvm_calc_id_reg(const struct kvm_vcpu *vcpu, u32 id) { switch (id) { case SYS_ID_AA64PFR0_EL1: - return get_pvm_id_aa64pfr0(vcpu); + return get_restricted_features(vcpu, id_aa64pfr0_el1_sys_val, pvmid_aa64pfr0); case SYS_ID_AA64PFR1_EL1: - return get_pvm_id_aa64pfr1(vcpu); - case SYS_ID_AA64ZFR0_EL1: - return get_pvm_id_aa64zfr0(vcpu); - case SYS_ID_AA64DFR0_EL1: - return get_pvm_id_aa64dfr0(vcpu); - case SYS_ID_AA64DFR1_EL1: - return get_pvm_id_aa64dfr1(vcpu); - case SYS_ID_AA64AFR0_EL1: - return get_pvm_id_aa64afr0(vcpu); - case SYS_ID_AA64AFR1_EL1: - return get_pvm_id_aa64afr1(vcpu); + return get_restricted_features(vcpu, id_aa64pfr1_el1_sys_val, pvmid_aa64pfr1); case SYS_ID_AA64ISAR0_EL1: - return get_pvm_id_aa64isar0(vcpu); + return id_aa64isar0_el1_sys_val; case SYS_ID_AA64ISAR1_EL1: - return get_pvm_id_aa64isar1(vcpu); + return get_restricted_features(vcpu, id_aa64isar1_el1_sys_val, pvmid_aa64isar1); case SYS_ID_AA64ISAR2_EL1: - return get_pvm_id_aa64isar2(vcpu); + return get_restricted_features(vcpu, id_aa64isar2_el1_sys_val, pvmid_aa64isar2); case SYS_ID_AA64MMFR0_EL1: - return get_pvm_id_aa64mmfr0(vcpu); + return get_restricted_features(vcpu, id_aa64mmfr0_el1_sys_val, pvmid_aa64mmfr0); case SYS_ID_AA64MMFR1_EL1: - return get_pvm_id_aa64mmfr1(vcpu); + return get_restricted_features(vcpu, id_aa64mmfr1_el1_sys_val, pvmid_aa64mmfr1); case SYS_ID_AA64MMFR2_EL1: - return get_pvm_id_aa64mmfr2(vcpu); + return get_restricted_features(vcpu, id_aa64mmfr2_el1_sys_val, pvmid_aa64mmfr2); + case SYS_ID_AA64DFR0_EL1: + return ID_AA64DFR0_EL1_NONZERO_NI; + case SYS_ID_AA64MMFR4_EL1: + return ID_AA64MMFR4_EL1_NONZERO_NI; default: /* Unhandled ID register, RAZ */ return 0; } } -/* Read a sanitized cpufeature ID register by its encoding */ -u64 pvm_read_id_reg(const struct kvm_vcpu *vcpu, u32 id) +/* + * Inject an unknown/undefined exception to an AArch64 guest while most of its + * sysregs are live. + */ +static void inject_undef64(struct kvm_vcpu *vcpu) { - return pvm_calc_id_reg(vcpu, id); + u64 esr = (ESR_ELx_EC_UNKNOWN << ESR_ELx_EC_SHIFT); + + *vcpu_pc(vcpu) = read_sysreg_el2(SYS_ELR); + *vcpu_cpsr(vcpu) = read_sysreg_el2(SYS_SPSR); + + kvm_pend_exception(vcpu, EXCEPT_AA64_EL1_SYNC); + + __kvm_adjust_pc(vcpu); + + write_sysreg_el1(esr, SYS_ESR); + write_sysreg_el1(read_sysreg_el2(SYS_ELR), SYS_ELR); + write_sysreg_el2(*vcpu_pc(vcpu), SYS_ELR); + write_sysreg_el2(*vcpu_cpsr(vcpu), SYS_SPSR); } static u64 read_id_reg(const struct kvm_vcpu *vcpu, From patchwork Mon Dec 16 10:50:50 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Fuad Tabba X-Patchwork-Id: 13909552 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id AF0D8E7717F for ; Mon, 16 Dec 2024 11:03:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Type:Cc:To:From: Subject:Message-ID:References:Mime-Version:In-Reply-To:Date:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=S1bRsslog21QgNxpNkpcVa41rJFwcEdf98uT++UVD4w=; b=hmol8lCzs1TguUMcuGIN8QFEAC 64r3ay9FvnqS5TmdvwFlf6jApWT784L2cR/LAmctVIhLlTVrw0VYBHSqtHDiOHJTHG7NcAPJTbrny WQ4ZTjoozdaqCKBzuiSiKPEBABVczSlfZQDLXI9GdwOj4RDZQ2LVAPy/1MUcYkFlV8DiqJXRe3gi8 so9PU8Te7XuBHSw7ZY+qvUbprL2d+LVVpUaqobNb0xOzN5w/pHPfYwl+QNhmDUZsq3cm+wlNBj/PD UsVqemxI1n0eJTy40Yv9SDkmJvkeWCYhgAr2Tn4d33Rt5bYwF53xsUEoRW6vbNP2yDM2hwudCJX6Y 7MJU7sfA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tN8sQ-00000009llP-423S; Mon, 16 Dec 2024 11:03:02 +0000 Received: from mail-wm1-x34a.google.com ([2a00:1450:4864:20::34a]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tN8h7-00000009jzc-1aCr for linux-arm-kernel@lists.infradead.org; Mon, 16 Dec 2024 10:51:22 +0000 Received: by mail-wm1-x34a.google.com with SMTP id 5b1f17b1804b1-4361c040ba8so15456375e9.1 for ; Mon, 16 Dec 2024 02:51:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1734346279; x=1734951079; darn=lists.infradead.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=S1bRsslog21QgNxpNkpcVa41rJFwcEdf98uT++UVD4w=; b=gA5fiLA/skwE1iforb43GdAaVrL56yVQ7GArl4MEXmkjsAeXH7cqTBvxuJ9xalkvAJ UysdxflCTtdKN5pdNrgQty4MnB+0dXSpbOJJUFJ6Cm2YyoUki6PGVgWl1jMpRdL73NJB iZMWVo/pnn22fdiIFUSfDEQKnkYo81KWUjmWiZWHsbHBR5YdtuNarbbMhQk4RTPpBxXx +1Baz02Fq1fE8tDSYUfY+sVwlQJIbKz1epXFQ7RLrZ1QzwwT5MOfeq1JZoLWMjok2kd4 dLBbxl8esZGKZ0zWyNjxzWqtE6aQJTUpXGjsYkUj0VzIyZNLofIW4WAb69eoib90zN4J xnGQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734346279; x=1734951079; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=S1bRsslog21QgNxpNkpcVa41rJFwcEdf98uT++UVD4w=; b=mqJHckQuJISh7ShRlXnLuIlqizbwEaYXEzpzrBjo/kOTLqn92091XBowvglis5nWOb CKpnNK2rFpsVaRu7NoX2a7b4DsZOGGqRw0Gd21/VrvQse0ps7FNJAkoHW//8CBAsO0z3 U25//1phgoTOhM0DVJmi4L6tqnFKr29TjFs9y+NRiRwxWEO3lXUA6OQH6Gfxg4HZE0VS ZAxZuZzurjwKzK/guuOL2L1+APL2++TgNesRvzXmjhaWlDTH6/QNNB7gH/qEfP/BLegX j5KJjODucKUleopAskZCiWTUuufgfbCuwCoF3VxKpp5nAIXgXKBwt4TbajktFmTCmeMo 2IgQ== X-Forwarded-Encrypted: i=1; AJvYcCWj3j5HA22m7DMwL7o5QcFLWe+6WzbyzZMMoKfr0MjTXKnefDStPjJNIFpjzmc+3MJelx4vhGZlvLxLUGls2D5n@lists.infradead.org X-Gm-Message-State: AOJu0YzNOE+Lst2EUCboxtxm9Fn10zXREsytCIhEecphlr6aXWxbCdi3 JvbReLogv/w6EMMeN9K3wSbwtcQpB3Ew86lwuEy7xCRuYk4AODh6MMy0KxtHWOUG2GnFkFarsQ= = X-Google-Smtp-Source: AGHT+IH5mmvgLasjrodHrs2I57q0LjQAyojcLRpgBo+Ds3SfIGM6GFNHHa87JZ0zppmme5pXr1R1uh8WGg== X-Received: from wmge22.prod.google.com ([2002:a05:600c:13d6:b0:434:9fab:eb5]) (user=tabba job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:1e28:b0:434:f8a0:9df0 with SMTP id 5b1f17b1804b1-4362aa3d988mr90535695e9.8.1734346279517; Mon, 16 Dec 2024 02:51:19 -0800 (PST) Date: Mon, 16 Dec 2024 10:50:50 +0000 In-Reply-To: <20241216105057.579031-1-tabba@google.com> Mime-Version: 1.0 References: <20241216105057.579031-1-tabba@google.com> X-Mailer: git-send-email 2.47.1.613.gc27f4b7a9f-goog Message-ID: <20241216105057.579031-11-tabba@google.com> Subject: [PATCH v5 10/17] KVM: arm64: Remove fixed_config.h header From: Fuad Tabba To: kvmarm@lists.linux.dev, linux-arm-kernel@lists.infradead.org Cc: maz@kernel.org, oliver.upton@linux.dev, james.clark@linaro.org, will@kernel.org, joey.gouly@arm.com, suzuki.poulose@arm.com, yuzenghui@huawei.com, catalin.marinas@arm.com, broonie@kernel.org, qperret@google.com, kristina.martsenko@arm.com, tabba@google.com X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20241216_025121_417132_8BB96786 X-CRM114-Status: GOOD ( 20.90 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org The few remaining items needed in fixed_config.h are better suited for pkvm.h. Move them there and delete it. No functional change intended. Signed-off-by: Fuad Tabba --- .../arm64/kvm/hyp/include/nvhe/fixed_config.h | 206 ------------------ arch/arm64/kvm/hyp/include/nvhe/pkvm.h | 5 + arch/arm64/kvm/hyp/nvhe/pkvm.c | 1 - arch/arm64/kvm/hyp/nvhe/setup.c | 1 - arch/arm64/kvm/hyp/nvhe/switch.c | 1 - arch/arm64/kvm/hyp/nvhe/sys_regs.c | 2 +- 6 files changed, 6 insertions(+), 210 deletions(-) delete mode 100644 arch/arm64/kvm/hyp/include/nvhe/fixed_config.h diff --git a/arch/arm64/kvm/hyp/include/nvhe/fixed_config.h b/arch/arm64/kvm/hyp/include/nvhe/fixed_config.h deleted file mode 100644 index 37a6d2434e47..000000000000 --- a/arch/arm64/kvm/hyp/include/nvhe/fixed_config.h +++ /dev/null @@ -1,206 +0,0 @@ -/* SPDX-License-Identifier: GPL-2.0-only */ -/* - * Copyright (C) 2021 Google LLC - * Author: Fuad Tabba - */ - -#ifndef __ARM64_KVM_FIXED_CONFIG_H__ -#define __ARM64_KVM_FIXED_CONFIG_H__ - -#include - -/* - * This file contains definitions for features to be allowed or restricted for - * guest virtual machines, depending on the mode KVM is running in and on the - * type of guest that is running. - * - * Each field in the masks represents the highest supported *unsigned* value for - * the feature, if supported by the system. - * - * If a feature field is not present in either, than it is not supported. - * - * The approach taken for protected VMs is to allow features that are: - * - Needed by common Linux distributions (e.g., floating point) - * - Trivial to support, e.g., supporting the feature does not introduce or - * require tracking of additional state in KVM - * - Cannot be trapped or prevent the guest from using anyway - */ - -/* - * Allow for protected VMs: - * - Floating-point and Advanced SIMD - * - Data Independent Timing - * - Spectre/Meltdown Mitigation - * - * Restrict to the following *unsigned* features for protected VMs: - * - AArch64 guests only (no support for AArch32 guests): - * AArch32 adds complexity in trap handling, emulation, condition codes, - * etc... - * - RAS (v1) - * Supported by KVM - */ -#define PVM_ID_AA64PFR0_ALLOW (\ - ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_FP) | \ - ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_AdvSIMD) | \ - ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_DIT) | \ - ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_CSV2) | \ - ARM64_FEATURE_MASK(ID_AA64PFR0_EL1_CSV3) | \ - SYS_FIELD_PREP_ENUM(ID_AA64PFR0_EL1, EL0, IMP) | \ - SYS_FIELD_PREP_ENUM(ID_AA64PFR0_EL1, EL1, IMP) | \ - SYS_FIELD_PREP_ENUM(ID_AA64PFR0_EL1, EL2, IMP) | \ - SYS_FIELD_PREP_ENUM(ID_AA64PFR0_EL1, EL3, IMP) | \ - SYS_FIELD_PREP_ENUM(ID_AA64PFR0_EL1, RAS, IMP) \ - ) - -/* - * Allow for protected VMs: - * - Branch Target Identification - * - Speculative Store Bypassing - */ -#define PVM_ID_AA64PFR1_ALLOW (\ - ARM64_FEATURE_MASK(ID_AA64PFR1_EL1_BT) | \ - ARM64_FEATURE_MASK(ID_AA64PFR1_EL1_SSBS) \ - ) - -#define PVM_ID_AA64PFR2_ALLOW 0ULL - -/* - * Allow for protected VMs: - * - Mixed-endian - * - Distinction between Secure and Non-secure Memory - * - Mixed-endian at EL0 only - * - Non-context synchronizing exception entry and exit - * - * Restrict to the following *unsigned* features for protected VMs: - * - 40-bit IPA - * - 16-bit ASID - */ -#define PVM_ID_AA64MMFR0_ALLOW (\ - ARM64_FEATURE_MASK(ID_AA64MMFR0_EL1_BIGEND) | \ - ARM64_FEATURE_MASK(ID_AA64MMFR0_EL1_SNSMEM) | \ - ARM64_FEATURE_MASK(ID_AA64MMFR0_EL1_BIGENDEL0) | \ - ARM64_FEATURE_MASK(ID_AA64MMFR0_EL1_EXS) | \ - FIELD_PREP(ARM64_FEATURE_MASK(ID_AA64MMFR0_EL1_PARANGE), ID_AA64MMFR0_EL1_PARANGE_40) | \ - FIELD_PREP(ARM64_FEATURE_MASK(ID_AA64MMFR0_EL1_ASIDBITS), ID_AA64MMFR0_EL1_ASIDBITS_16) \ - ) - -/* - * Allow for protected VMs: - * - Hardware translation table updates to Access flag and Dirty state - * - Number of VMID bits from CPU - * - Hierarchical Permission Disables - * - Privileged Access Never - * - SError interrupt exceptions from speculative reads - * - Enhanced Translation Synchronization - * - Control for cache maintenance permission - */ -#define PVM_ID_AA64MMFR1_ALLOW (\ - ARM64_FEATURE_MASK(ID_AA64MMFR1_EL1_HAFDBS) | \ - ARM64_FEATURE_MASK(ID_AA64MMFR1_EL1_VMIDBits) | \ - ARM64_FEATURE_MASK(ID_AA64MMFR1_EL1_HPDS) | \ - ARM64_FEATURE_MASK(ID_AA64MMFR1_EL1_PAN) | \ - ARM64_FEATURE_MASK(ID_AA64MMFR1_EL1_SpecSEI) | \ - ARM64_FEATURE_MASK(ID_AA64MMFR1_EL1_ETS) | \ - ARM64_FEATURE_MASK(ID_AA64MMFR1_EL1_CMOW) \ - ) - -/* - * Allow for protected VMs: - * - Common not Private translations - * - User Access Override - * - IESB bit in the SCTLR_ELx registers - * - Unaligned single-copy atomicity and atomic functions - * - ESR_ELx.EC value on an exception by read access to feature ID space - * - TTL field in address operations. - * - Break-before-make sequences when changing translation block size - * - E0PDx mechanism - */ -#define PVM_ID_AA64MMFR2_ALLOW (\ - ARM64_FEATURE_MASK(ID_AA64MMFR2_EL1_CnP) | \ - ARM64_FEATURE_MASK(ID_AA64MMFR2_EL1_UAO) | \ - ARM64_FEATURE_MASK(ID_AA64MMFR2_EL1_IESB) | \ - ARM64_FEATURE_MASK(ID_AA64MMFR2_EL1_AT) | \ - ARM64_FEATURE_MASK(ID_AA64MMFR2_EL1_IDS) | \ - ARM64_FEATURE_MASK(ID_AA64MMFR2_EL1_TTL) | \ - ARM64_FEATURE_MASK(ID_AA64MMFR2_EL1_BBM) | \ - ARM64_FEATURE_MASK(ID_AA64MMFR2_EL1_E0PD) \ - ) - -#define PVM_ID_AA64MMFR3_ALLOW (0ULL) - -/* - * No support for Scalable Vectors for protected VMs: - * Requires additional support from KVM, e.g., context-switching and - * trapping at EL2 - */ -#define PVM_ID_AA64ZFR0_ALLOW (0ULL) - -/* - * No support for debug, including breakpoints, and watchpoints for protected - * VMs: - * The Arm architecture mandates support for at least the Armv8 debug - * architecture, which would include at least 2 hardware breakpoints and - * watchpoints. Providing that support to protected guests adds - * considerable state and complexity. Therefore, the reserved value of 0 is - * used for debug-related fields. - */ -#define PVM_ID_AA64DFR0_ALLOW (0ULL) -#define PVM_ID_AA64DFR1_ALLOW (0ULL) - -/* - * No support for implementation defined features. - */ -#define PVM_ID_AA64AFR0_ALLOW (0ULL) -#define PVM_ID_AA64AFR1_ALLOW (0ULL) - -/* - * No restrictions on instructions implemented in AArch64. - */ -#define PVM_ID_AA64ISAR0_ALLOW (\ - ARM64_FEATURE_MASK(ID_AA64ISAR0_EL1_AES) | \ - ARM64_FEATURE_MASK(ID_AA64ISAR0_EL1_SHA1) | \ - ARM64_FEATURE_MASK(ID_AA64ISAR0_EL1_SHA2) | \ - ARM64_FEATURE_MASK(ID_AA64ISAR0_EL1_CRC32) | \ - ARM64_FEATURE_MASK(ID_AA64ISAR0_EL1_ATOMIC) | \ - ARM64_FEATURE_MASK(ID_AA64ISAR0_EL1_RDM) | \ - ARM64_FEATURE_MASK(ID_AA64ISAR0_EL1_SHA3) | \ - ARM64_FEATURE_MASK(ID_AA64ISAR0_EL1_SM3) | \ - ARM64_FEATURE_MASK(ID_AA64ISAR0_EL1_SM4) | \ - ARM64_FEATURE_MASK(ID_AA64ISAR0_EL1_DP) | \ - ARM64_FEATURE_MASK(ID_AA64ISAR0_EL1_FHM) | \ - ARM64_FEATURE_MASK(ID_AA64ISAR0_EL1_TS) | \ - ARM64_FEATURE_MASK(ID_AA64ISAR0_EL1_TLB) | \ - ARM64_FEATURE_MASK(ID_AA64ISAR0_EL1_RNDR) \ - ) - -/* Restrict pointer authentication to the basic version. */ -#define PVM_ID_AA64ISAR1_ALLOW (\ - ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_DPB) | \ - ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_JSCVT) | \ - ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_FCMA) | \ - ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_LRCPC) | \ - ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_GPA) | \ - ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_GPI) | \ - ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_FRINTTS) | \ - ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_SB) | \ - ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_SPECRES) | \ - ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_BF16) | \ - ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_DGH) | \ - ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_I8MM) | \ - FIELD_PREP(ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_APA), ID_AA64ISAR1_EL1_APA_PAuth) | \ - FIELD_PREP(ARM64_FEATURE_MASK(ID_AA64ISAR1_EL1_API), ID_AA64ISAR1_EL1_API_PAuth) \ - ) - -#define PVM_ID_AA64ISAR2_ALLOW (\ - ARM64_FEATURE_MASK(ID_AA64ISAR2_EL1_ATS1A)| \ - ARM64_FEATURE_MASK(ID_AA64ISAR2_EL1_GPA3) | \ - ARM64_FEATURE_MASK(ID_AA64ISAR2_EL1_MOPS) | \ - FIELD_PREP(ARM64_FEATURE_MASK(ID_AA64ISAR2_EL1_APA3), ID_AA64ISAR2_EL1_APA3_PAuth) \ - ) - -bool kvm_handle_pvm_sysreg(struct kvm_vcpu *vcpu, u64 *exit_code); -bool kvm_handle_pvm_restricted(struct kvm_vcpu *vcpu, u64 *exit_code); -void kvm_init_pvm_id_regs(struct kvm_vcpu *vcpu); -int kvm_check_pvm_sysreg_table(void); - -#endif /* __ARM64_KVM_FIXED_CONFIG_H__ */ diff --git a/arch/arm64/kvm/hyp/include/nvhe/pkvm.h b/arch/arm64/kvm/hyp/include/nvhe/pkvm.h index 698bc20ab80b..3888aabd78f3 100644 --- a/arch/arm64/kvm/hyp/include/nvhe/pkvm.h +++ b/arch/arm64/kvm/hyp/include/nvhe/pkvm.h @@ -72,4 +72,9 @@ struct pkvm_hyp_vcpu *pkvm_load_hyp_vcpu(pkvm_handle_t handle, unsigned int vcpu_idx); void pkvm_put_hyp_vcpu(struct pkvm_hyp_vcpu *hyp_vcpu); +bool kvm_handle_pvm_sysreg(struct kvm_vcpu *vcpu, u64 *exit_code); +bool kvm_handle_pvm_restricted(struct kvm_vcpu *vcpu, u64 *exit_code); +void kvm_init_pvm_id_regs(struct kvm_vcpu *vcpu); +int kvm_check_pvm_sysreg_table(void); + #endif /* __ARM64_KVM_NVHE_PKVM_H__ */ diff --git a/arch/arm64/kvm/hyp/nvhe/pkvm.c b/arch/arm64/kvm/hyp/nvhe/pkvm.c index 2aa349fc42b8..add0502f888f 100644 --- a/arch/arm64/kvm/hyp/nvhe/pkvm.c +++ b/arch/arm64/kvm/hyp/nvhe/pkvm.c @@ -9,7 +9,6 @@ #include -#include #include #include #include diff --git a/arch/arm64/kvm/hyp/nvhe/setup.c b/arch/arm64/kvm/hyp/nvhe/setup.c index cbdd18cd3f98..31bd729ea45c 100644 --- a/arch/arm64/kvm/hyp/nvhe/setup.c +++ b/arch/arm64/kvm/hyp/nvhe/setup.c @@ -12,7 +12,6 @@ #include #include -#include #include #include #include diff --git a/arch/arm64/kvm/hyp/nvhe/switch.c b/arch/arm64/kvm/hyp/nvhe/switch.c index cc69106734ca..7786a83d0fa8 100644 --- a/arch/arm64/kvm/hyp/nvhe/switch.c +++ b/arch/arm64/kvm/hyp/nvhe/switch.c @@ -26,7 +26,6 @@ #include #include -#include #include /* Non-VHE specific context */ diff --git a/arch/arm64/kvm/hyp/nvhe/sys_regs.c b/arch/arm64/kvm/hyp/nvhe/sys_regs.c index 289f370d386a..1ddd9ed3cbb3 100644 --- a/arch/arm64/kvm/hyp/nvhe/sys_regs.c +++ b/arch/arm64/kvm/hyp/nvhe/sys_regs.c @@ -11,7 +11,7 @@ #include -#include +#include #include "../../sys_regs.h" From patchwork Mon Dec 16 10:50:51 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Fuad Tabba X-Patchwork-Id: 13909557 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 8FEC9E77180 for ; Mon, 16 Dec 2024 11:04:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Type:Cc:To:From: Subject:Message-ID:References:Mime-Version:In-Reply-To:Date:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=fAuj7C7H2YKoNTM8wr0twIlAbi4Bb5s+3gqw8FPEWIM=; b=y1hA4HZpkHjaKQeaMDqzGwPjSo fXtyaN+fk+XhP6Z1FA11Bsd+X4gE9cj3uyquQcN7IAcrUvLlz0xzfw+5Pf9EHll0O6LmZhEteWPLc zhoYpz9YugkDpK2mbQYx5NZN8psRuAWmmq6/WxWoo2eDZVZpXl+LG+iBPbJKZbJByGO0L2qeYitAr wkh/nyo1br7wpkQMIufBsC+8oYVHe/rPb9xDmLV6AFEolG3RHW0v0TmhkfXpu/n5RGoB59IlFhT/l XiceNDajRr1OW5xkngH7+krwZczSTrKDHiQttQure5Z/vg5/t6mpX8VWQ+qU3oVIqofJj4aiWoDEh 6QNhLnVQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tN8tU-00000009lxm-2Lso; Mon, 16 Dec 2024 11:04:08 +0000 Received: from mail-wm1-x349.google.com ([2a00:1450:4864:20::349]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tN8h8-00000009k0F-3ohC for linux-arm-kernel@lists.infradead.org; Mon, 16 Dec 2024 10:51:23 +0000 Received: by mail-wm1-x349.google.com with SMTP id 5b1f17b1804b1-436289a570eso31098855e9.0 for ; Mon, 16 Dec 2024 02:51:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1734346281; x=1734951081; darn=lists.infradead.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=fAuj7C7H2YKoNTM8wr0twIlAbi4Bb5s+3gqw8FPEWIM=; b=045r+Rm5FqzUxVaNTCVsJW8jkWzZBh99vmfUUwYrHmslIE6pBIuNJNzfpnuewN32Bo 8DIjDKF3qQHfziIPdDI3Ie0EF2oNMEvPXWnp3n6V1QqeIgUbXc41isqiJHXdmVB2LXPh if990pOzTLpbgQ+YOtVcews6XtSOxCWywJPG7IgFzrIUy9Uq/NNaH00R/RMdwXFx8fhL uY/CRGRAM82W15kLRdP8QILooI2BO6Dd4PPQrkHWFIax+wYt1RaJBj5IndEpaMceiIHy xEPntrIJDqUVIByIapCrw3MbxtzfuMMVP8TjT3esJHenRgPNAXIXYoOba8bU/20KNZvt Lu8g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734346281; x=1734951081; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=fAuj7C7H2YKoNTM8wr0twIlAbi4Bb5s+3gqw8FPEWIM=; b=fbH0aG4abR5xJeO2C13tTQEOQb3kl3SmooR/+I4A3D6t+w/ueMRBZsaoc2EFvw1dUr vD/5eFi60faWjxOwScgTWciKSmQCuUdV6wR8mHAZHYiBU1fNBHRRUMJOnPyyvA72ASWR NGkdKkT6KaRIA3XIiqx824NCcovP2KDaIdfj+7oyzuwRBV++VLqbFE3y3QXONpB6JSGb 9zDHdoyR1qEwwKlrFHXs7KL/WkPNJ30Ait/gq+xY/v0kqpQM8iM9oK8HCe+HQXDR/3m+ NB4dddVEOdGxzZk/OXeBd4qr8BR1XRmjT7MKUBppgAkz2lyLbRQewqIsj4qwXtUcZjqy 364A== X-Forwarded-Encrypted: i=1; AJvYcCV2fOdlAE8AJSYw1z1g+Dp84yyBmJzgSQvdMfyld0DXOX03zLrB2i1eGW6SxQMxn74OmmKhBpkxrikBOD5Ql/SM@lists.infradead.org X-Gm-Message-State: AOJu0YwFumOZHtQo8nnlFB0WO5eVoNMo0M2EdSppLrn11iXBrKTZJDZl u1G9GNRxU2Z0VasKp8nmUAkzwQaOJCx3A7i/C3OHA4miUKK1cTFpsNf11jlZpJRURoIf4EE2QA= = X-Google-Smtp-Source: AGHT+IFC5u2mx9tjf2UN64KWU4at4Dw87sQewuG3wxlRUMwtao0CZRTo0ShpInfw9GzncnB31/qHqTErxw== X-Received: from wmbg5.prod.google.com ([2002:a05:600c:a405:b0:434:fddf:5c1a]) (user=tabba job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:450e:b0:434:a852:ba77 with SMTP id 5b1f17b1804b1-4362aa4ffe0mr115535675e9.15.1734346281409; Mon, 16 Dec 2024 02:51:21 -0800 (PST) Date: Mon, 16 Dec 2024 10:50:51 +0000 In-Reply-To: <20241216105057.579031-1-tabba@google.com> Mime-Version: 1.0 References: <20241216105057.579031-1-tabba@google.com> X-Mailer: git-send-email 2.47.1.613.gc27f4b7a9f-goog Message-ID: <20241216105057.579031-12-tabba@google.com> Subject: [PATCH v5 11/17] KVM: arm64: Remove redundant setting of HCR_EL2 trap bit From: Fuad Tabba To: kvmarm@lists.linux.dev, linux-arm-kernel@lists.infradead.org Cc: maz@kernel.org, oliver.upton@linux.dev, james.clark@linaro.org, will@kernel.org, joey.gouly@arm.com, suzuki.poulose@arm.com, yuzenghui@huawei.com, catalin.marinas@arm.com, broonie@kernel.org, qperret@google.com, kristina.martsenko@arm.com, tabba@google.com X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20241216_025122_943801_C69C9EDB X-CRM114-Status: UNSURE ( 9.15 ) X-CRM114-Notice: Please train this message. X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org In hVHE mode, HCR_E2H should be set for both protected and non-protected VMs. Since commit b56680de9c64 ("KVM: arm64: Initialize trap register values in hyp in pKVM"), this has been fixed, and the setting of the flag here is redundant. Signed-off-by: Fuad Tabba --- arch/arm64/kvm/hyp/nvhe/pkvm.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/arch/arm64/kvm/hyp/nvhe/pkvm.c b/arch/arm64/kvm/hyp/nvhe/pkvm.c index add0502f888f..21864d101230 100644 --- a/arch/arm64/kvm/hyp/nvhe/pkvm.c +++ b/arch/arm64/kvm/hyp/nvhe/pkvm.c @@ -57,9 +57,6 @@ static void pvm_init_traps_hcr(struct kvm_vcpu *vcpu) /* No support for AArch32. */ val |= HCR_RW; - if (has_hvhe()) - val |= HCR_E2H; - /* * Always trap: * - Feature id registers: to control features exposed to guests From patchwork Mon Dec 16 10:50:52 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Fuad Tabba X-Patchwork-Id: 13909558 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 0D0B2E7717F for ; Mon, 16 Dec 2024 11:05:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Type:Cc:To:From: Subject:Message-ID:References:Mime-Version:In-Reply-To:Date:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=Cbd/uo+NO1CBjIio6qB3jbFJGmjwtAEiGWP4NC9yzL4=; b=FBwD+BLczMbz0pMG1qpHijm50Y 91fZBQp4BjzNUpwYaWmDU/39XoXOqD49dL7uLKROY2YchSipsF8LpTipTBMlUhcRSQmNxOrmyPhSm 8kSoGPSoz2oFx6NPgZ4rw2BwXawz1tTQ1om4klFhltuYWdL29fHrZIA6KAQ/PSN7N0z4jdKhWe8fz Ftg2LA5w1kEXadmK+6M/9yz2jLjnEBIaS84crfp1ZmPJ0c+agPjMFXb/PUZHld/uJeedGq+PfCJqN /bbll9yQImI/FEhscFGi8RptyTHq1ypT2uqN06AHa+PESO89DzHcKWm7FtRZbvxlFmPY/oYp/QYJN XmFOtgVQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tN8uY-00000009mD7-0qPm; Mon, 16 Dec 2024 11:05:14 +0000 Received: from mail-wm1-x349.google.com ([2a00:1450:4864:20::349]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tN8hB-00000009k0o-18ij for linux-arm-kernel@lists.infradead.org; Mon, 16 Dec 2024 10:51:26 +0000 Received: by mail-wm1-x349.google.com with SMTP id 5b1f17b1804b1-43621907030so36800175e9.1 for ; Mon, 16 Dec 2024 02:51:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1734346283; x=1734951083; darn=lists.infradead.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=Cbd/uo+NO1CBjIio6qB3jbFJGmjwtAEiGWP4NC9yzL4=; b=l8VSO59GybQ08t7uaakTxvzsOt4x+c+TJrce0hSXPc+CF+njvSIlq8BdufOB3gpWB1 rLWkD1gEYx01MCm2jrSL/SqF6QSPpAAUt0QyUA5LpEZB21+1dqG2rdq8kBFxaIAG2NXo T8tpvDB8Z68sYWN1GpotQ/y/2bq5jmhKhiABNmJT1ftgK1UWt/XagTcgthzZKYzHbBsj 4pXX4LmYLTAWisM82cGb2ptJjAbMflzaTJqtlx1bH35c9jkt6xyf8ZmmCP2AfiLpx4Jf RI74gTLN6XPL+qFuphGafYxzOzgo4wddI6qR5J2oBzUJSr00y27sNQtYVrKfLZf+jTKq 7u/g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734346283; x=1734951083; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Cbd/uo+NO1CBjIio6qB3jbFJGmjwtAEiGWP4NC9yzL4=; b=phsMU1Il4Zm0oR6wykD/GWYOE3pVNhMU1sKUVeczMvmXnPXtfFuh4mdjJotKC1p3/d CD8JpH4+v3TaCbq8Zi72GMGDq1BYH1ljYeIsQImBsHlrvRYxjFID3dboeqGUl2yAW5ea 7VIRWf5cQFmQBOaV1r+jEKG8GGKbDQxglWgXKbP6zGNQqxsgUEAQ7+k8yJQ9TnIHPq1m m0j6nWAxpU0mrPNFTqii5I0uSz1K/aOTN+D7HQpg1D41xfBr7HOG1yadP0DaWu00tOs/ exJETZCR52qQlsv2wiCoyjRWJFLx2DA8DlUeNTHTe3X0ptLuQITQk19eAzLf30cP7GI+ cL+g== X-Forwarded-Encrypted: i=1; AJvYcCXTR1Db57hc219EUzJZ+kpavC/ceDCPelVkLyINRkUXOn/+cgVBHiCMqr4v+s6v+4nDxDAQWd4N0OtKPRl73mHh@lists.infradead.org X-Gm-Message-State: AOJu0YwGxZ779/RwN/CTfFSrIRWaMlbyaAkXCbe0U5HoUis3lboHIyM5 dDDXabNmPz2VUg3Bk4WZoXpXzpjUHvms0K+iGefubR7BvnzR9V1XGtzMmqmEXoWdd2TrFE+2qw= = X-Google-Smtp-Source: AGHT+IEJ4se9RFNwrxdb4kqwAHewqStxP3HtVLIzrXCd8vP+LoN3FNPH/SD5mwMnyKMOV43HoFc4YOD9Cg== X-Received: from wmqd1.prod.google.com ([2002:a05:600c:34c1:b0:434:fe2b:fea7]) (user=tabba job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:1da4:b0:434:f753:6012 with SMTP id 5b1f17b1804b1-4362aa509abmr114661285e9.17.1734346283345; Mon, 16 Dec 2024 02:51:23 -0800 (PST) Date: Mon, 16 Dec 2024 10:50:52 +0000 In-Reply-To: <20241216105057.579031-1-tabba@google.com> Mime-Version: 1.0 References: <20241216105057.579031-1-tabba@google.com> X-Mailer: git-send-email 2.47.1.613.gc27f4b7a9f-goog Message-ID: <20241216105057.579031-13-tabba@google.com> Subject: [PATCH v5 12/17] KVM: arm64: Calculate cptr_el2 traps on activating traps From: Fuad Tabba To: kvmarm@lists.linux.dev, linux-arm-kernel@lists.infradead.org Cc: maz@kernel.org, oliver.upton@linux.dev, james.clark@linaro.org, will@kernel.org, joey.gouly@arm.com, suzuki.poulose@arm.com, yuzenghui@huawei.com, catalin.marinas@arm.com, broonie@kernel.org, qperret@google.com, kristina.martsenko@arm.com, tabba@google.com X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20241216_025125_314112_CFB68008 X-CRM114-Status: GOOD ( 16.23 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Similar to VHE, calculate the value of cptr_el2 from scratch on activate traps. This removes the need to store cptr_el2 in every vcpu structure. Moreover, some traps, such as whether the guest owns the fp registers, need to be set on every vcpu run. Reported-by: James Clark Fixes: 5294afdbf45a ("KVM: arm64: Exclude FP ownership from kvm_vcpu_arch") Signed-off-by: Fuad Tabba --- arch/arm64/include/asm/kvm_host.h | 1 - arch/arm64/kvm/arm.c | 1 - arch/arm64/kvm/hyp/nvhe/pkvm.c | 42 ------------------------- arch/arm64/kvm/hyp/nvhe/switch.c | 51 +++++++++++++++++++------------ 4 files changed, 32 insertions(+), 63 deletions(-) diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h index 230b0638f0c2..69cb88c9ce3e 100644 --- a/arch/arm64/include/asm/kvm_host.h +++ b/arch/arm64/include/asm/kvm_host.h @@ -708,7 +708,6 @@ struct kvm_vcpu_arch { u64 hcr_el2; u64 hcrx_el2; u64 mdcr_el2; - u64 cptr_el2; /* Exception Information */ struct kvm_vcpu_fault_info fault; diff --git a/arch/arm64/kvm/arm.c b/arch/arm64/kvm/arm.c index b295218cdc24..8a3d02cf0a7a 100644 --- a/arch/arm64/kvm/arm.c +++ b/arch/arm64/kvm/arm.c @@ -1546,7 +1546,6 @@ static int kvm_arch_vcpu_ioctl_vcpu_init(struct kvm_vcpu *vcpu, } vcpu_reset_hcr(vcpu); - vcpu->arch.cptr_el2 = kvm_get_reset_cptr_el2(vcpu); /* * Handle the "start in power-off" case. diff --git a/arch/arm64/kvm/hyp/nvhe/pkvm.c b/arch/arm64/kvm/hyp/nvhe/pkvm.c index 21864d101230..956385ee4aa2 100644 --- a/arch/arm64/kvm/hyp/nvhe/pkvm.c +++ b/arch/arm64/kvm/hyp/nvhe/pkvm.c @@ -83,44 +83,6 @@ static void pvm_init_traps_hcr(struct kvm_vcpu *vcpu) vcpu->arch.hcr_el2 = val; } -static void pvm_init_traps_cptr(struct kvm_vcpu *vcpu) -{ - struct kvm *kvm = vcpu->kvm; - u64 val = vcpu->arch.cptr_el2; - - if (!has_hvhe()) { - val |= CPTR_NVHE_EL2_RES1; - val &= ~(CPTR_NVHE_EL2_RES0); - } - - if (!kvm_has_feat(kvm, ID_AA64PFR0_EL1, AMU, IMP)) - val |= CPTR_EL2_TAM; - - /* SVE can be disabled by userspace even if supported. */ - if (!vcpu_has_sve(vcpu)) { - if (has_hvhe()) - val &= ~(CPACR_ELx_ZEN); - else - val |= CPTR_EL2_TZ; - } - - /* No SME support in KVM. */ - BUG_ON(kvm_has_feat(kvm, ID_AA64PFR1_EL1, SME, IMP)); - if (has_hvhe()) - val &= ~(CPACR_ELx_SMEN); - else - val |= CPTR_EL2_TSM; - - if (!kvm_has_feat(kvm, ID_AA64DFR0_EL1, TraceVer, IMP)) { - if (has_hvhe()) - val |= CPACR_EL1_TTA; - else - val |= CPTR_EL2_TTA; - } - - vcpu->arch.cptr_el2 = val; -} - static void pvm_init_traps_mdcr(struct kvm_vcpu *vcpu) { struct kvm *kvm = vcpu->kvm; @@ -191,7 +153,6 @@ static int pkvm_vcpu_init_traps(struct pkvm_hyp_vcpu *hyp_vcpu) struct kvm_vcpu *vcpu = &hyp_vcpu->vcpu; int ret; - vcpu->arch.cptr_el2 = kvm_get_reset_cptr_el2(vcpu); vcpu->arch.mdcr_el2 = 0; pkvm_vcpu_reset_hcr(vcpu); @@ -204,7 +165,6 @@ static int pkvm_vcpu_init_traps(struct pkvm_hyp_vcpu *hyp_vcpu) return ret; pvm_init_traps_hcr(vcpu); - pvm_init_traps_cptr(vcpu); pvm_init_traps_mdcr(vcpu); return 0; @@ -644,8 +604,6 @@ int __pkvm_init_vcpu(pkvm_handle_t handle, struct kvm_vcpu *host_vcpu, return ret; } - hyp_vcpu->vcpu.arch.cptr_el2 = kvm_get_reset_cptr_el2(&hyp_vcpu->vcpu); - return 0; } diff --git a/arch/arm64/kvm/hyp/nvhe/switch.c b/arch/arm64/kvm/hyp/nvhe/switch.c index 7786a83d0fa8..0ebf84a9f9e2 100644 --- a/arch/arm64/kvm/hyp/nvhe/switch.c +++ b/arch/arm64/kvm/hyp/nvhe/switch.c @@ -35,33 +35,46 @@ DEFINE_PER_CPU(unsigned long, kvm_hyp_vector); extern void kvm_nvhe_prepare_backtrace(unsigned long fp, unsigned long pc); -static void __activate_traps(struct kvm_vcpu *vcpu) +static void __activate_cptr_traps(struct kvm_vcpu *vcpu) { - u64 val; + u64 val = CPTR_EL2_TAM; /* Same bit irrespective of E2H */ - ___activate_traps(vcpu, vcpu->arch.hcr_el2); - __activate_traps_common(vcpu); + if (has_hvhe()) { + val |= CPACR_ELx_TTA; - val = vcpu->arch.cptr_el2; - val |= CPTR_EL2_TAM; /* Same bit irrespective of E2H */ - val |= has_hvhe() ? CPACR_EL1_TTA : CPTR_EL2_TTA; - if (cpus_have_final_cap(ARM64_SME)) { - if (has_hvhe()) - val &= ~CPACR_ELx_SMEN; - else - val |= CPTR_EL2_TSM; - } + if (guest_owns_fp_regs()) { + val |= CPACR_ELx_FPEN; + if (vcpu_has_sve(vcpu)) + val |= CPACR_ELx_ZEN; + } + } else { + val |= CPTR_EL2_TTA | CPTR_NVHE_EL2_RES1; - if (!guest_owns_fp_regs()) { - if (has_hvhe()) - val &= ~(CPACR_ELx_FPEN | CPACR_ELx_ZEN); - else - val |= CPTR_EL2_TFP | CPTR_EL2_TZ; + /* + * Always trap SME since it's not supported in KVM. + * TSM is RES1 if SME isn't implemented. + */ + val |= CPTR_EL2_TSM; - __activate_traps_fpsimd32(vcpu); + if (!vcpu_has_sve(vcpu) || !guest_owns_fp_regs()) + val |= CPTR_EL2_TZ; + + if (!guest_owns_fp_regs()) + val |= CPTR_EL2_TFP; } + if (!guest_owns_fp_regs()) + __activate_traps_fpsimd32(vcpu); + kvm_write_cptr_el2(val); +} + +static void __activate_traps(struct kvm_vcpu *vcpu) +{ + ___activate_traps(vcpu, vcpu->arch.hcr_el2); + __activate_traps_common(vcpu); + __activate_cptr_traps(vcpu); + write_sysreg(__this_cpu_read(kvm_hyp_vector), vbar_el2); if (cpus_have_final_cap(ARM64_WORKAROUND_SPECULATIVE_AT)) { From patchwork Mon Dec 16 10:50:53 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Fuad Tabba X-Patchwork-Id: 13909559 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id C5559E7717F for ; Mon, 16 Dec 2024 11:06:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Type:Cc:To:From: Subject:Message-ID:References:Mime-Version:In-Reply-To:Date:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=KlRETVSAd+jtsJNx5YFbu0HDOE62z9vkIYE2WXDLJhM=; b=tZiwVLh8PI7w2kyzH8x4Lfu4gj 4IT2AE7od5JtsjAeecUrGuP9zxFqoqUBAxKHlJX2Yodv1bHAODD+wrQroUiHdNNcPmrb6TslW3FVa 9iCtpkkKJF7BuT5yV/w+sQFJ/Fp0XC7hz9tn6Kz+LMmn+9QuQwEwaA+WkgrwMgYh6rPHVCPlBQL25 i7QbmDh/K+AwU0eImuobXq0M1pPcbh8aq0DXFhGbeb5nhOgEE0s2P7lDMOVqYHT6Z3XNncs9vVwmb gKIceP49idScT1FM11M3ThBhW/4OoRRuW5kY/ZjH5FuL40g6+byqqjxWsanyOPTeuOwRE+/9pEwcO qrIo1kSQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tN8vb-00000009mNV-3Sil; Mon, 16 Dec 2024 11:06:19 +0000 Received: from mail-wm1-x349.google.com ([2a00:1450:4864:20::349]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tN8hD-00000009k1a-19w3 for linux-arm-kernel@lists.infradead.org; Mon, 16 Dec 2024 10:51:28 +0000 Received: by mail-wm1-x349.google.com with SMTP id 5b1f17b1804b1-43619b135bcso21318845e9.1 for ; Mon, 16 Dec 2024 02:51:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1734346285; x=1734951085; darn=lists.infradead.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=KlRETVSAd+jtsJNx5YFbu0HDOE62z9vkIYE2WXDLJhM=; b=SV1mhbkbgl6LmZxB1ZIVlaRjYqS4ANGp8c/r0ZNpE0QZY7B2jkHezZKaTkBENjLWIi Ek5CbrWZAp0nwCte16J91639zuil0MdY2Y7bQ5dGyT5pSiYkEeoOhTt+nyxq7Fcb9/xT Ns03bdvA7ddL1YUhQ/Zsn4Ac/N67ocowY++m++eYgHPA8sjG84z0ovhN3nvw6uTfZJIe PVhFpOA/r4CzfPRHYZtDoH+BlGvR2Xl4QxzGxzGOt0WQg3wWwVRGmkbtu8S2FkFmkwOE 1LeDeuC7mgc7PRylQudYS6kLv2+B7Bz5LrhsIy4/SI8pmH6PjVfBBvHorozl44NSRikV 8HSg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734346285; x=1734951085; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=KlRETVSAd+jtsJNx5YFbu0HDOE62z9vkIYE2WXDLJhM=; b=g9dRSztMXgEIZQsR5TKwm3Vau1c3xahcHzk6NrenhslssqY00Tq9T9WTSjCdw899/3 zVAJwVLDjLsi76v7s5TOruJv5SV5Rm9SB5lwDplHC6ja5blUkYpB0J8jY9QZm6OWcvI+ pxGWInkh5hNnIKMRQmim7+jXlcpnhu7LnPeAdJeIlqabLyrAm0/8aJ1AdgM5WxcP2yZc ovlnLyojFCzC5tzJ1/Rh4GscbeyEBGSbCDdi0+GLbPEZjSZOuGk09NtqfWsjJTLK8blH frCiCYIDjCq4yVL5hAkp4hWgA5zO7IV45qFeZHUM9gjz9upCIXajqdVYVTkl5E5RB9nV q7Ww== X-Forwarded-Encrypted: i=1; AJvYcCWbDVKkvCMGCqdaemnBxib5UFvRekhaE34yUssQV7uLk/T34T4F9cC+HLqki4Sn8sL8JKQyMzzYBYLqIqWfjQ7z@lists.infradead.org X-Gm-Message-State: AOJu0YxeCOXJ+9QqL6cw9OVeYodd8ZsIuy45iVr0JhOD5HdRA6zpcuIG As3Lz6nqFDQoO5b7247KO+JacReIf/Z8c8euv8eB6u4ck0bBHyrtopPneh2QALJb+Aj9yjMzLA= = X-Google-Smtp-Source: AGHT+IHaiAnCqJjam/xPbGIlUjPkbW/JNT3nelKe6+T4YUlS/5PjJrIWPgIaRiBdeWjDa4HOa1sa9Fkg8g== X-Received: from wmlf18.prod.google.com ([2002:a7b:c8d2:0:b0:434:9da4:2fa5]) (user=tabba job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:c18:b0:434:a1d3:a30f with SMTP id 5b1f17b1804b1-4362aa1b8c3mr101870875e9.6.1734346285438; Mon, 16 Dec 2024 02:51:25 -0800 (PST) Date: Mon, 16 Dec 2024 10:50:53 +0000 In-Reply-To: <20241216105057.579031-1-tabba@google.com> Mime-Version: 1.0 References: <20241216105057.579031-1-tabba@google.com> X-Mailer: git-send-email 2.47.1.613.gc27f4b7a9f-goog Message-ID: <20241216105057.579031-14-tabba@google.com> Subject: [PATCH v5 13/17] KVM: arm64: Refactor kvm_reset_cptr_el2() From: Fuad Tabba To: kvmarm@lists.linux.dev, linux-arm-kernel@lists.infradead.org Cc: maz@kernel.org, oliver.upton@linux.dev, james.clark@linaro.org, will@kernel.org, joey.gouly@arm.com, suzuki.poulose@arm.com, yuzenghui@huawei.com, catalin.marinas@arm.com, broonie@kernel.org, qperret@google.com, kristina.martsenko@arm.com, tabba@google.com X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20241216_025127_312599_44302979 X-CRM114-Status: GOOD ( 10.60 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Fold kvm_get_reset_cptr_el2() into kvm_reset_cptr_el2(), since it is its only caller. Add a comment to clarify that this function is meant for the host value of cptr_el2. No functional change intended. Signed-off-by: Fuad Tabba --- arch/arm64/include/asm/kvm_emulate.h | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/arch/arm64/include/asm/kvm_emulate.h b/arch/arm64/include/asm/kvm_emulate.h index cf811009a33c..7b3dc52248ce 100644 --- a/arch/arm64/include/asm/kvm_emulate.h +++ b/arch/arm64/include/asm/kvm_emulate.h @@ -619,7 +619,8 @@ static __always_inline void kvm_write_cptr_el2(u64 val) write_sysreg(val, cptr_el2); } -static __always_inline u64 kvm_get_reset_cptr_el2(struct kvm_vcpu *vcpu) +/* Resets the value of cptr_el2 when returning to the host. */ +static __always_inline void kvm_reset_cptr_el2(struct kvm_vcpu *vcpu) { u64 val; @@ -643,13 +644,6 @@ static __always_inline u64 kvm_get_reset_cptr_el2(struct kvm_vcpu *vcpu) val &= ~CPTR_EL2_TSM; } - return val; -} - -static __always_inline void kvm_reset_cptr_el2(struct kvm_vcpu *vcpu) -{ - u64 val = kvm_get_reset_cptr_el2(vcpu); - kvm_write_cptr_el2(val); } From patchwork Mon Dec 16 10:50:54 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Fuad Tabba X-Patchwork-Id: 13909560 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 49DDFE7717F for ; Mon, 16 Dec 2024 11:07:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Type:Cc:To:From: Subject:Message-ID:References:Mime-Version:In-Reply-To:Date:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=FwAl12lINzUU1wjJNYXv+mjPrnLgBSqMlCHa0SUHO+Q=; b=h0WO3MlqBTU7AhPFPGdXKydKsk 0BQ+cJ2/bjtunMsy/VhI12uUHjFvY4lINLl/MujeoGqp7bZvSB4HCtg01InUViVJRATtR+bfAujLl OoCu518ACTNirAXHD+ZewuN+c79g/3nUbbX/EViaHWT1Ovvr3E+BKqDB2vcVrx3le2nglGl23teyW wRtKy9I8JVQAqzu2+xEg/IBmF6LMjqtpTFSMYS4hHYkIHOByi1yJ0sNn99hcXRAWiThFV3XVobADB 7vTrKW4A7rSw25m/snC0Oq9BN6h6a7ADnWGo6qlU/5tWSDAC/C0lrtmiGMOLi9L6C2MINT6SenHbx Ee6F4JEQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tN8wf-00000009mWX-1jra; Mon, 16 Dec 2024 11:07:25 +0000 Received: from mail-wm1-x34a.google.com ([2a00:1450:4864:20::34a]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tN8hF-00000009k23-1V1V for linux-arm-kernel@lists.infradead.org; Mon, 16 Dec 2024 10:51:30 +0000 Received: by mail-wm1-x34a.google.com with SMTP id 5b1f17b1804b1-4361efc9dc6so21742735e9.3 for ; Mon, 16 Dec 2024 02:51:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1734346288; x=1734951088; darn=lists.infradead.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=FwAl12lINzUU1wjJNYXv+mjPrnLgBSqMlCHa0SUHO+Q=; b=nE4nlJGAnES+CBTtbd3F7o9UF81SqwAFsFYGP2f4veY6VuGXTeiu0EX/naZ5BzNU5i JEN72Ni4HNlD+PPPeDO64ZXRv/e8Or113m0VMpdX6g8Q7qtBHdul4/T5waBCVV504vtL stVw4U/3CSwpMp58KLKIlE6gRPzIdSgpxRpDJPgGaRnyPal4PfZOOjTTp1j32LgSOc/u TKUyBQOA504Z0KPuHOVQLd1YL1FyEHrKzngctSlW9MbtOaflVCJeruIXNxiiPjTzjFxN p3/HtTT9M5HRPqXQLXXXUFtCZS0eCcNATtpg90qxiVERtX96gA8TVi4jnYfWEUIs7AI7 PjAw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734346288; x=1734951088; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=FwAl12lINzUU1wjJNYXv+mjPrnLgBSqMlCHa0SUHO+Q=; b=ExQ9wsyhofQ8hwAeerF5ghpkq5zoLlxxm/kidoPdC4IV3w7DRyiagzHk0+8hKcnYPe duYAnNPSUHsyzTQjppnufTw01WsWjlnm60NZ0qFf1w+YXZpFd+47ecwehxyFJ6dOe/vh QIuPWfHQ9BOHGNjBaW5mMCO4uYAEQ0XwilLjOXRCXO21AwhtrCSNbGDhVo9SpJPQsujO GDwiiZ9fUKyFiyWWNVvxJPzpuU8IeO/e1Z5kHRf6YRH7RXEvFxR0JKP1yzHoCwFo+gOH 5LPBTF2vrhla62AlQvicmgvhvp4g8YYnQTMrF+CY5mjSoFm3TJtiZNvwp/MfOZ5PfjvU GU0A== X-Forwarded-Encrypted: i=1; AJvYcCXFJSPrtFHuhnAZmGnVtANQNgS3XE5a/gRv7yJ9XE0KNSZNxmTBbVASC+lkorw+eYea2FIl4WtO4QVOCaslTjfj@lists.infradead.org X-Gm-Message-State: AOJu0Yz8t+Rkb2Fc2FKTitlqWLoDeZ7qEn3nbwrAsqKiM59qbCYz8Lhz s7WoU3P/UbMO7RsxYbSL9HIfBhGoq1OTeh4tktvyft+KohFHaly6Urqts4dd5QMlgCfOQdzLQw= = X-Google-Smtp-Source: AGHT+IHvIhoF+Aau4bm5gA9Mz1g4N0pfL3X1qn7U2qQUMs8ckEf3EvzkKqxsm+/X3rwMvyZosSwYUFQeDg== X-Received: from wmos10.prod.google.com ([2002:a05:600c:45ca:b0:434:fa72:f1bf]) (user=tabba job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:b99:b0:434:9e1d:7626 with SMTP id 5b1f17b1804b1-4362aaa50d7mr99950255e9.25.1734346287862; Mon, 16 Dec 2024 02:51:27 -0800 (PST) Date: Mon, 16 Dec 2024 10:50:54 +0000 In-Reply-To: <20241216105057.579031-1-tabba@google.com> Mime-Version: 1.0 References: <20241216105057.579031-1-tabba@google.com> X-Mailer: git-send-email 2.47.1.613.gc27f4b7a9f-goog Message-ID: <20241216105057.579031-15-tabba@google.com> Subject: [PATCH v5 14/17] KVM: arm64: Fix the value of the CPTR_EL2 RES1 bitmask for nVHE From: Fuad Tabba To: kvmarm@lists.linux.dev, linux-arm-kernel@lists.infradead.org Cc: maz@kernel.org, oliver.upton@linux.dev, james.clark@linaro.org, will@kernel.org, joey.gouly@arm.com, suzuki.poulose@arm.com, yuzenghui@huawei.com, catalin.marinas@arm.com, broonie@kernel.org, qperret@google.com, kristina.martsenko@arm.com, tabba@google.com X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20241216_025129_394454_2835D13B X-CRM114-Status: GOOD ( 12.99 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Since the introduction of SME, bit 12 in CPTR_EL2 (nVHE) is TSM for trapping SME, instead of RES1, as per ARM ARM DDI 0487K.a, section D23.2.34. Fix the value of CPTR_NVHE_EL2_RES1 to reflect that, and adjust the code that relies on it accordingly. Signed-off-by: Fuad Tabba --- arch/arm64/include/asm/kvm_arm.h | 2 +- arch/arm64/include/asm/kvm_emulate.h | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/arm64/include/asm/kvm_arm.h b/arch/arm64/include/asm/kvm_arm.h index 3e0f0de1d2da..24e4ac7c50f2 100644 --- a/arch/arm64/include/asm/kvm_arm.h +++ b/arch/arm64/include/asm/kvm_arm.h @@ -300,7 +300,7 @@ #define CPTR_EL2_TSM (1 << 12) #define CPTR_EL2_TFP (1 << CPTR_EL2_TFP_SHIFT) #define CPTR_EL2_TZ (1 << 8) -#define CPTR_NVHE_EL2_RES1 0x000032ff /* known RES1 bits in CPTR_EL2 (nVHE) */ +#define CPTR_NVHE_EL2_RES1 (BIT(13) | BIT(9) | GENMASK(7, 0)) #define CPTR_NVHE_EL2_RES0 (GENMASK(63, 32) | \ GENMASK(29, 21) | \ GENMASK(19, 14) | \ diff --git a/arch/arm64/include/asm/kvm_emulate.h b/arch/arm64/include/asm/kvm_emulate.h index 7b3dc52248ce..6602a4c091ac 100644 --- a/arch/arm64/include/asm/kvm_emulate.h +++ b/arch/arm64/include/asm/kvm_emulate.h @@ -640,8 +640,8 @@ static __always_inline void kvm_reset_cptr_el2(struct kvm_vcpu *vcpu) if (vcpu_has_sve(vcpu) && guest_owns_fp_regs()) val |= CPTR_EL2_TZ; - if (cpus_have_final_cap(ARM64_SME)) - val &= ~CPTR_EL2_TSM; + if (!cpus_have_final_cap(ARM64_SME)) + val |= CPTR_EL2_TSM; } kvm_write_cptr_el2(val); From patchwork Mon Dec 16 10:50:55 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Fuad Tabba X-Patchwork-Id: 13909561 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id AA6EFE7717F for ; Mon, 16 Dec 2024 11:08:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Type:Cc:To:From: Subject:Message-ID:References:Mime-Version:In-Reply-To:Date:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=K9lkhbZv94nQzAEPru091ExF96XSPssPaswLVu4E+ps=; b=zVsz7s8vNKYLsNnJXNd1p+WaKZ xAO6/PIuPEf2SL441rKveoqVdWZHOPqcLk7KGRsc5imewrW+o80KQCFxC19csc6ZB2n8BVhAquhfT pWKs82fzic6t05K58eEJQcjvztlvXxwNJODe5KklxnxkxZ6GuS5oxPzPcwtuwgal9QHqjtoI1EhzW FWb6zgpfHBqlym+lTdxBmTSoxivJvSfrax4VIXAqaY5czma1FUIqBDiS/jQ16CPHwltsw7V31qEj3 ef/UofusctgQWql2kaImIhgQ3Tr4xF+w1y9jIblnS88OTKQsQSiE47m7vX6VaweVgHAW2vcCqcbld SAB5pnNA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tN8xj-00000009mcp-0kYb; Mon, 16 Dec 2024 11:08:31 +0000 Received: from mail-wm1-x34a.google.com ([2a00:1450:4864:20::34a]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tN8hH-00000009k2N-10cR for linux-arm-kernel@lists.infradead.org; Mon, 16 Dec 2024 10:51:32 +0000 Received: by mail-wm1-x34a.google.com with SMTP id 5b1f17b1804b1-4359206e1e4so36767655e9.2 for ; Mon, 16 Dec 2024 02:51:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1734346289; x=1734951089; darn=lists.infradead.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=K9lkhbZv94nQzAEPru091ExF96XSPssPaswLVu4E+ps=; b=A17PNrlhsRh//dji6pDlNtHOFEbfJiDDL4ZsSXwIptxz9tnL8Y+G2zM0C1qCUx//KH iy9L6NsVM9qJ3r/KFrndeXaTN3UNBVD9fAt5UnSSL9O20TXoh2PWbfwT4Scnq32Y6hn3 Sg0B6KN+ZpGUNTTVKZAyk19CuuRRHs6sVfFrtJxTLDpYYpy+PmouK150Y8bVo4sYQPDs lDeVn1+YyS3dhUAH6K7Aa1ydVAQFzp/PHCIr99Rfgz97RgC2vg7T9sF9VBhTgzGNzP8A 5bj4/MQV611NWOgXvPoUZ+ISSpKb6IC9FQTNyCMm1tV5kskQmBpPFO5WA0HCF0agjTP6 XyBA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734346289; x=1734951089; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=K9lkhbZv94nQzAEPru091ExF96XSPssPaswLVu4E+ps=; b=D4ljx4oSBLAmUPd+sq0k4STl+r8F7LErIbQQ1vZ74QZljZSc1mbb16IoGBuZIb2Rcm oKsaE28fwtSQoXAuL3vINiDPcymWjyw1M/QlThMFTRCu4NpBiqqADL6CJ9GPZyd+00En kyvV6JoEkkh3wofq6PIhlFbxWsSQ1IPzUQZbM2z8s4jy+kD6RQdtVgg5hipRwOZo8B+k DbCczps9rA8TTKXD+7fHL0K+hwSnT0PD1AzHgovPw+TYkP8EA8VL1gf2D0lBRk6jVQn9 gXasurahXkOgOLCk1E46yPyP0qylwSBEeTy3BvWJLclAfS3Rz22G6ylNDRPiYej90ZZn s+lg== X-Forwarded-Encrypted: i=1; AJvYcCVYD8WubodyZ/wP+7cWau9sCNBMbPHO9uqGzSKqVTDsN+DpideAr+pfVG0WVmIU5TqHbUQ8BMItkOmQT1qBi/AL@lists.infradead.org X-Gm-Message-State: AOJu0YyUqYiLf8ZKLXJoIweH+cKdyDIdWVEPKiDKjW/8R9VcBTnXnRkN yJ7PqfGkCFelb/1iodcBVybimpTXt1GL7i5eYWYJLZjTD+8vdZ1POzUHDSxCpox745xV444tPg= = X-Google-Smtp-Source: AGHT+IESyDEBagJjrpkm2+JYqdqxE5fOYGYPEc2dByMrXgiPzaaS7F/bOwkNg3P5spfnL0ck9YqBisGzEw== X-Received: from wmna1.prod.google.com ([2002:a05:600c:681:b0:434:a2a5:1fb5]) (user=tabba job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:524c:b0:436:2238:97f6 with SMTP id 5b1f17b1804b1-4362aa1af5emr93349025e9.1.1734346289797; Mon, 16 Dec 2024 02:51:29 -0800 (PST) Date: Mon, 16 Dec 2024 10:50:55 +0000 In-Reply-To: <20241216105057.579031-1-tabba@google.com> Mime-Version: 1.0 References: <20241216105057.579031-1-tabba@google.com> X-Mailer: git-send-email 2.47.1.613.gc27f4b7a9f-goog Message-ID: <20241216105057.579031-16-tabba@google.com> Subject: [PATCH v5 15/17] KVM: arm64: Remove PtrAuth guest vcpu flag From: Fuad Tabba To: kvmarm@lists.linux.dev, linux-arm-kernel@lists.infradead.org Cc: maz@kernel.org, oliver.upton@linux.dev, james.clark@linaro.org, will@kernel.org, joey.gouly@arm.com, suzuki.poulose@arm.com, yuzenghui@huawei.com, catalin.marinas@arm.com, broonie@kernel.org, qperret@google.com, kristina.martsenko@arm.com, tabba@google.com X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20241216_025131_276761_DC3627DA X-CRM114-Status: GOOD ( 13.30 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org The vcpu flag GUEST_HAS_PTRAUTH is always associated with the vcpu PtrAuth features, which are defined per vm rather than per vcpu. Remove the flag, and replace it with checks for the features instead. Signed-off-by: Fuad Tabba --- arch/arm64/include/asm/kvm_emulate.h | 5 ----- arch/arm64/include/asm/kvm_host.h | 7 +++---- arch/arm64/kvm/hyp/nvhe/pkvm.c | 13 ------------- arch/arm64/kvm/reset.c | 4 ---- 4 files changed, 3 insertions(+), 26 deletions(-) diff --git a/arch/arm64/include/asm/kvm_emulate.h b/arch/arm64/include/asm/kvm_emulate.h index 6602a4c091ac..406e99a452bf 100644 --- a/arch/arm64/include/asm/kvm_emulate.h +++ b/arch/arm64/include/asm/kvm_emulate.h @@ -691,9 +691,4 @@ static inline bool guest_hyp_sve_traps_enabled(const struct kvm_vcpu *vcpu) { return __guest_hyp_cptr_xen_trap_enabled(vcpu, ZEN); } - -static inline void kvm_vcpu_enable_ptrauth(struct kvm_vcpu *vcpu) -{ - vcpu_set_flag(vcpu, GUEST_HAS_PTRAUTH); -} #endif /* __ARM64_KVM_EMULATE_H__ */ diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h index 69cb88c9ce3e..e6be8fe6627a 100644 --- a/arch/arm64/include/asm/kvm_host.h +++ b/arch/arm64/include/asm/kvm_host.h @@ -866,10 +866,8 @@ struct kvm_vcpu_arch { #define GUEST_HAS_SVE __vcpu_single_flag(cflags, BIT(0)) /* SVE config completed */ #define VCPU_SVE_FINALIZED __vcpu_single_flag(cflags, BIT(1)) -/* PTRAUTH exposed to guest */ -#define GUEST_HAS_PTRAUTH __vcpu_single_flag(cflags, BIT(2)) /* KVM_ARM_VCPU_INIT completed */ -#define VCPU_INITIALIZED __vcpu_single_flag(cflags, BIT(3)) +#define VCPU_INITIALIZED __vcpu_single_flag(cflags, BIT(2)) /* Exception pending */ #define PENDING_EXCEPTION __vcpu_single_flag(iflags, BIT(0)) @@ -965,7 +963,8 @@ struct kvm_vcpu_arch { #define vcpu_has_ptrauth(vcpu) \ ((cpus_have_final_cap(ARM64_HAS_ADDRESS_AUTH) || \ cpus_have_final_cap(ARM64_HAS_GENERIC_AUTH)) && \ - vcpu_get_flag(vcpu, GUEST_HAS_PTRAUTH)) + (vcpu_has_feature(vcpu, KVM_ARM_VCPU_PTRAUTH_ADDRESS) || \ + vcpu_has_feature(vcpu, KVM_ARM_VCPU_PTRAUTH_GENERIC))) #else #define vcpu_has_ptrauth(vcpu) false #endif diff --git a/arch/arm64/kvm/hyp/nvhe/pkvm.c b/arch/arm64/kvm/hyp/nvhe/pkvm.c index 956385ee4aa2..b399d69b4b67 100644 --- a/arch/arm64/kvm/hyp/nvhe/pkvm.c +++ b/arch/arm64/kvm/hyp/nvhe/pkvm.c @@ -278,18 +278,6 @@ static void pkvm_init_features_from_host(struct pkvm_hyp_vm *hyp_vm, const struc allowed_features, KVM_VCPU_MAX_FEATURES); } -static void pkvm_vcpu_init_ptrauth(struct pkvm_hyp_vcpu *hyp_vcpu) -{ - struct kvm_vcpu *vcpu = &hyp_vcpu->vcpu; - - if (vcpu_has_feature(vcpu, KVM_ARM_VCPU_PTRAUTH_ADDRESS) || - vcpu_has_feature(vcpu, KVM_ARM_VCPU_PTRAUTH_GENERIC)) { - kvm_vcpu_enable_ptrauth(vcpu); - } else { - vcpu_clear_flag(&hyp_vcpu->vcpu, GUEST_HAS_PTRAUTH); - } -} - static void unpin_host_vcpu(struct kvm_vcpu *host_vcpu) { if (host_vcpu) @@ -359,7 +347,6 @@ static int init_pkvm_hyp_vcpu(struct pkvm_hyp_vcpu *hyp_vcpu, goto done; pkvm_vcpu_init_sve(hyp_vcpu, host_vcpu); - pkvm_vcpu_init_ptrauth(hyp_vcpu); done: if (ret) unpin_host_vcpu(host_vcpu); diff --git a/arch/arm64/kvm/reset.c b/arch/arm64/kvm/reset.c index 470524b31951..1cfab6a5d8a5 100644 --- a/arch/arm64/kvm/reset.c +++ b/arch/arm64/kvm/reset.c @@ -211,10 +211,6 @@ void kvm_reset_vcpu(struct kvm_vcpu *vcpu) kvm_vcpu_reset_sve(vcpu); } - if (vcpu_has_feature(vcpu, KVM_ARM_VCPU_PTRAUTH_ADDRESS) || - vcpu_has_feature(vcpu, KVM_ARM_VCPU_PTRAUTH_GENERIC)) - kvm_vcpu_enable_ptrauth(vcpu); - if (vcpu_el1_is_32bit(vcpu)) pstate = VCPU_RESET_PSTATE_SVC; else if (vcpu_has_nv(vcpu)) From patchwork Mon Dec 16 10:50:56 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Fuad Tabba X-Patchwork-Id: 13909562 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 56D38E7717F for ; Mon, 16 Dec 2024 11:09:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Type:Cc:To:From: Subject:Message-ID:References:Mime-Version:In-Reply-To:Date:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=GWRlIiI31BxmGPjckPOwy0oDiGPfB3G4L1dgRWKrBVw=; b=neihVdMf3wLxlihK/tNWjxzA8x ZcI0TYohygfYyuF7ZJ5F0A4MaZnxmNE2Gj2h7j27oEVx8tk2EeHKtZARjxmk1mREP5TgBoM1Etdfi vg+A+W83spJF+6jWOYahq0Qfyi0iqNfs1ccDxQQ9IcUloNSxMVSv1h49nUF4nVtrYENmsasSu2SHH V/sjVCemjwwlkQf4sIaf9BQsNPe0I3kT4myWTMiV9On9tZlVk25QMqEqQj4RoPfgFoTMtd4ktRS0e RKipur8Z35KgCbr3WkWEPL/XGP7KSlYI7Hx6MakqEH1MZL5tIdUYIJ/ckjtDdoyeyvTACd8dpQBXt wQpJp2Ag==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tN8ym-00000009miP-3DjL; Mon, 16 Dec 2024 11:09:36 +0000 Received: from mail-wr1-x44a.google.com ([2a00:1450:4864:20::44a]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tN8hJ-00000009k2i-2Xgp for linux-arm-kernel@lists.infradead.org; Mon, 16 Dec 2024 10:51:34 +0000 Received: by mail-wr1-x44a.google.com with SMTP id ffacd0b85a97d-385e9c698e7so2009041f8f.0 for ; Mon, 16 Dec 2024 02:51:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1734346291; x=1734951091; darn=lists.infradead.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=GWRlIiI31BxmGPjckPOwy0oDiGPfB3G4L1dgRWKrBVw=; b=wopC6RBypaQXoiqO+gvnECtSpmi+21T3zYOlH8q2L8ARA/8J2Il+9jclgSNJTZxaHb Qc80VWucp4kHnL4rai/Qhjd7xkXxhLBgscB5bNJjLj2Uw0eeLkb2S5fGz0XfPHCaEIpJ FA0Gk92lpNxYF+oY42ICvt0LEUob15UqGAt1yybdfJBFYLDoyXGG/g55Wsrkqg1oFRi+ ph/omtMSEAwHm6dV5LZe52TcrGgENLmDL333Ef/UHUEqvnD0JxIL9esZipvWptH8xDo+ rfR5xZcljaeVCH3sfjXddNYjqCS9yTrFhE1gwBMkv2j57+7nPQ3Md8icr9D3P06ESxt5 2N6g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734346291; x=1734951091; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=GWRlIiI31BxmGPjckPOwy0oDiGPfB3G4L1dgRWKrBVw=; b=AyfAMi3acXNajBwMrUmfx8Oa32/PRmvocPyrn5/DZlfbC4UQoSmrjK72Kvte0dEtS3 KsrifCqI7z2dAISivgZouCHTDsE5UJ5CPG0K7F8nwNZLZBLrqIVpfHOpmcTlkdOnqNXr BasUEnBWCynGf564RjbmlPahcyKcHb+zCJ8d2WPWEj3hKBisqf/sAvcIH73m6i4SVrGq s5NKiMN9GqDYQpINTuEOwcxcEpihop8NvYON50mlmv2ekVoimzjCJIuiKah+8Al3W6HF dmIWn1gAgW5f/YiV2Hz0j4V19eTwvMDpAIB/EmpiU/elB5nTBQqiGBfEFmeDHLoxC3T6 V1Vg== X-Forwarded-Encrypted: i=1; AJvYcCUVnSA5nSUiQG1lKvk5N6pitpn0laSyNzXaBI5Ec6cDG9owEqekD1SKqQOaLKQ0QOqLC4W1co6VSrfm79sX/0uu@lists.infradead.org X-Gm-Message-State: AOJu0YzKhdIl8agyTrkLBGzNtBvLOo7DKIbh1cHGJVosYp2rut8P8UBP 7eftNkHrsrwfZ756Baez8cEdQsHNONlodVIkm4wYWuZtCHhTyNK/koId9zHKQQMXhFekJkb6Xg= = X-Google-Smtp-Source: AGHT+IEuNL+lWG9lMFyK20DSLRl1dnkflzDK3gJDdXF5BmkvWUPWorOkbhhkOY3ezU3DDXl2n09tnPFLlg== X-Received: from wmqf13.prod.google.com ([2002:a05:600c:4e8d:b0:434:f21d:7e31]) (user=tabba job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6000:2cf:b0:386:4332:cc99 with SMTP id ffacd0b85a97d-387888069d8mr13864516f8f.17.1734346291723; Mon, 16 Dec 2024 02:51:31 -0800 (PST) Date: Mon, 16 Dec 2024 10:50:56 +0000 In-Reply-To: <20241216105057.579031-1-tabba@google.com> Mime-Version: 1.0 References: <20241216105057.579031-1-tabba@google.com> X-Mailer: git-send-email 2.47.1.613.gc27f4b7a9f-goog Message-ID: <20241216105057.579031-17-tabba@google.com> Subject: [PATCH v5 16/17] KVM: arm64: Convert the SVE guest vcpu flag to a vm flag From: Fuad Tabba To: kvmarm@lists.linux.dev, linux-arm-kernel@lists.infradead.org Cc: maz@kernel.org, oliver.upton@linux.dev, james.clark@linaro.org, will@kernel.org, joey.gouly@arm.com, suzuki.poulose@arm.com, yuzenghui@huawei.com, catalin.marinas@arm.com, broonie@kernel.org, qperret@google.com, kristina.martsenko@arm.com, tabba@google.com X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20241216_025133_641620_45A19E0B X-CRM114-Status: GOOD ( 17.78 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org The vcpu flag GUEST_HAS_SVE is per-vcpu, but it is based on what is now a per-vm feature. Make the flag per-vm. Signed-off-by: Fuad Tabba --- arch/arm64/include/asm/kvm_emulate.h | 12 +++++++++--- arch/arm64/include/asm/kvm_host.h | 18 ++++++++++++------ arch/arm64/kvm/hyp/nvhe/pkvm.c | 11 +++++++---- arch/arm64/kvm/reset.c | 2 +- 4 files changed, 29 insertions(+), 14 deletions(-) diff --git a/arch/arm64/include/asm/kvm_emulate.h b/arch/arm64/include/asm/kvm_emulate.h index 406e99a452bf..2d91fb88298a 100644 --- a/arch/arm64/include/asm/kvm_emulate.h +++ b/arch/arm64/include/asm/kvm_emulate.h @@ -620,7 +620,7 @@ static __always_inline void kvm_write_cptr_el2(u64 val) } /* Resets the value of cptr_el2 when returning to the host. */ -static __always_inline void kvm_reset_cptr_el2(struct kvm_vcpu *vcpu) +static __always_inline void __kvm_reset_cptr_el2(struct kvm *kvm) { u64 val; @@ -631,14 +631,14 @@ static __always_inline void kvm_reset_cptr_el2(struct kvm_vcpu *vcpu) } else if (has_hvhe()) { val = CPACR_ELx_FPEN; - if (!vcpu_has_sve(vcpu) || !guest_owns_fp_regs()) + if (!kvm_has_sve(kvm) || !guest_owns_fp_regs()) val |= CPACR_ELx_ZEN; if (cpus_have_final_cap(ARM64_SME)) val |= CPACR_ELx_SMEN; } else { val = CPTR_NVHE_EL2_RES1; - if (vcpu_has_sve(vcpu) && guest_owns_fp_regs()) + if (kvm_has_sve(kvm) && guest_owns_fp_regs()) val |= CPTR_EL2_TZ; if (!cpus_have_final_cap(ARM64_SME)) val |= CPTR_EL2_TSM; @@ -647,6 +647,12 @@ static __always_inline void kvm_reset_cptr_el2(struct kvm_vcpu *vcpu) kvm_write_cptr_el2(val); } +#ifdef __KVM_NVHE_HYPERVISOR__ +#define kvm_reset_cptr_el2(v) __kvm_reset_cptr_el2(kern_hyp_va((v)->kvm)) +#else +#define kvm_reset_cptr_el2(v) __kvm_reset_cptr_el2((v)->kvm) +#endif + /* * Returns a 'sanitised' view of CPTR_EL2, translating from nVHE to the VHE * format if E2H isn't set. diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h index e6be8fe6627a..c834b6768247 100644 --- a/arch/arm64/include/asm/kvm_host.h +++ b/arch/arm64/include/asm/kvm_host.h @@ -331,6 +331,8 @@ struct kvm_arch { #define KVM_ARCH_FLAG_ID_REGS_INITIALIZED 7 /* Fine-Grained UNDEF initialised */ #define KVM_ARCH_FLAG_FGU_INITIALIZED 8 + /* SVE exposed to guest */ +#define KVM_ARCH_FLAG_GUEST_HAS_SVE 9 unsigned long flags; /* VM-wide vCPU feature set */ @@ -862,12 +864,10 @@ struct kvm_vcpu_arch { #define vcpu_set_flag(v, ...) __vcpu_set_flag((v), __VA_ARGS__) #define vcpu_clear_flag(v, ...) __vcpu_clear_flag((v), __VA_ARGS__) -/* SVE exposed to guest */ -#define GUEST_HAS_SVE __vcpu_single_flag(cflags, BIT(0)) +/* KVM_ARM_VCPU_INIT completed */ +#define VCPU_INITIALIZED __vcpu_single_flag(cflags, BIT(0)) /* SVE config completed */ #define VCPU_SVE_FINALIZED __vcpu_single_flag(cflags, BIT(1)) -/* KVM_ARM_VCPU_INIT completed */ -#define VCPU_INITIALIZED __vcpu_single_flag(cflags, BIT(2)) /* Exception pending */ #define PENDING_EXCEPTION __vcpu_single_flag(iflags, BIT(0)) @@ -956,8 +956,14 @@ struct kvm_vcpu_arch { KVM_GUESTDBG_USE_HW | \ KVM_GUESTDBG_SINGLESTEP) -#define vcpu_has_sve(vcpu) (system_supports_sve() && \ - vcpu_get_flag(vcpu, GUEST_HAS_SVE)) +#define kvm_has_sve(kvm) (system_supports_sve() && \ + test_bit(KVM_ARCH_FLAG_GUEST_HAS_SVE, &(kvm)->arch.flags)) + +#ifdef __KVM_NVHE_HYPERVISOR__ +#define vcpu_has_sve(vcpu) kvm_has_sve(kern_hyp_va((vcpu)->kvm)) +#else +#define vcpu_has_sve(vcpu) kvm_has_sve((vcpu)->kvm) +#endif #ifdef CONFIG_ARM64_PTR_AUTH #define vcpu_has_ptrauth(vcpu) \ diff --git a/arch/arm64/kvm/hyp/nvhe/pkvm.c b/arch/arm64/kvm/hyp/nvhe/pkvm.c index b399d69b4b67..446a9114b0d3 100644 --- a/arch/arm64/kvm/hyp/nvhe/pkvm.c +++ b/arch/arm64/kvm/hyp/nvhe/pkvm.c @@ -248,10 +248,13 @@ void pkvm_put_hyp_vcpu(struct pkvm_hyp_vcpu *hyp_vcpu) static void pkvm_init_features_from_host(struct pkvm_hyp_vm *hyp_vm, const struct kvm *host_kvm) { struct kvm *kvm = &hyp_vm->kvm; + unsigned long host_arch_flags = READ_ONCE(host_kvm->arch.flags); DECLARE_BITMAP(allowed_features, KVM_VCPU_MAX_FEATURES); /* No restrictions for non-protected VMs. */ if (!kvm_vm_is_protected(kvm)) { + hyp_vm->kvm.arch.flags = host_arch_flags; + bitmap_copy(kvm->arch.vcpu_features, host_kvm->arch.vcpu_features, KVM_VCPU_MAX_FEATURES); @@ -271,8 +274,10 @@ static void pkvm_init_features_from_host(struct pkvm_hyp_vm *hyp_vm, const struc if (kvm_pvm_ext_allowed(KVM_CAP_ARM_PTRAUTH_GENERIC)) set_bit(KVM_ARM_VCPU_PTRAUTH_GENERIC, allowed_features); - if (kvm_pvm_ext_allowed(KVM_CAP_ARM_SVE)) + if (kvm_pvm_ext_allowed(KVM_CAP_ARM_SVE)) { set_bit(KVM_ARM_VCPU_SVE, allowed_features); + kvm->arch.flags |= host_arch_flags & BIT(KVM_ARCH_FLAG_GUEST_HAS_SVE); + } bitmap_and(kvm->arch.vcpu_features, host_kvm->arch.vcpu_features, allowed_features, KVM_VCPU_MAX_FEATURES); @@ -308,10 +313,8 @@ static void pkvm_vcpu_init_sve(struct pkvm_hyp_vcpu *hyp_vcpu, struct kvm_vcpu * { struct kvm_vcpu *vcpu = &hyp_vcpu->vcpu; - if (!vcpu_has_feature(vcpu, KVM_ARM_VCPU_SVE)) { - vcpu_clear_flag(vcpu, GUEST_HAS_SVE); + if (!vcpu_has_feature(vcpu, KVM_ARM_VCPU_SVE)) vcpu_clear_flag(vcpu, VCPU_SVE_FINALIZED); - } } static int init_pkvm_hyp_vcpu(struct pkvm_hyp_vcpu *hyp_vcpu, diff --git a/arch/arm64/kvm/reset.c b/arch/arm64/kvm/reset.c index 1cfab6a5d8a5..803e11b0dc8f 100644 --- a/arch/arm64/kvm/reset.c +++ b/arch/arm64/kvm/reset.c @@ -85,7 +85,7 @@ static void kvm_vcpu_enable_sve(struct kvm_vcpu *vcpu) * KVM_REG_ARM64_SVE_VLS. Allocation is deferred until * kvm_arm_vcpu_finalize(), which freezes the configuration. */ - vcpu_set_flag(vcpu, GUEST_HAS_SVE); + set_bit(KVM_ARCH_FLAG_GUEST_HAS_SVE, &vcpu->kvm->arch.flags); } /* From patchwork Mon Dec 16 10:50:57 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Fuad Tabba X-Patchwork-Id: 13909563 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id BA752E7717F for ; Mon, 16 Dec 2024 11:10:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Type:Cc:To:From: Subject:Message-ID:References:Mime-Version:In-Reply-To:Date:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=Vkc2lJTmOE5SwiXWL8j1pu4J4OtvYGFDXBGNRHI6lfg=; b=LYNSoA02EEttr6Yfb/SvKvqxyb g4zfzaAQQirFc85OGllLJzdmwMJdez0lqlh0y1Doe3Jfz4KfjroPlH7Pl+9WH4WRjjBw4hwc0zO8N vdLbyXDizL2uzg8+kMkN1uRkJMUoInawDelzQr4hgwQSLX3Hml9Gq77qIUOwQg2g6zw7eWStwneUX FXysXVAIRhu/3bdyfivIy/Wia/I1RmF4xGSokwd5ajS7gdK6g70x1JTb2OydRUbC5ASKx6ywN6UPi y5CBjTELUnebKmIaExU00Jeeq6D9/AGm4IAPtU5tzkQPmNLrZAmcMmxS9keypGdZy2YAjNxhwlSQe o6E/XuVg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tN8zq-00000009mvQ-1hVv; Mon, 16 Dec 2024 11:10:42 +0000 Received: from mail-wm1-x34a.google.com ([2a00:1450:4864:20::34a]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tN8hN-00000009k38-2mpH for linux-arm-kernel@lists.infradead.org; Mon, 16 Dec 2024 10:51:38 +0000 Received: by mail-wm1-x34a.google.com with SMTP id 5b1f17b1804b1-436219070b4so21337965e9.1 for ; Mon, 16 Dec 2024 02:51:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1734346293; x=1734951093; darn=lists.infradead.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=Vkc2lJTmOE5SwiXWL8j1pu4J4OtvYGFDXBGNRHI6lfg=; b=qwXFtT0wXfugcBNWXgRPHRcalgZtxKLZqVULirbm3HkTaNMXzB0r0wtoUicj3ZUtgB ripJh4zxO8p6X222c0EG3/A2914hKnZHs399UOnGdhMeol2ZIlnnh72bN082znT5d13r RQksltFmttHz4FOpKwlsZeNLzv+bn81xpR/ntJjt5mOlc/XoqATLdh6gdutcEEm4Vzwk w05VGQdU0EGZKQXwJiP2m9Da9FKKOIt3Z7Wx500X8bBTFKXC64DkIN66RcOxKztccVvA 7dEAbu9Z4ZgoDKCuy1+qBUAF++ZchcDQTblX0BlG7M7cgwnoy1RaTTAJKEkuxISDiY/n vCUg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734346293; x=1734951093; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Vkc2lJTmOE5SwiXWL8j1pu4J4OtvYGFDXBGNRHI6lfg=; b=wjpQ/mkJi2hoQzK3cCJ5JRYEmRcxDFE+SNSrRAc8+BYfIpeYVXMX059ErDHSHOpvAz rnboTL0FdorQGaxYrZHGZYCbcjZTvD7gJSUA67N5j7qGlsy1vbHhk+iZHiRQRPCAE/Zd e6RqKHRCBjqnZCKAbVHQgJ97xIWQawEM2NMj9NURAv9yHYCcgX6e+js556EtldiQJ/BN MDI3HcTxaFPrYD5RI4QzU+ny3R+2J3AwOj2fCMXK/VHRIeN3PrqWtGR6Is6Yzs/zTaOm mUFq/92tku5/Lm48RIbIdtWa0Iyd2B1jzBYqF9X0XqhaP+z3ye6dFK4vjQAGpXhLpB6v 42LQ== X-Forwarded-Encrypted: i=1; AJvYcCVNMDOCG6VebKZLfGziKHzRGFG+t7yaQnYFaHDCn5upfnSItwWVF53XcDKxpX/i6Ae5hcQtWFaXUstddxR00ICh@lists.infradead.org X-Gm-Message-State: AOJu0YzuZmRgz3A/WbRV9KVj/Rm9DHts/uqRwbK6x5tPzVvghF0Dv1hG 7Ws5AQaRfw328PUitHPkbx4k1iwCTj6Rh4bd3LsU8AdYeF4e/kuceOSmP2bvMsUTvsDdsKiU3Q= = X-Google-Smtp-Source: AGHT+IE6dzPeC92Qjqfbxx0NlZAcvO57FuNuJtWGIFlLNf+nKTtzoaYF9JxHvI4ZxzEANAaeGwhjrxt5iQ== X-Received: from wmsd5.prod.google.com ([2002:a05:600c:3ac5:b0:431:1903:8a3e]) (user=tabba job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:871b:b0:434:f0df:a14 with SMTP id 5b1f17b1804b1-4362aa147f8mr118538075e9.2.1734346293709; Mon, 16 Dec 2024 02:51:33 -0800 (PST) Date: Mon, 16 Dec 2024 10:50:57 +0000 In-Reply-To: <20241216105057.579031-1-tabba@google.com> Mime-Version: 1.0 References: <20241216105057.579031-1-tabba@google.com> X-Mailer: git-send-email 2.47.1.613.gc27f4b7a9f-goog Message-ID: <20241216105057.579031-18-tabba@google.com> Subject: [PATCH v5 17/17] KVM: arm64: Use kvm_vcpu_has_feature() directly for struct kvm From: Fuad Tabba To: kvmarm@lists.linux.dev, linux-arm-kernel@lists.infradead.org Cc: maz@kernel.org, oliver.upton@linux.dev, james.clark@linaro.org, will@kernel.org, joey.gouly@arm.com, suzuki.poulose@arm.com, yuzenghui@huawei.com, catalin.marinas@arm.com, broonie@kernel.org, qperret@google.com, kristina.martsenko@arm.com, tabba@google.com X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20241216_025137_699726_96CC06C7 X-CRM114-Status: GOOD ( 10.33 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Now that we have introduced kvm_vcpu_has_feature(), use it in the remaining code that checks for features in struct kvm, instead of using the __vcpu_has_feature() helper. No functional change intended. Suggested-by: Quentin Perret Signed-off-by: Fuad Tabba --- arch/arm64/kvm/nested.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/arch/arm64/kvm/nested.c b/arch/arm64/kvm/nested.c index aeaa6017ffd8..92e746040de4 100644 --- a/arch/arm64/kvm/nested.c +++ b/arch/arm64/kvm/nested.c @@ -1021,8 +1021,8 @@ int kvm_init_nv_sysregs(struct kvm *kvm) res0 |= HCR_NV2; if (!kvm_has_feat(kvm, ID_AA64MMFR2_EL1, NV, IMP)) res0 |= (HCR_AT | HCR_NV1 | HCR_NV); - if (!(__vcpu_has_feature(&kvm->arch, KVM_ARM_VCPU_PTRAUTH_ADDRESS) && - __vcpu_has_feature(&kvm->arch, KVM_ARM_VCPU_PTRAUTH_GENERIC))) + if (!(kvm_vcpu_has_feature(kvm, KVM_ARM_VCPU_PTRAUTH_ADDRESS) && + kvm_vcpu_has_feature(kvm, KVM_ARM_VCPU_PTRAUTH_GENERIC))) res0 |= (HCR_API | HCR_APK); if (!kvm_has_feat(kvm, ID_AA64ISAR0_EL1, TME, IMP)) res0 |= BIT(39); @@ -1078,8 +1078,8 @@ int kvm_init_nv_sysregs(struct kvm *kvm) /* HFG[RW]TR_EL2 */ res0 = res1 = 0; - if (!(__vcpu_has_feature(&kvm->arch, KVM_ARM_VCPU_PTRAUTH_ADDRESS) && - __vcpu_has_feature(&kvm->arch, KVM_ARM_VCPU_PTRAUTH_GENERIC))) + if (!(kvm_vcpu_has_feature(kvm, KVM_ARM_VCPU_PTRAUTH_ADDRESS) && + kvm_vcpu_has_feature(kvm, KVM_ARM_VCPU_PTRAUTH_GENERIC))) res0 |= (HFGxTR_EL2_APDAKey | HFGxTR_EL2_APDBKey | HFGxTR_EL2_APGAKey | HFGxTR_EL2_APIAKey | HFGxTR_EL2_APIBKey);