From patchwork Thu Feb 20 13:48:54 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marc Zyngier X-Patchwork-Id: 13983988 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4746C1E5B9D; Thu, 20 Feb 2025 13:49:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740059354; cv=none; b=CFCiq/ZiogZ2ZIRQ3kspbSab4XlwfEi5rxCBFJKMim5x+VVs4PPeY4UYWerDurVx/IqSrD/qPbRT8RocXkbP5U1lXChEG/IPVyBRykwGutQZrEMFIVfRcYFl4HRlGfMQyJxLAy6kyea3Rhs0RclQcs/VhKG0cI/I9j6hOHFULq8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740059354; c=relaxed/simple; bh=3qNcw3CYfOVceSuJucDGYdwSv7d2QqdCWmHzIgDUP9I=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=qHN4O8N+vAGgBz/fRJxXNFMK6V4cDEcrc+GS/toQETRfaIB5bKC9vKGNhkmWN7kDbbb8K8nEu3dYHvc89wRow/6eYTEutoyA+D72qqdOgQhbuboZgUj5fl0fVCQuXlV3024kW1BV3MF/ODqCGUS1SOylCJV5Bi/plJ9H6k1WI00= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=K/6aooAI; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="K/6aooAI" Received: by smtp.kernel.org (Postfix) with ESMTPSA id E18DDC4CEDD; Thu, 20 Feb 2025 13:49:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1740059353; bh=3qNcw3CYfOVceSuJucDGYdwSv7d2QqdCWmHzIgDUP9I=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=K/6aooAIhiXxTctJONavfFDjCW3rhD6X9uNsmzmW4ou1JqzOnzeG3gwCX4X9ae6kQ XQIdnayTsbMil2PcKQpj9pfGtsAXbPWLiAQMoE6qy7Cfa5/ViutIM+FL+NBnZ/UOc+ D4l7Cdvztwp99qCh70BOlMOyCbXSzUKrJBINE3rQaMOw92LpAkFcymP5y+h5/k2voW njHCI9uVPVssJeGkvhEqEDky2Mmce54KVc2JLA08alt3Qivz0VhJ7z23cApEVZlOiy bpvfarCubn+6IzxUgfj3jGDhqJowHv3v6bOz/j7An9IPOL0EkchqT7Maw6tJAzMXxw pOFfRBAKdMbcQ== Received: from sofa.misterjones.org ([185.219.108.64] helo=valley-girl.lan) by disco-boy.misterjones.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1tl6vP-006DXp-Ov; Thu, 20 Feb 2025 13:49:11 +0000 From: Marc Zyngier To: kvmarm@lists.linux.dev, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org Cc: Joey Gouly , Suzuki K Poulose , Oliver Upton , Zenghui Yu , Eric Auger , gankulkarni@os.amperecomputing.com Subject: [PATCH v2 01/14] arm64: cpufeature: Handle NV_frac as a synonym of NV2 Date: Thu, 20 Feb 2025 13:48:54 +0000 Message-Id: <20250220134907.554085-2-maz@kernel.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20250220134907.554085-1-maz@kernel.org> References: <20250220134907.554085-1-maz@kernel.org> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-SA-Exim-Connect-IP: 185.219.108.64 X-SA-Exim-Rcpt-To: kvmarm@lists.linux.dev, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org, joey.gouly@arm.com, suzuki.poulose@arm.com, oliver.upton@linux.dev, yuzenghui@huawei.com, eric.auger@redhat.com, gankulkarni@os.amperecomputing.com X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false With ARMv9.5, an implementation supporting Nested Virtualization is allowed to only support NV2, and to avoid supporting the old (and useless) ARMv8.3 variant. This is indicated by ID_AA64MMFR2_EL1.NV being 0 (as if NV wasn't implemented) and ID_AA64MMDR4_EL1.NV_frac being 1 (indicating that NV2 is actually supported). Given that KVM only deals with NV2 and refuses to use the old NV, detecting NV2 or NV_frac is what we need to enable it. Signed-off-by: Marc Zyngier --- arch/arm64/kernel/cpufeature.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index d561cf3b8ac7b..2c198cd4f9405 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -497,6 +497,7 @@ static const struct arm64_ftr_bits ftr_id_aa64mmfr3[] = { static const struct arm64_ftr_bits ftr_id_aa64mmfr4[] = { S_ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64MMFR4_EL1_E2H0_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64MMFR4_EL1_NV_frac_SHIFT, 4, 0), ARM64_FTR_END, }; @@ -2162,7 +2163,7 @@ static bool has_nested_virt_support(const struct arm64_cpu_capabilities *cap, if (kvm_get_mode() != KVM_MODE_NV) return false; - if (!has_cpuid_feature(cap, scope)) { + if (!cpucap_multi_entry_cap_matches(cap, scope)) { pr_warn("unavailable: %s\n", cap->desc); return false; } @@ -2519,7 +2520,17 @@ static const struct arm64_cpu_capabilities arm64_features[] = { .capability = ARM64_HAS_NESTED_VIRT, .type = ARM64_CPUCAP_SYSTEM_FEATURE, .matches = has_nested_virt_support, - ARM64_CPUID_FIELDS(ID_AA64MMFR2_EL1, NV, NV2) + .match_list = (const struct arm64_cpu_capabilities []){ + { + .matches = has_cpuid_feature, + ARM64_CPUID_FIELDS(ID_AA64MMFR2_EL1, NV, NV2) + }, + { + .matches = has_cpuid_feature, + ARM64_CPUID_FIELDS(ID_AA64MMFR4_EL1, NV_frac, NV2_ONLY) + }, + { /* Sentinel */ } + }, }, { .capability = ARM64_HAS_32BIT_EL0_DO_NOT_USE, From patchwork Thu Feb 20 13:48:55 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marc Zyngier X-Patchwork-Id: 13983989 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 474D91F6679; Thu, 20 Feb 2025 13:49:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740059354; cv=none; b=JOxgMkykWq0N+oiZ9GhvHcZFZKW3aJvIxHMrwM0+M9xDf2MRSeZszx4RcR3vfB/GT+p2om563X47P7KVwR+35j+RL9gEO85IdfpjqcXJvmpREys1mfm7ZFZGum0rwuzztK/3QnMaltVYAGiV2308+r4j7OjOP798HD/ulDEVjcU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740059354; c=relaxed/simple; bh=rjDmx4d677pB7gUG89fk/kXGjM99BsbpDijy6LWcIC0=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=SbEjG/C63cqFkcKHVGlnTsFFYV1YHwqJ40E0pb/xWx1oBIB0QzyDfxsp7RQ35W2gdcMdaKD2ZOmyvYQNlxMm8ei4fS2gRZpOWTzRKswZCtaUEFf9z9jMZb9xQ4m7v7ZFLZYr9UTkk32jBiTwBtHgOO5Q5sZbNSaO43+Nmpdlmmc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=rqca1ZjH; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="rqca1ZjH" Received: by smtp.kernel.org (Postfix) with ESMTPSA id E586FC4CEE2; Thu, 20 Feb 2025 13:49:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1740059353; bh=rjDmx4d677pB7gUG89fk/kXGjM99BsbpDijy6LWcIC0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=rqca1ZjHJifQeRCdQUfJPKSWSC/EHI+DwZr8d2fZR61uuU6s68jwiXODVuxmaU0Ic Wo4lxsmveNR/wmwPA0wnirNV4sx9xaatrSlFPpHYWWXR7bZdHUEt76DnRVeJ58avJi Q/GlDb9GhYjQzUC9OII+dypsmKIdiDjRFQcXJDu+Sa1n6WiZSSeF4qJ0EQvMki9IoH d6CJqzyD35f3tGYUZoq80Q7DriUX1RSGX34fuaM4VnsTUeAjNk7ghAnl5XMk55K/9y BVDmtdwxpaqORtN3p5g6jhLaHACVX8IATZNuYUQV1CDE5DadzbvNJpf2lG3gxFuLJq 6FwtFDMd833bQ== Received: from sofa.misterjones.org ([185.219.108.64] helo=valley-girl.lan) by disco-boy.misterjones.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1tl6vQ-006DXp-1P; Thu, 20 Feb 2025 13:49:12 +0000 From: Marc Zyngier To: kvmarm@lists.linux.dev, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org Cc: Joey Gouly , Suzuki K Poulose , Oliver Upton , Zenghui Yu , Eric Auger , gankulkarni@os.amperecomputing.com Subject: [PATCH v2 02/14] KVM: arm64: Hide ID_AA64MMFR2_EL1.NV from guest and userspace Date: Thu, 20 Feb 2025 13:48:55 +0000 Message-Id: <20250220134907.554085-3-maz@kernel.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20250220134907.554085-1-maz@kernel.org> References: <20250220134907.554085-1-maz@kernel.org> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-SA-Exim-Connect-IP: 185.219.108.64 X-SA-Exim-Rcpt-To: kvmarm@lists.linux.dev, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org, joey.gouly@arm.com, suzuki.poulose@arm.com, oliver.upton@linux.dev, yuzenghui@huawei.com, eric.auger@redhat.com, gankulkarni@os.amperecomputing.com X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false Since our take on FEAT_NV is to only support FEAT_NV2, we should never expose ID_AA64MMFR2_EL1.NV to a guest nor userspace. Make sure we mask this field for good. Signed-off-by: Marc Zyngier --- arch/arm64/kvm/sys_regs.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c index 82430c1e1dd02..9f10dbd26e348 100644 --- a/arch/arm64/kvm/sys_regs.c +++ b/arch/arm64/kvm/sys_regs.c @@ -1627,6 +1627,7 @@ static u64 __kvm_read_sanitised_id_reg(const struct kvm_vcpu *vcpu, break; case SYS_ID_AA64MMFR2_EL1: val &= ~ID_AA64MMFR2_EL1_CCIDX_MASK; + val &= ~ID_AA64MMFR2_EL1_NV; break; case SYS_ID_AA64MMFR3_EL1: val &= ID_AA64MMFR3_EL1_TCRX | ID_AA64MMFR3_EL1_S1POE | From patchwork Thu Feb 20 13:48:56 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marc Zyngier X-Patchwork-Id: 13983990 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 575E11F8921; Thu, 20 Feb 2025 13:49:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740059354; cv=none; b=hb/mpw84f0rxpgXmFswuHniYQmI995bYSQsusw4F7zZtv31JLtlaOrXNlSX9fDO7hftCj21ZfQWQGh6fZLOVbwZfAAa8++jya+qBWQ7oxc1Ng5nt9Nxo8N5bqbrUBXl0dIuhuPUDRpI/SqrOyCLt5U8Eu05IXtVGnaiqALVDzRc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740059354; c=relaxed/simple; bh=RvUSEhI6cySQmIz8ZQ/36MwcnMPJHyHB8RpivDDZCT0=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=s9E2h6zTlFW+9se9BgFqbx8I4gJ9Uypnb1pAOjB8EKrawM+082rzVYpqeeCo2xLQ+1iitr1HYno2j+y/SXPX4t71yv/7tJiwErT/4Ti+akPoDArkcnJCia69loekt1R6Tjccr2XftRuYc4bHB32/mHqP8TJaeu7n7TVGuaY0XDk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=JRAoCjpw; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="JRAoCjpw" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 37464C4CEE3; Thu, 20 Feb 2025 13:49:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1740059354; bh=RvUSEhI6cySQmIz8ZQ/36MwcnMPJHyHB8RpivDDZCT0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=JRAoCjpwAQIn/5ro9NR6AEKHCbJQ+GvUl7Dvl3vAGrQT3duRVWb5VP3kLDpuJqVCu hJ8Mxj7rRs/S+1v/aUc5xaTbi6JNezmU3Qa1Ar8WZgO4b/d13WixkUsG4jaH+5yuZG hjHuQg2jKYZxT9cA7meGDsojvFNNYC9VeGT4i+pgmjzcIdLZsa1yDvmIR99pLLS07n /SCJOIX14OXQ0OwmCuxSE5t0r4mtw0LKWTjKCLUFWuI84NCnxdfjfLkaZKevAQUKdB dm0yFCYB7TblKX4WpOFDGRxpsYEsl6WrSF+Y0eR0oiYIy7Z+TQ7M/mYTOK+fWXqrpA eblGtQ9VWH3Jw== Received: from sofa.misterjones.org ([185.219.108.64] helo=valley-girl.lan) by disco-boy.misterjones.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1tl6vQ-006DXp-8p; Thu, 20 Feb 2025 13:49:12 +0000 From: Marc Zyngier To: kvmarm@lists.linux.dev, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org Cc: Joey Gouly , Suzuki K Poulose , Oliver Upton , Zenghui Yu , Eric Auger , gankulkarni@os.amperecomputing.com Subject: [PATCH v2 03/14] KVM: arm64: Mark HCR.EL2.E2H RES0 when ID_AA64MMFR1_EL1.VH is zero Date: Thu, 20 Feb 2025 13:48:56 +0000 Message-Id: <20250220134907.554085-4-maz@kernel.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20250220134907.554085-1-maz@kernel.org> References: <20250220134907.554085-1-maz@kernel.org> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-SA-Exim-Connect-IP: 185.219.108.64 X-SA-Exim-Rcpt-To: kvmarm@lists.linux.dev, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org, joey.gouly@arm.com, suzuki.poulose@arm.com, oliver.upton@linux.dev, yuzenghui@huawei.com, eric.auger@redhat.com, gankulkarni@os.amperecomputing.com X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false Enforce HCR_EL2.E2H being RES0 when VHE is disabled, so that we can actually rely on that bit never being flipped behind our back. Signed-off-by: Marc Zyngier --- arch/arm64/kvm/nested.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/arm64/kvm/nested.c b/arch/arm64/kvm/nested.c index 0c9387d2f5070..ed3add7d32f66 100644 --- a/arch/arm64/kvm/nested.c +++ b/arch/arm64/kvm/nested.c @@ -1034,6 +1034,8 @@ int kvm_init_nv_sysregs(struct kvm_vcpu *vcpu) res0 |= (HCR_TEA | HCR_TERR); if (!kvm_has_feat(kvm, ID_AA64MMFR1_EL1, LO, IMP)) res0 |= HCR_TLOR; + if (!kvm_has_feat(kvm, ID_AA64MMFR1_EL1, VH, IMP)) + res0 |= HCR_E2H; if (!kvm_has_feat(kvm, ID_AA64MMFR4_EL1, E2H0, IMP)) res1 |= HCR_E2H; set_sysreg_masks(kvm, HCR_EL2, res0, res1); From patchwork Thu Feb 20 13:48:57 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marc Zyngier X-Patchwork-Id: 13983992 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id ED44D1FAC46; Thu, 20 Feb 2025 13:49:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740059355; cv=none; b=HGNeVgIZEEIavyHA7YushDpIrTgU9iGDrStJcZM0O7r4xb3YSlB3lvJkYboNEcEvghGfevS1bqzVitYeSUQOAa4bAEcRcHCdtNq4w7ryXudwYq3jY09o1ZFP508+LyoosDPUA2XrAnX02r43UvxEeh2ZswW0UJX0/FRx9Rh+3+s= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740059355; c=relaxed/simple; bh=3rQ7sS5vZjM6vbenQtanAQbuJs7l4zbUMP/xYyxer3w=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=lbml5tyUBW6l1zWCQHWkqQfRxHSW4z/pThkwYzM0ZrlU8WBfYy38X3gY2HIxTfmi7x6ros31nK7i7wUyrTXq+hnHDvVtj6wH+6zSHltEHkh/9JeioGI7oBuDAIl4D3MB9sRrwv0kzEISuod9daKWsbo3wmZKZ5JAHrTZoFSLZ8I= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=BEPz/aTP; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="BEPz/aTP" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3D79DC4CEE6; Thu, 20 Feb 2025 13:49:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1740059354; bh=3rQ7sS5vZjM6vbenQtanAQbuJs7l4zbUMP/xYyxer3w=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=BEPz/aTPTduw/WwZHmTd29J8bXGomUyAaOSH8hnfnnN1hAlu8YMk40YR0yRWZ4eJM EaPj7nWZd2dEX6uGMf6KGtgEmoTN6YSqB7H+JzPxNMn1/qib/FOZvblmzihLqxIWZ8 PJ9LC3/Qpx4GLDGBnWIKn1SQXxow3sZlDA/Ya85khltH4F+C1X+q+/V9yU7fVSAtzI dR5h7EAjVhhKkggSPVY3hsQaexBrEdgvdsw2q6XBZek/YW9AQoPfFnzC0QOVvoG1B6 36XilgG1BEwN7Ydx2Wq1g4xGtBpEzpqecP/hz4NtDHvNbgChV/7Tn4js5ahK6g+jSz 97OeMlroi69ig== Received: from sofa.misterjones.org ([185.219.108.64] helo=valley-girl.lan) by disco-boy.misterjones.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1tl6vQ-006DXp-En; Thu, 20 Feb 2025 13:49:12 +0000 From: Marc Zyngier To: kvmarm@lists.linux.dev, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org Cc: Joey Gouly , Suzuki K Poulose , Oliver Upton , Zenghui Yu , Eric Auger , gankulkarni@os.amperecomputing.com Subject: [PATCH v2 04/14] KVM: arm64: Mark HCR.EL2.{NV*,AT} RES0 when ID_AA64MMFR4_EL1.NV_frac is 0 Date: Thu, 20 Feb 2025 13:48:57 +0000 Message-Id: <20250220134907.554085-5-maz@kernel.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20250220134907.554085-1-maz@kernel.org> References: <20250220134907.554085-1-maz@kernel.org> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-SA-Exim-Connect-IP: 185.219.108.64 X-SA-Exim-Rcpt-To: kvmarm@lists.linux.dev, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org, joey.gouly@arm.com, suzuki.poulose@arm.com, oliver.upton@linux.dev, yuzenghui@huawei.com, eric.auger@redhat.com, gankulkarni@os.amperecomputing.com X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false Enforce HCR_EL2.{NV*,AT} being RES0 when NV2 is disabled, so that we can actually rely on these bits never being flipped behind our back. This of course relies on our earlier ID reg sanitising. Signed-off-by: Marc Zyngier --- arch/arm64/kvm/nested.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/arch/arm64/kvm/nested.c b/arch/arm64/kvm/nested.c index ed3add7d32f66..9f140560a6f5d 100644 --- a/arch/arm64/kvm/nested.c +++ b/arch/arm64/kvm/nested.c @@ -1021,10 +1021,11 @@ int kvm_init_nv_sysregs(struct kvm_vcpu *vcpu) res0 |= HCR_FIEN; if (!kvm_has_feat(kvm, ID_AA64MMFR2_EL1, FWB, IMP)) res0 |= HCR_FWB; - if (!kvm_has_feat(kvm, ID_AA64MMFR2_EL1, NV, NV2)) - res0 |= HCR_NV2; - if (!kvm_has_feat(kvm, ID_AA64MMFR2_EL1, NV, IMP)) - res0 |= (HCR_AT | HCR_NV1 | HCR_NV); + /* Implementation choice: NV2 is the only supported config */ + if (!kvm_has_feat(kvm, ID_AA64MMFR4_EL1, NV_frac, NV2_ONLY)) + res0 |= (HCR_NV2 | HCR_NV | HCR_AT); + if (!kvm_has_feat(kvm, ID_AA64MMFR4_EL1, E2H0, NI)) + res0 |= HCR_NV1; if (!(kvm_vcpu_has_feature(kvm, KVM_ARM_VCPU_PTRAUTH_ADDRESS) && kvm_vcpu_has_feature(kvm, KVM_ARM_VCPU_PTRAUTH_GENERIC))) res0 |= (HCR_API | HCR_APK); From patchwork Thu Feb 20 13:48:58 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marc Zyngier X-Patchwork-Id: 13983991 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BEA3E1FA851; Thu, 20 Feb 2025 13:49:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740059354; cv=none; b=lelXiqajAJ2J89dc7qNmhA9PMguAUe9VKrfZej41AAeaHgSXNaboIi+Ci499N6xHlmcbN71bkIn5jO9uexoRtlVuSJygdkLmYuIl4IWecXUxiR0Zwlo6UkE5EV3noHVDD8H5nCgycsdxFzLfZr56u6uWJBu4tgQY5SFuedZOWkA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740059354; c=relaxed/simple; bh=4L9e3x4dCeFSSHA1otQ4XS7vmrkCkOdcXz3bm7vANK0=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=Z8YuDsaTolQMVYFWAe8z0NQk6AEEQ7yv7reCJQQu943xXR3jroAGeb4/VFzrQnXT+6LLpkb8928rqHfpuxKYbFtdSBb5AUdSjc5bDFlSKaZEtWRi9ScWic0qawMUP65c4MCW5A08QQadnZkeAG29xKO813lpvA4sptWyIX/j6BY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=RDRDzYNd; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="RDRDzYNd" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9FAEDC4CED1; Thu, 20 Feb 2025 13:49:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1740059354; bh=4L9e3x4dCeFSSHA1otQ4XS7vmrkCkOdcXz3bm7vANK0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=RDRDzYNdjy42OOJyWBgWmxqB0to6d0ML42uNMqLtYV4qCjTG+2pLRA0zFV8MYBhev dg5n4UySvizp3QlEBCmE7O7czFFlfU3bhAtHsJR0q7NVwynDav+Xn8XBcsdC2yQijv Gfs6QuNU66gMRmzQ8iIjYKBL8+BwGHr88e7y0+/UgvIsjm9TD9d3XVowMq2aNg6b69 g+N+o2pz5OWgNQrKQJJ/EN2iVshPlr6SKNkaEgrvwuZIK4k+4AnxCTsSXbXAv5/2aR 3J3D46nx8VnEUF47CiW0X1W2ePO/LiHRq/D8eWAtVlEahkIj2NCxawhm5Ufwna6Ckl nrUCnRieP4vYA== Received: from sofa.misterjones.org ([185.219.108.64] helo=valley-girl.lan) by disco-boy.misterjones.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1tl6vQ-006DXp-KR; Thu, 20 Feb 2025 13:49:12 +0000 From: Marc Zyngier To: kvmarm@lists.linux.dev, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org Cc: Joey Gouly , Suzuki K Poulose , Oliver Upton , Zenghui Yu , Eric Auger , gankulkarni@os.amperecomputing.com Subject: [PATCH v2 05/14] KVM: arm64: Advertise NV2 in the boot messages Date: Thu, 20 Feb 2025 13:48:58 +0000 Message-Id: <20250220134907.554085-6-maz@kernel.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20250220134907.554085-1-maz@kernel.org> References: <20250220134907.554085-1-maz@kernel.org> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-SA-Exim-Connect-IP: 185.219.108.64 X-SA-Exim-Rcpt-To: kvmarm@lists.linux.dev, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org, joey.gouly@arm.com, suzuki.poulose@arm.com, oliver.upton@linux.dev, yuzenghui@huawei.com, eric.auger@redhat.com, gankulkarni@os.amperecomputing.com X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false Make it a bit easier to understand what people are running by adding a +NV2 string to the successful KVM initialisation. Signed-off-by: Marc Zyngier --- arch/arm64/kvm/arm.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/arch/arm64/kvm/arm.c b/arch/arm64/kvm/arm.c index b8e55a441282f..5ea09f13c7bc0 100644 --- a/arch/arm64/kvm/arm.c +++ b/arch/arm64/kvm/arm.c @@ -2806,11 +2806,12 @@ static __init int kvm_arm_init(void) if (err) goto out_hyp; - kvm_info("%s%sVHE mode initialized successfully\n", + kvm_info("%s%sVHE%s mode initialized successfully\n", in_hyp_mode ? "" : (is_protected_kvm_enabled() ? "Protected " : "Hyp "), in_hyp_mode ? "" : (cpus_have_final_cap(ARM64_KVM_HVHE) ? - "h" : "n")); + "h" : "n"), + cpus_have_final_cap(ARM64_HAS_NESTED_VIRT) ? "+NV2": ""); /* * FIXME: Do something reasonable if kvm_init() fails after pKVM From patchwork Thu Feb 20 13:48:59 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marc Zyngier X-Patchwork-Id: 13983993 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EE7731FAC48; Thu, 20 Feb 2025 13:49:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740059355; cv=none; b=GLFkmdHLMb1gLBq+wAHhkt/MHZBSUJmJawWKz4rcR+Wnu1sqMapuXk3XgTnbDUEs9GNGAFHjYVlA4zEgWBWAeQKEvG7l7k5TzY0pDmtbQkFZAs2Ap4bRyWx6ff2tYOpYYkfJ1EsXN6cLGXYtFoet5bj47ZE+ns9oxkrExEnvaHY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740059355; c=relaxed/simple; bh=hLX78IQJhSjho4blNERHsZLoh+IQBUydLUQRnCHy3Bg=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=SYM1bcKkYHfP57AjFu80dIhg1SumKVgqxDl1eY6YB3vUokkGIB/aXGBNrNuHDbsMaWaJ2h7HBs+8NhClF3+V/VacYssnRHnXeNCezxRi6o8XwXlI8vekPCMr2mCUMBAycBsIEO5sALxPhMy10fhInUeLWj3D772R6d5ftH3OQEs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=iPYIIRTN; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="iPYIIRTN" Received: by smtp.kernel.org (Postfix) with ESMTPSA id A0A9CC4CEDD; Thu, 20 Feb 2025 13:49:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1740059354; bh=hLX78IQJhSjho4blNERHsZLoh+IQBUydLUQRnCHy3Bg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=iPYIIRTNVqeMFiMlGsrveziYs/FAPq/tsRf1aGRuKJWBjsBpcqrUq7ZXO0FCA/1dV 4O5p8lUcoyxepZOSqU9fsMZFdMlO8oKymJTf2SPpVQOTCqSsZ+TbmoNwQOH6mBoIeb pAvs/K/diNS3rID6Wg5OsBKTyy9aGOhTKipYejkwiOWCNp34o9EynI5VaocOY1FxlZ AsHkHGvw5dHy6jsy7qqIj83v3WPV042D1lIp93SF/AnH/akMfMIVhtBBeemYv/RURK laWUV9zzz+LcwwtFlTa3QtMKGu6L5N+gEqb2E866P8db9jDbSVTqQD3GXNQU8TcE19 /qfUBc920zGxg== Received: from sofa.misterjones.org ([185.219.108.64] helo=valley-girl.lan) by disco-boy.misterjones.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1tl6vQ-006DXp-QN; Thu, 20 Feb 2025 13:49:12 +0000 From: Marc Zyngier To: kvmarm@lists.linux.dev, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org Cc: Joey Gouly , Suzuki K Poulose , Oliver Upton , Zenghui Yu , Eric Auger , gankulkarni@os.amperecomputing.com Subject: [PATCH v2 06/14] KVM: arm64: Consolidate idreg callbacks Date: Thu, 20 Feb 2025 13:48:59 +0000 Message-Id: <20250220134907.554085-7-maz@kernel.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20250220134907.554085-1-maz@kernel.org> References: <20250220134907.554085-1-maz@kernel.org> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-SA-Exim-Connect-IP: 185.219.108.64 X-SA-Exim-Rcpt-To: kvmarm@lists.linux.dev, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org, joey.gouly@arm.com, suzuki.poulose@arm.com, oliver.upton@linux.dev, yuzenghui@huawei.com, eric.auger@redhat.com, gankulkarni@os.amperecomputing.com X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false Most of the ID_DESC() users use the same callbacks, with only a few overrides. Consolidate the common callbacks in a macro, and consistently use it everywhere. Whilst we're at it, give ID_UNALLOCATED() a .name string, so that we can easily decode traces. Signed-off-by: Marc Zyngier Reviewed-by: Ganapatrao Kulkarni --- arch/arm64/kvm/sys_regs.c | 28 ++++++++++------------------ 1 file changed, 10 insertions(+), 18 deletions(-) diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c index 9f10dbd26e348..678213dc15513 100644 --- a/arch/arm64/kvm/sys_regs.c +++ b/arch/arm64/kvm/sys_regs.c @@ -2267,35 +2267,33 @@ static bool bad_redir_trap(struct kvm_vcpu *vcpu, * from userspace. */ +#define ID_DESC_DEFAULT_CALLBACKS \ + .access = access_id_reg, \ + .get_user = get_id_reg, \ + .set_user = set_id_reg, \ + .visibility = id_visibility, \ + .reset = kvm_read_sanitised_id_reg + #define ID_DESC(name) \ SYS_DESC(SYS_##name), \ - .access = access_id_reg, \ - .get_user = get_id_reg \ + ID_DESC_DEFAULT_CALLBACKS /* sys_reg_desc initialiser for known cpufeature ID registers */ #define ID_SANITISED(name) { \ ID_DESC(name), \ - .set_user = set_id_reg, \ - .visibility = id_visibility, \ - .reset = kvm_read_sanitised_id_reg, \ .val = 0, \ } /* sys_reg_desc initialiser for known cpufeature ID registers */ #define AA32_ID_SANITISED(name) { \ ID_DESC(name), \ - .set_user = set_id_reg, \ .visibility = aa32_id_visibility, \ - .reset = kvm_read_sanitised_id_reg, \ .val = 0, \ } /* sys_reg_desc initialiser for writable ID registers */ #define ID_WRITABLE(name, mask) { \ ID_DESC(name), \ - .set_user = set_id_reg, \ - .visibility = id_visibility, \ - .reset = kvm_read_sanitised_id_reg, \ .val = mask, \ } @@ -2303,8 +2301,6 @@ static bool bad_redir_trap(struct kvm_vcpu *vcpu, #define ID_FILTERED(sysreg, name, mask) { \ ID_DESC(sysreg), \ .set_user = set_##name, \ - .visibility = id_visibility, \ - .reset = kvm_read_sanitised_id_reg, \ .val = (mask), \ } @@ -2314,12 +2310,10 @@ static bool bad_redir_trap(struct kvm_vcpu *vcpu, * (1 <= crm < 8, 0 <= Op2 < 8). */ #define ID_UNALLOCATED(crm, op2) { \ + .name = "S3_0_0_" #crm "_" #op2, \ Op0(3), Op1(0), CRn(0), CRm(crm), Op2(op2), \ - .access = access_id_reg, \ - .get_user = get_id_reg, \ - .set_user = set_id_reg, \ + ID_DESC_DEFAULT_CALLBACKS, \ .visibility = raz_visibility, \ - .reset = kvm_read_sanitised_id_reg, \ .val = 0, \ } @@ -2330,9 +2324,7 @@ static bool bad_redir_trap(struct kvm_vcpu *vcpu, */ #define ID_HIDDEN(name) { \ ID_DESC(name), \ - .set_user = set_id_reg, \ .visibility = raz_visibility, \ - .reset = kvm_read_sanitised_id_reg, \ .val = 0, \ } From patchwork Thu Feb 20 13:49:00 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marc Zyngier X-Patchwork-Id: 13983994 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1BEFD1FAC5E; Thu, 20 Feb 2025 13:49:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740059355; cv=none; b=KrggPblzjbPVvFFEZemWUS2rDWZ20WRLqsahW8OHJdLKFXspXgGRqw+SzapQcG1TZRefqtDBJDgMD9CbJb6Pj914sIUFxm7p02k0Ds9tXd25F21jwz7t0fsB9K7lLlxwC7+3s/DS3oYSDh8tNCkrSVZU/AtoXOBxHCcIIjQ07/E= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740059355; c=relaxed/simple; bh=BbvYn+ZZ1IWZiQh4LZNEmsttX+u4/bUxfHPvQig08+k=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=mbvWiW99n/AI3xNsThgrGKkqyBcgmW1sHOc1+gvNpYOCvCzUg2F3fof/xWkeUuXENGt4eCUINvFPCVpu3Gu/MNUvm2S5BuSJBOLL7bwGF+GHG6hrB35oAQlJCK2VWcvWU4EGWFXXjVZQ+mfrDpOXmYUZSPsiB6y8oyMvF2icFDA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=AU18isSq; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="AU18isSq" Received: by smtp.kernel.org (Postfix) with ESMTPSA id F2EA3C4CEE2; Thu, 20 Feb 2025 13:49:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1740059355; bh=BbvYn+ZZ1IWZiQh4LZNEmsttX+u4/bUxfHPvQig08+k=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=AU18isSqWYLy6+aT9kxnKouS93bJw8eSqe8O4WymKrrJUVwY9JO+Q+o6A2s7iE5Ai b+0dDiuM5ZBOXmRmVtA/eyA+DOSkOuPUeNPO8D6FXOHZO2cpVY4F8RBpRCaeFfVn2f io+UoOIWA8sMtq0b/v6Ra3/LmaakEBc5OvxRIPBZbvptngyhNymJ61RS/fUk21bV2B Z23kO5VVScXkf579l5nnO+nMgKWp/BHTgcRMRWUZfh0eJkQAjXfZcU+EfN3WGJYJaf o6ITX4xXQ6KvqOj97meFBD80CTFHApu5boQfBuFoXqQ0k74vdpJD2jPptRXoPHFF2o PP9H3VTg4j17w== Received: from sofa.misterjones.org ([185.219.108.64] helo=valley-girl.lan) by disco-boy.misterjones.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1tl6vR-006DXp-05; Thu, 20 Feb 2025 13:49:13 +0000 From: Marc Zyngier To: kvmarm@lists.linux.dev, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org Cc: Joey Gouly , Suzuki K Poulose , Oliver Upton , Zenghui Yu , Eric Auger , gankulkarni@os.amperecomputing.com Subject: [PATCH v2 07/14] KVM: arm64: Make ID_REG_LIMIT_FIELD_ENUM() more widely available Date: Thu, 20 Feb 2025 13:49:00 +0000 Message-Id: <20250220134907.554085-8-maz@kernel.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20250220134907.554085-1-maz@kernel.org> References: <20250220134907.554085-1-maz@kernel.org> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-SA-Exim-Connect-IP: 185.219.108.64 X-SA-Exim-Rcpt-To: kvmarm@lists.linux.dev, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org, joey.gouly@arm.com, suzuki.poulose@arm.com, oliver.upton@linux.dev, yuzenghui@huawei.com, eric.auger@redhat.com, gankulkarni@os.amperecomputing.com X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false ID_REG_LIMIT_FIELD_ENUM() is a useful macro to limit the idreg features exposed to guest and userspace, and the NV code can make use of it. Signed-off-by: Marc Zyngier --- arch/arm64/kvm/sys_regs.c | 10 ---------- arch/arm64/kvm/sys_regs.h | 10 ++++++++++ 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c index 678213dc15513..d14daadb8a7c0 100644 --- a/arch/arm64/kvm/sys_regs.c +++ b/arch/arm64/kvm/sys_regs.c @@ -1803,16 +1803,6 @@ static u64 sanitise_id_aa64pfr0_el1(const struct kvm_vcpu *vcpu, u64 val) return val; } -#define ID_REG_LIMIT_FIELD_ENUM(val, reg, field, limit) \ -({ \ - u64 __f_val = FIELD_GET(reg##_##field##_MASK, val); \ - (val) &= ~reg##_##field##_MASK; \ - (val) |= FIELD_PREP(reg##_##field##_MASK, \ - min(__f_val, \ - (u64)SYS_FIELD_VALUE(reg, field, limit))); \ - (val); \ -}) - static u64 sanitise_id_aa64dfr0_el1(const struct kvm_vcpu *vcpu, u64 val) { val = ID_REG_LIMIT_FIELD_ENUM(val, ID_AA64DFR0_EL1, DebugVer, V8P8); diff --git a/arch/arm64/kvm/sys_regs.h b/arch/arm64/kvm/sys_regs.h index 1d94ed6efad2c..cc6338d387663 100644 --- a/arch/arm64/kvm/sys_regs.h +++ b/arch/arm64/kvm/sys_regs.h @@ -247,4 +247,14 @@ int kvm_finalize_sys_regs(struct kvm_vcpu *vcpu); CRn(sys_reg_CRn(reg)), CRm(sys_reg_CRm(reg)), \ Op2(sys_reg_Op2(reg)) +#define ID_REG_LIMIT_FIELD_ENUM(val, reg, field, limit) \ +({ \ + u64 __f_val = FIELD_GET(reg##_##field##_MASK, val); \ + (val) &= ~reg##_##field##_MASK; \ + (val) |= FIELD_PREP(reg##_##field##_MASK, \ + min(__f_val, \ + (u64)SYS_FIELD_VALUE(reg, field, limit))); \ + (val); \ +}) + #endif /* __ARM64_KVM_SYS_REGS_LOCAL_H__ */ From patchwork Thu Feb 20 13:49:01 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marc Zyngier X-Patchwork-Id: 13983996 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 339F51FBC98; Thu, 20 Feb 2025 13:49:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740059355; cv=none; b=QkKJvxYduBp7zzmkLsC7TVLjzqxfOFtuRbBtlnTa3eK5ac+TtmEzkIUQCZMcxrwiM8mOPxPb+OMhyqC4jIZD7c2cQLAZ/HNSfvM4GAlt4JboTmerHBH89VyHOFPjS6ltKdbCQXw+A2mPhhoS+0HhSvjlGG3LIv2HpCWfrYS6ZTQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740059355; c=relaxed/simple; bh=56SIWRxmkIc0NGhh9uSDjlX1Hg9JEfvHAZmk7x9h1hQ=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=HVz8cLMJwbmCVFXQcYsWHcpVLDcDJYOxQIqTWwUqMT8KVcfQwGg+4rJv9Aj1PPHWqM66chnlFmRdph/jdCVpU0wLTXhr7akl8qDWC/WKzO0PrTtTWfyslhS0EN7Pgr0f+CL1hDHBW7UYExpCSvYItxasMiV/kvU7MQomYhQQr6Y= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=kf8BbQll; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="kf8BbQll" Received: by smtp.kernel.org (Postfix) with ESMTPSA id EC56FC4CEE3; Thu, 20 Feb 2025 13:49:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1740059355; bh=56SIWRxmkIc0NGhh9uSDjlX1Hg9JEfvHAZmk7x9h1hQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=kf8BbQllYPYbt7gRXKiEdUNhhJc6yd7EGVYzJlR3p0iSwCyMyGcKaeR/Dso1gNEiM KNnuVZxdxNNawXSSe2FKwsZIewHm690uSk39rZWDNP0ZnhbDjbkEn2dUvDYhr2UWfB ye/R0mYnNX2TswLSbQ5enu8SaQaNIQI5khL0w9nJca2cnNlhfu8hwa13+q+rmxZ2LG GAtmR0Xj6/TWf6N5TGYDBBGlMW8F0qcnFZ5R0G0PennML2btfTb1eYTbx4LWIybgH3 jD9hkn9OaYK/hLTZkQAfkLHj4+DcSom4WCiU5+WhXIyYupRU1i3BF8OWHkIlD9tze+ 0bS7MSHiZEKQg== Received: from sofa.misterjones.org ([185.219.108.64] helo=valley-girl.lan) by disco-boy.misterjones.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1tl6vR-006DXp-6B; Thu, 20 Feb 2025 13:49:13 +0000 From: Marc Zyngier To: kvmarm@lists.linux.dev, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org Cc: Joey Gouly , Suzuki K Poulose , Oliver Upton , Zenghui Yu , Eric Auger , gankulkarni@os.amperecomputing.com Subject: [PATCH v2 08/14] KVM: arm64: Enforce NV limits on a per-idregs basis Date: Thu, 20 Feb 2025 13:49:01 +0000 Message-Id: <20250220134907.554085-9-maz@kernel.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20250220134907.554085-1-maz@kernel.org> References: <20250220134907.554085-1-maz@kernel.org> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-SA-Exim-Connect-IP: 185.219.108.64 X-SA-Exim-Rcpt-To: kvmarm@lists.linux.dev, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org, joey.gouly@arm.com, suzuki.poulose@arm.com, oliver.upton@linux.dev, yuzenghui@huawei.com, eric.auger@redhat.com, gankulkarni@os.amperecomputing.com X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false As we are about to change the way the idreg reset values are computed, move all the NV limits into a function that initialises one register at a time. This will be most useful in the upcoming patches. We take this opportunity to remove the NV_FTR() macro and rely on the generated names instead. Signed-off-by: Marc Zyngier --- arch/arm64/kvm/nested.c | 239 +++++++++++++++++++++++----------------- 1 file changed, 136 insertions(+), 103 deletions(-) diff --git a/arch/arm64/kvm/nested.c b/arch/arm64/kvm/nested.c index 9f140560a6f5d..2cc82e69ab523 100644 --- a/arch/arm64/kvm/nested.c +++ b/arch/arm64/kvm/nested.c @@ -16,9 +16,6 @@ #include "sys_regs.h" -/* Protection against the sysreg repainting madness... */ -#define NV_FTR(r, f) ID_AA64##r##_EL1_##f - /* * Ratio of live shadow S2 MMU per vcpu. This is a trade-off between * memory usage and potential number of different sets of S2 PTs in @@ -807,133 +804,169 @@ void kvm_arch_flush_shadow_all(struct kvm *kvm) * This list should get updated as new features get added to the NV * support, and new extension to the architecture. */ +static u64 limit_nv_id_reg(struct kvm *kvm, u32 reg, u64 val) +{ + switch (reg) { + case SYS_ID_AA64ISAR0_EL1: + /* Support everything but TME */ + val &= ~ID_AA64ISAR0_EL1_TME; + break; + + case SYS_ID_AA64ISAR1_EL1: + /* Support everything but LS64 and Spec Invalidation */ + val &= ~(ID_AA64ISAR1_EL1_LS64 | + ID_AA64ISAR1_EL1_SPECRES); + break; + + case SYS_ID_AA64PFR0_EL1: + /* No RME, AMU, MPAM, S-EL2, or RAS */ + val &= ~(ID_AA64PFR0_EL1_RME | + ID_AA64PFR0_EL1_AMU | + ID_AA64PFR0_EL1_MPAM | + ID_AA64PFR0_EL1_SEL2 | + ID_AA64PFR0_EL1_RAS | + ID_AA64PFR0_EL1_EL3 | + ID_AA64PFR0_EL1_EL2 | + ID_AA64PFR0_EL1_EL1 | + ID_AA64PFR0_EL1_EL0); + /* 64bit only at any EL */ + val |= SYS_FIELD_PREP_ENUM(ID_AA64PFR0_EL1, EL0, IMP); + val |= SYS_FIELD_PREP_ENUM(ID_AA64PFR0_EL1, EL1, IMP); + val |= SYS_FIELD_PREP_ENUM(ID_AA64PFR0_EL1, EL2, IMP); + val |= SYS_FIELD_PREP_ENUM(ID_AA64PFR0_EL1, EL3, IMP); + break; + + case SYS_ID_AA64PFR1_EL1: + /* Only support BTI, SSBS, CSV2_frac */ + val &= (ID_AA64PFR1_EL1_BT | + ID_AA64PFR1_EL1_SSBS | + ID_AA64PFR1_EL1_CSV2_frac); + break; + + case SYS_ID_AA64MMFR0_EL1: + /* Hide ECV, ExS, Secure Memory */ + val &= ~(ID_AA64MMFR0_EL1_EVC | + ID_AA64MMFR0_EL1_EXS | + ID_AA64MMFR0_EL1_TGRAN4_2 | + ID_AA64MMFR0_EL1_TGRAN16_2 | + ID_AA64MMFR0_EL1_TGRAN64_2 | + ID_AA64MMFR0_EL1_SNSMEM); + + /* Disallow unsupported S2 page sizes */ + switch (PAGE_SIZE) { + case SZ_64K: + val |= SYS_FIELD_PREP_ENUM(ID_AA64MMFR0_EL1, TGRAN16_2, NI); + fallthrough; + case SZ_16K: + val |= SYS_FIELD_PREP_ENUM(ID_AA64MMFR0_EL1, TGRAN4_2, NI); + fallthrough; + case SZ_4K: + /* Support everything */ + break; + } + + /* + * Since we can't support a guest S2 page size smaller + * than the host's own page size (due to KVM only + * populating its own S2 using the kernel's page + * size), advertise the limitation using FEAT_GTG. + */ + switch (PAGE_SIZE) { + case SZ_4K: + val |= SYS_FIELD_PREP_ENUM(ID_AA64MMFR0_EL1, TGRAN4_2, IMP); + fallthrough; + case SZ_16K: + val |= SYS_FIELD_PREP_ENUM(ID_AA64MMFR0_EL1, TGRAN16_2, IMP); + fallthrough; + case SZ_64K: + val |= SYS_FIELD_PREP_ENUM(ID_AA64MMFR0_EL1, TGRAN64_2, IMP); + break; + } + + /* Cap PARange to 48bits */ + val = ID_REG_LIMIT_FIELD_ENUM(val, ID_AA64MMFR0_EL1, PARANGE, 48); + break; + + case SYS_ID_AA64MMFR1_EL1: + val &= (ID_AA64MMFR1_EL1_HCX | + ID_AA64MMFR1_EL1_PAN | + ID_AA64MMFR1_EL1_LO | + ID_AA64MMFR1_EL1_HPDS | + ID_AA64MMFR1_EL1_VH | + ID_AA64MMFR1_EL1_VMIDBits); + break; + + case SYS_ID_AA64MMFR2_EL1: + val &= ~(ID_AA64MMFR2_EL1_BBM | + ID_AA64MMFR2_EL1_TTL | + GENMASK_ULL(47, 44) | + ID_AA64MMFR2_EL1_ST | + ID_AA64MMFR2_EL1_CCIDX | + ID_AA64MMFR2_EL1_VARange); + + /* Force TTL support */ + val |= SYS_FIELD_PREP_ENUM(ID_AA64MMFR2_EL1, TTL, IMP); + break; + + case SYS_ID_AA64MMFR4_EL1: + val = SYS_FIELD_PREP_ENUM(ID_AA64MMFR4_EL1, NV_frac, NV2_ONLY); + val |= SYS_FIELD_PREP_ENUM(ID_AA64MMFR4_EL1, E2H0, NI_NV1); + break; + + case SYS_ID_AA64DFR0_EL1: + /* Only limited support for PMU, Debug, BPs, WPs, and HPMN0 */ + val &= (ID_AA64DFR0_EL1_PMUVer | + ID_AA64DFR0_EL1_WRPs | + ID_AA64DFR0_EL1_BRPs | + ID_AA64DFR0_EL1_DebugVer| + ID_AA64DFR0_EL1_HPMN0); + + /* Cap Debug to ARMv8.1 */ + val = ID_REG_LIMIT_FIELD_ENUM(val, ID_AA64DFR0_EL1, DebugVer, VHE); + break; + } + + return val; +} + static void limit_nv_id_regs(struct kvm *kvm) { - u64 val, tmp; + u64 val; - /* Support everything but TME */ val = kvm_read_vm_id_reg(kvm, SYS_ID_AA64ISAR0_EL1); - val &= ~NV_FTR(ISAR0, TME); + val = limit_nv_id_reg(kvm, SYS_ID_AA64ISAR0_EL1, val); kvm_set_vm_id_reg(kvm, SYS_ID_AA64ISAR0_EL1, val); - /* Support everything but Spec Invalidation and LS64 */ val = kvm_read_vm_id_reg(kvm, SYS_ID_AA64ISAR1_EL1); - val &= ~(NV_FTR(ISAR1, LS64) | - NV_FTR(ISAR1, SPECRES)); + val = limit_nv_id_reg(kvm, SYS_ID_AA64ISAR1_EL1, val); kvm_set_vm_id_reg(kvm, SYS_ID_AA64ISAR1_EL1, val); - /* No AMU, MPAM, S-EL2, or RAS */ val = kvm_read_vm_id_reg(kvm, SYS_ID_AA64PFR0_EL1); - val &= ~(GENMASK_ULL(55, 52) | - NV_FTR(PFR0, AMU) | - NV_FTR(PFR0, MPAM) | - NV_FTR(PFR0, SEL2) | - NV_FTR(PFR0, RAS) | - NV_FTR(PFR0, EL3) | - NV_FTR(PFR0, EL2) | - NV_FTR(PFR0, EL1) | - NV_FTR(PFR0, EL0)); - /* 64bit only at any EL */ - val |= FIELD_PREP(NV_FTR(PFR0, EL0), 0b0001); - val |= FIELD_PREP(NV_FTR(PFR0, EL1), 0b0001); - val |= FIELD_PREP(NV_FTR(PFR0, EL2), 0b0001); - val |= FIELD_PREP(NV_FTR(PFR0, EL3), 0b0001); + val = limit_nv_id_reg(kvm, SYS_ID_AA64PFR0_EL1, val); kvm_set_vm_id_reg(kvm, SYS_ID_AA64PFR0_EL1, val); - /* Only support BTI, SSBS, CSV2_frac */ val = kvm_read_vm_id_reg(kvm, SYS_ID_AA64PFR1_EL1); - val &= (NV_FTR(PFR1, BT) | - NV_FTR(PFR1, SSBS) | - NV_FTR(PFR1, CSV2_frac)); + val = limit_nv_id_reg(kvm, SYS_ID_AA64PFR1_EL1, val); kvm_set_vm_id_reg(kvm, SYS_ID_AA64PFR1_EL1, val); - /* Hide ECV, ExS, Secure Memory */ val = kvm_read_vm_id_reg(kvm, SYS_ID_AA64MMFR0_EL1); - val &= ~(NV_FTR(MMFR0, ECV) | - NV_FTR(MMFR0, EXS) | - NV_FTR(MMFR0, TGRAN4_2) | - NV_FTR(MMFR0, TGRAN16_2) | - NV_FTR(MMFR0, TGRAN64_2) | - NV_FTR(MMFR0, SNSMEM)); - - /* Disallow unsupported S2 page sizes */ - switch (PAGE_SIZE) { - case SZ_64K: - val |= FIELD_PREP(NV_FTR(MMFR0, TGRAN16_2), 0b0001); - fallthrough; - case SZ_16K: - val |= FIELD_PREP(NV_FTR(MMFR0, TGRAN4_2), 0b0001); - fallthrough; - case SZ_4K: - /* Support everything */ - break; - } - /* - * Since we can't support a guest S2 page size smaller than - * the host's own page size (due to KVM only populating its - * own S2 using the kernel's page size), advertise the - * limitation using FEAT_GTG. - */ - switch (PAGE_SIZE) { - case SZ_4K: - val |= FIELD_PREP(NV_FTR(MMFR0, TGRAN4_2), 0b0010); - fallthrough; - case SZ_16K: - val |= FIELD_PREP(NV_FTR(MMFR0, TGRAN16_2), 0b0010); - fallthrough; - case SZ_64K: - val |= FIELD_PREP(NV_FTR(MMFR0, TGRAN64_2), 0b0010); - break; - } - /* Cap PARange to 48bits */ - tmp = FIELD_GET(NV_FTR(MMFR0, PARANGE), val); - if (tmp > 0b0101) { - val &= ~NV_FTR(MMFR0, PARANGE); - val |= FIELD_PREP(NV_FTR(MMFR0, PARANGE), 0b0101); - } + val = limit_nv_id_reg(kvm, SYS_ID_AA64MMFR0_EL1, val); kvm_set_vm_id_reg(kvm, SYS_ID_AA64MMFR0_EL1, val); val = kvm_read_vm_id_reg(kvm, SYS_ID_AA64MMFR1_EL1); - val &= (NV_FTR(MMFR1, HCX) | - NV_FTR(MMFR1, PAN) | - NV_FTR(MMFR1, LO) | - NV_FTR(MMFR1, HPDS) | - NV_FTR(MMFR1, VH) | - NV_FTR(MMFR1, VMIDBits)); + val = limit_nv_id_reg(kvm, SYS_ID_AA64MMFR1_EL1, val); kvm_set_vm_id_reg(kvm, SYS_ID_AA64MMFR1_EL1, val); val = kvm_read_vm_id_reg(kvm, SYS_ID_AA64MMFR2_EL1); - val &= ~(NV_FTR(MMFR2, BBM) | - NV_FTR(MMFR2, TTL) | - GENMASK_ULL(47, 44) | - NV_FTR(MMFR2, ST) | - NV_FTR(MMFR2, CCIDX) | - NV_FTR(MMFR2, VARange)); - - /* Force TTL support */ - val |= FIELD_PREP(NV_FTR(MMFR2, TTL), 0b0001); + val = limit_nv_id_reg(kvm, SYS_ID_AA64MMFR2_EL1, val); kvm_set_vm_id_reg(kvm, SYS_ID_AA64MMFR2_EL1, val); - val = 0; - if (!cpus_have_final_cap(ARM64_HAS_HCR_NV1)) - val |= FIELD_PREP(NV_FTR(MMFR4, E2H0), - ID_AA64MMFR4_EL1_E2H0_NI_NV1); + val = kvm_read_vm_id_reg(kvm, SYS_ID_AA64MMFR4_EL1); + val = limit_nv_id_reg(kvm, SYS_ID_AA64MMFR4_EL1, val); kvm_set_vm_id_reg(kvm, SYS_ID_AA64MMFR4_EL1, val); - /* Only limited support for PMU, Debug, BPs, WPs, and HPMN0 */ val = kvm_read_vm_id_reg(kvm, SYS_ID_AA64DFR0_EL1); - val &= (NV_FTR(DFR0, PMUVer) | - NV_FTR(DFR0, WRPs) | - NV_FTR(DFR0, BRPs) | - NV_FTR(DFR0, DebugVer) | - NV_FTR(DFR0, HPMN0)); - - /* Cap Debug to ARMv8.1 */ - tmp = FIELD_GET(NV_FTR(DFR0, DebugVer), val); - if (tmp > 0b0111) { - val &= ~NV_FTR(DFR0, DebugVer); - val |= FIELD_PREP(NV_FTR(DFR0, DebugVer), 0b0111); - } + val = limit_nv_id_reg(kvm, SYS_ID_AA64DFR0_EL1, val); kvm_set_vm_id_reg(kvm, SYS_ID_AA64DFR0_EL1, val); } From patchwork Thu Feb 20 13:49:02 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marc Zyngier X-Patchwork-Id: 13983995 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 486AC1FBCA4; Thu, 20 Feb 2025 13:49:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740059355; cv=none; b=RwA9+hHyewjkqGRteMTTVrJfqxYsu6BP5tOTWm45FEBadCyHBlu7fmDK3SFASM3PvnccZUfUH+LhK/jvt04LhkazhBn0A8U9ohAvLRqvNaJUnbdplUmDtPOU1mZq365G33slpnifAxOWWxWzzzYKDo/pdOu5zkd43scXjOwC9EY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740059355; c=relaxed/simple; bh=+4IhGCZKSDv030X/F7zzYtvjqdN4RzFElZ+QA2y5AmY=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=myNOnoXnSwNTol3pSQiYJuUtyxTHGmib/EWUkmmuVRSRw8a+sFpzJ5dX0cGWyvLBqsS+GLMI7gwqMM1fWSqpmoFO8x2g/Ejhs93k2OtXN4PUHNppN7Sb4z7ys6JG/dYEMo4zSyb0VqnaQzE3s/aDnsnPwhtgPt6ubQIiLqkgf5U= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=LiPw885a; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="LiPw885a" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2A80EC4CED1; Thu, 20 Feb 2025 13:49:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1740059355; bh=+4IhGCZKSDv030X/F7zzYtvjqdN4RzFElZ+QA2y5AmY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=LiPw885aAEnc8fsWzlHA7cfUsze7JA1k4qJlzkIx+Zk7BplPf/KIcTTIeWv+2RqGl ypsugHCjdWvrq6VRLQ9hCoYWgd9qa6sqWUeAHj9YdMksI6/hv9JHZXFBOUCrm2IGbN 8nTbvi1rvALDuBmtUSyV2xbxe03foitCwPZZYZfc1YX5dWiokFcrDp2YMD+gFIcG58 id7OHrQy9JHDm5155TmEwpk8Z4DUBRcIg2wH72MZUvNwRyIG/mQVsomvJYkHQ5TPq5 YUWx33wO78vWO0oH5sKJI8R5JLJe4vNsknVj1xP96hIZt9cCL1SbSzq9lVVG5QvN4Z /1IZqcvB3tfFQ== Received: from sofa.misterjones.org ([185.219.108.64] helo=valley-girl.lan) by disco-boy.misterjones.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1tl6vR-006DXp-CP; Thu, 20 Feb 2025 13:49:13 +0000 From: Marc Zyngier To: kvmarm@lists.linux.dev, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org Cc: Joey Gouly , Suzuki K Poulose , Oliver Upton , Zenghui Yu , Eric Auger , gankulkarni@os.amperecomputing.com Subject: [PATCH v2 09/14] KVM: arm64: Move NV-specific capping to idreg sanitisation Date: Thu, 20 Feb 2025 13:49:02 +0000 Message-Id: <20250220134907.554085-10-maz@kernel.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20250220134907.554085-1-maz@kernel.org> References: <20250220134907.554085-1-maz@kernel.org> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-SA-Exim-Connect-IP: 185.219.108.64 X-SA-Exim-Rcpt-To: kvmarm@lists.linux.dev, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org, joey.gouly@arm.com, suzuki.poulose@arm.com, oliver.upton@linux.dev, yuzenghui@huawei.com, eric.auger@redhat.com, gankulkarni@os.amperecomputing.com X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false Instead of applying the NV idreg limits at run time, switch to doing it at the same time as the reset of the VM initialisation. This will make things much simpler once we introduce vcpu-driven variants of NV. Signed-off-by: Marc Zyngier --- arch/arm64/include/asm/kvm_nested.h | 1 + arch/arm64/kvm/nested.c | 45 +---------------------------- arch/arm64/kvm/sys_regs.c | 3 ++ 3 files changed, 5 insertions(+), 44 deletions(-) diff --git a/arch/arm64/include/asm/kvm_nested.h b/arch/arm64/include/asm/kvm_nested.h index 56c4bcd35e2e5..692f403c1896e 100644 --- a/arch/arm64/include/asm/kvm_nested.h +++ b/arch/arm64/include/asm/kvm_nested.h @@ -188,6 +188,7 @@ static inline bool kvm_supported_tlbi_s1e2_op(struct kvm_vcpu *vpcu, u32 instr) } int kvm_init_nv_sysregs(struct kvm_vcpu *vcpu); +u64 limit_nv_id_reg(struct kvm *kvm, u32 reg, u64 val); #ifdef CONFIG_ARM64_PTR_AUTH bool kvm_auth_eretax(struct kvm_vcpu *vcpu, u64 *elr); diff --git a/arch/arm64/kvm/nested.c b/arch/arm64/kvm/nested.c index 2cc82e69ab523..96d1d300e79f9 100644 --- a/arch/arm64/kvm/nested.c +++ b/arch/arm64/kvm/nested.c @@ -804,7 +804,7 @@ void kvm_arch_flush_shadow_all(struct kvm *kvm) * This list should get updated as new features get added to the NV * support, and new extension to the architecture. */ -static u64 limit_nv_id_reg(struct kvm *kvm, u32 reg, u64 val) +u64 limit_nv_id_reg(struct kvm *kvm, u32 reg, u64 val) { switch (reg) { case SYS_ID_AA64ISAR0_EL1: @@ -929,47 +929,6 @@ static u64 limit_nv_id_reg(struct kvm *kvm, u32 reg, u64 val) return val; } -static void limit_nv_id_regs(struct kvm *kvm) -{ - u64 val; - - val = kvm_read_vm_id_reg(kvm, SYS_ID_AA64ISAR0_EL1); - val = limit_nv_id_reg(kvm, SYS_ID_AA64ISAR0_EL1, val); - kvm_set_vm_id_reg(kvm, SYS_ID_AA64ISAR0_EL1, val); - - val = kvm_read_vm_id_reg(kvm, SYS_ID_AA64ISAR1_EL1); - val = limit_nv_id_reg(kvm, SYS_ID_AA64ISAR1_EL1, val); - kvm_set_vm_id_reg(kvm, SYS_ID_AA64ISAR1_EL1, val); - - val = kvm_read_vm_id_reg(kvm, SYS_ID_AA64PFR0_EL1); - val = limit_nv_id_reg(kvm, SYS_ID_AA64PFR0_EL1, val); - kvm_set_vm_id_reg(kvm, SYS_ID_AA64PFR0_EL1, val); - - val = kvm_read_vm_id_reg(kvm, SYS_ID_AA64PFR1_EL1); - val = limit_nv_id_reg(kvm, SYS_ID_AA64PFR1_EL1, val); - kvm_set_vm_id_reg(kvm, SYS_ID_AA64PFR1_EL1, val); - - val = kvm_read_vm_id_reg(kvm, SYS_ID_AA64MMFR0_EL1); - val = limit_nv_id_reg(kvm, SYS_ID_AA64MMFR0_EL1, val); - kvm_set_vm_id_reg(kvm, SYS_ID_AA64MMFR0_EL1, val); - - val = kvm_read_vm_id_reg(kvm, SYS_ID_AA64MMFR1_EL1); - val = limit_nv_id_reg(kvm, SYS_ID_AA64MMFR1_EL1, val); - kvm_set_vm_id_reg(kvm, SYS_ID_AA64MMFR1_EL1, val); - - val = kvm_read_vm_id_reg(kvm, SYS_ID_AA64MMFR2_EL1); - val = limit_nv_id_reg(kvm, SYS_ID_AA64MMFR2_EL1, val); - kvm_set_vm_id_reg(kvm, SYS_ID_AA64MMFR2_EL1, val); - - val = kvm_read_vm_id_reg(kvm, SYS_ID_AA64MMFR4_EL1); - val = limit_nv_id_reg(kvm, SYS_ID_AA64MMFR4_EL1, val); - kvm_set_vm_id_reg(kvm, SYS_ID_AA64MMFR4_EL1, val); - - val = kvm_read_vm_id_reg(kvm, SYS_ID_AA64DFR0_EL1); - val = limit_nv_id_reg(kvm, SYS_ID_AA64DFR0_EL1, val); - kvm_set_vm_id_reg(kvm, SYS_ID_AA64DFR0_EL1, val); -} - u64 kvm_vcpu_apply_reg_masks(const struct kvm_vcpu *vcpu, enum vcpu_sysreg sr, u64 v) { @@ -1014,8 +973,6 @@ int kvm_init_nv_sysregs(struct kvm_vcpu *vcpu) if (!kvm->arch.sysreg_masks) return -ENOMEM; - limit_nv_id_regs(kvm); - /* VTTBR_EL2 */ res0 = res1 = 0; if (!kvm_has_feat_enum(kvm, ID_AA64MMFR1_EL1, VMIDBits, 16)) diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c index d14daadb8a7c0..87f165289fb9f 100644 --- a/arch/arm64/kvm/sys_regs.c +++ b/arch/arm64/kvm/sys_regs.c @@ -1638,6 +1638,9 @@ static u64 __kvm_read_sanitised_id_reg(const struct kvm_vcpu *vcpu, break; } + if (vcpu_has_nv(vcpu)) + val = limit_nv_id_reg(vcpu->kvm, id, val); + return val; } From patchwork Thu Feb 20 13:49:03 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marc Zyngier X-Patchwork-Id: 13983998 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CD1B71E5B9D; Thu, 20 Feb 2025 13:49:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740059355; cv=none; b=U6+DC5b8mTQ0/3rQRHgywYy7ZqqlxrerIpnFFaT/Ayy7yxq0Xnzvo/wcvMsWqMU+XQBevivRbnLUQGOXLaoRd7NcLbKXsaTp1TWac+OKsV/ti2KN7t90qWkRqyjACLy0l6jsS9smN+yLGCnImJ+gl5rfeV2lOtQ+V5pLKMgqrqU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740059355; c=relaxed/simple; bh=Cptvvdg58Mif3ou0/tPyf1Nbz5VIb9W2RdSQkk+mm0A=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=CoHr6eCw3Nr4f9FtWQEs/DDzEAj6f3E8D1oPh+Dq+1c7Kmqqupt5CDHbSJ7Ecxmefeq81t31J81A4bKAdRsm9OzQ1s5pDOJQL0/g/HfBd0Vu3+cUwYxvNSnWahq4p49p+Ajj5V6NAnJ0fIZTgI0HTKFThCZNvv+uT9+RUv0MyqM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=s6wwEOnu; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="s6wwEOnu" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 57FC2C4CEE2; Thu, 20 Feb 2025 13:49:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1740059355; bh=Cptvvdg58Mif3ou0/tPyf1Nbz5VIb9W2RdSQkk+mm0A=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=s6wwEOnu+1WfeswTlWT8YKjD4yPv2MymZH39RYcqZteurXcUW7IxTtWBG1tLGEvqJ u4AHbTmsvLEZoVaLLG5lotgVx1zST5i1iwcRFnuNTsfAJiNQT4TkpptaZIdsslKFfz xEsWzm0Fiu11BY6e+zpYwecN7ymIHu7RTWt/BpuedO+8sSx6vsdBPn2ndjhmFyGDFn PkDiCVuu0u0L1HKXUCAiNpDdIiFJ2Dzssgkwt0N6xDscCId5sHtwAhjirhFu3opzxj +dG/fCeeKK0yUED3bCiMHtQ78pSPua7eBGBZn7tWccjI3Q3s4umij9bT8h2BBLXEeD i0Zl9R/VtahRw== Received: from sofa.misterjones.org ([185.219.108.64] helo=valley-girl.lan) by disco-boy.misterjones.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1tl6vR-006DXp-Ij; Thu, 20 Feb 2025 13:49:13 +0000 From: Marc Zyngier To: kvmarm@lists.linux.dev, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org Cc: Joey Gouly , Suzuki K Poulose , Oliver Upton , Zenghui Yu , Eric Auger , gankulkarni@os.amperecomputing.com Subject: [PATCH v2 10/14] KVM: arm64: Allow userspace to limit NV support to nVHE Date: Thu, 20 Feb 2025 13:49:03 +0000 Message-Id: <20250220134907.554085-11-maz@kernel.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20250220134907.554085-1-maz@kernel.org> References: <20250220134907.554085-1-maz@kernel.org> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-SA-Exim-Connect-IP: 185.219.108.64 X-SA-Exim-Rcpt-To: kvmarm@lists.linux.dev, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org, joey.gouly@arm.com, suzuki.poulose@arm.com, oliver.upton@linux.dev, yuzenghui@huawei.com, eric.auger@redhat.com, gankulkarni@os.amperecomputing.com X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false NV is hard. No kidding. In order to make things simpler, we have established that NV would support two mutually exclusive configurations: - VHE-only, and supporting recursive virtualisation - mVHE-only, and not supporting recursive virtualisation For that purpose, introduce a new vcpu feature flag that denotes the second configuration. We use this flag to limit the idregs further. Signed-off-by: Marc Zyngier --- arch/arm64/include/uapi/asm/kvm.h | 1 + arch/arm64/kvm/nested.c | 28 ++++++++++++++++++++++++++-- 2 files changed, 27 insertions(+), 2 deletions(-) diff --git a/arch/arm64/include/uapi/asm/kvm.h b/arch/arm64/include/uapi/asm/kvm.h index 568bf858f3198..3bcab2a106c98 100644 --- a/arch/arm64/include/uapi/asm/kvm.h +++ b/arch/arm64/include/uapi/asm/kvm.h @@ -105,6 +105,7 @@ struct kvm_regs { #define KVM_ARM_VCPU_PTRAUTH_ADDRESS 5 /* VCPU uses address authentication */ #define KVM_ARM_VCPU_PTRAUTH_GENERIC 6 /* VCPU uses generic authentication */ #define KVM_ARM_VCPU_HAS_EL2 7 /* Support nested virtualization */ +#define KVM_ARM_VCPU_HAS_EL2_E2H0 8 /* Limit NV support to E2H RES0 */ struct kvm_vcpu_init { __u32 target; diff --git a/arch/arm64/kvm/nested.c b/arch/arm64/kvm/nested.c index 96d1d300e79f9..5ec5acb6310e9 100644 --- a/arch/arm64/kvm/nested.c +++ b/arch/arm64/kvm/nested.c @@ -51,6 +51,10 @@ int kvm_vcpu_init_nested(struct kvm_vcpu *vcpu) struct kvm_s2_mmu *tmp; int num_mmus, ret = 0; + if (test_bit(KVM_ARM_VCPU_HAS_EL2_E2H0, kvm->arch.vcpu_features) && + !cpus_have_final_cap(ARM64_HAS_HCR_NV1)) + return -EINVAL; + /* * Let's treat memory allocation failures as benign: If we fail to * allocate anything, return an error and keep the allocated array @@ -894,6 +898,9 @@ u64 limit_nv_id_reg(struct kvm *kvm, u32 reg, u64 val) ID_AA64MMFR1_EL1_HPDS | ID_AA64MMFR1_EL1_VH | ID_AA64MMFR1_EL1_VMIDBits); + /* FEAT_E2H0 implies no VHE */ + if (test_bit(KVM_ARM_VCPU_HAS_EL2_E2H0, kvm->arch.vcpu_features)) + val &= ~ID_AA64MMFR1_EL1_VH; break; case SYS_ID_AA64MMFR2_EL1: @@ -909,8 +916,25 @@ u64 limit_nv_id_reg(struct kvm *kvm, u32 reg, u64 val) break; case SYS_ID_AA64MMFR4_EL1: - val = SYS_FIELD_PREP_ENUM(ID_AA64MMFR4_EL1, NV_frac, NV2_ONLY); - val |= SYS_FIELD_PREP_ENUM(ID_AA64MMFR4_EL1, E2H0, NI_NV1); + /* + * You get EITHER + * + * - FEAT_VHE without FEAT_E2H0 + * - FEAT_NV limited to FEAT_NV2 + * - HCR_EL2.NV1 being RES0 + * + * OR + * + * - FEAT_E2H0 without FEAT_VHE nor FEAT_NV + * + * Life is too short for anything else. + */ + if (test_bit(KVM_ARM_VCPU_HAS_EL2_E2H0, kvm->arch.vcpu_features)) { + val = 0; + } else { + val = SYS_FIELD_PREP_ENUM(ID_AA64MMFR4_EL1, NV_frac, NV2_ONLY); + val |= SYS_FIELD_PREP_ENUM(ID_AA64MMFR4_EL1, E2H0, NI_NV1); + } break; case SYS_ID_AA64DFR0_EL1: From patchwork Thu Feb 20 13:49:04 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marc Zyngier X-Patchwork-Id: 13983997 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9CA661FC7C1; Thu, 20 Feb 2025 13:49:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740059355; cv=none; b=mqZRK1by9BeLo6NN0NRrKar1Oplo29KMl/uN4EG68kl17p2hWRF9plWsq26573g8N1eRLYHrSPnbsfC5H9L158UBN+RkL3xTaBKf+LlBYzfrujlZvvcBMMef6n1Rg1eCtrSSCRKV6pO1iT0BwpL64JzYlrTTqy5+LtPw0R0peRk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740059355; c=relaxed/simple; bh=XPusa/GmQMNqrhdWCp6rHpZE8+86Ko8D1+HDlpC47Ks=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=I/fEbMQcM5LNPKznaEW8PsA9YNxevt4ADML675rWXxGZoF+vxMbLbiz7x+cLqJgTO2uacAa4HO8moJgxloko6OT79RD3I1we0s//3eyyLRdWWUWdpGlRtvjTpmDDmgx+R7PFniIogF8RQXMduM5dAdSlsu/16IR5n6sOMEanABE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=Z3+CA5w2; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="Z3+CA5w2" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 80329C4CEED; Thu, 20 Feb 2025 13:49:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1740059355; bh=XPusa/GmQMNqrhdWCp6rHpZE8+86Ko8D1+HDlpC47Ks=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Z3+CA5w2wo+D8OkEMEQJS6XhdrRz7RieBN0Jb2vJRZIR92i3OiHpq7VtmgHtO/oQF GKyYTbh9axo6Kgxex+rMUbp0TsCM8ruMMALh9i61VchNWrqYez9jR39fPAfIRuYDW9 JBuErhNImtDb8FFhp1JBACGRQfuxiggk9nCXwFkRMJ5Ddi7sWXkMyRkoJB6xBHlF6q 3elWoEcBONi69Qm4+AJupZmLpIYTLlX6v6wK38+cdYn/Nx5tUgL+iS1lu2YITp7kV4 x9CK+TNk5490nm0S/ynN5++qgAXL+ni+YvP/BMMZLo1I4RbVd+3WQpIEDhqpM2BAEw C1/W4DePHICXA== Received: from sofa.misterjones.org ([185.219.108.64] helo=valley-girl.lan) by disco-boy.misterjones.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1tl6vR-006DXp-Oh; Thu, 20 Feb 2025 13:49:13 +0000 From: Marc Zyngier To: kvmarm@lists.linux.dev, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org Cc: Joey Gouly , Suzuki K Poulose , Oliver Upton , Zenghui Yu , Eric Auger , gankulkarni@os.amperecomputing.com Subject: [PATCH v2 11/14] KVM: arm64: Make ID_AA64MMFR4_EL1.NV_frac writable Date: Thu, 20 Feb 2025 13:49:04 +0000 Message-Id: <20250220134907.554085-12-maz@kernel.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20250220134907.554085-1-maz@kernel.org> References: <20250220134907.554085-1-maz@kernel.org> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-SA-Exim-Connect-IP: 185.219.108.64 X-SA-Exim-Rcpt-To: kvmarm@lists.linux.dev, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org, joey.gouly@arm.com, suzuki.poulose@arm.com, oliver.upton@linux.dev, yuzenghui@huawei.com, eric.auger@redhat.com, gankulkarni@os.amperecomputing.com X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false We want to make sure that it is possible for userspace to configure whether recursive NV is possible. Make NV_frac writable for that purpose. Signed-off-by: Marc Zyngier --- arch/arm64/kvm/sys_regs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c index 87f165289fb9f..5de542b045ac8 100644 --- a/arch/arm64/kvm/sys_regs.c +++ b/arch/arm64/kvm/sys_regs.c @@ -2666,7 +2666,7 @@ static const struct sys_reg_desc sys_reg_descs[] = { ID_WRITABLE(ID_AA64MMFR3_EL1, (ID_AA64MMFR3_EL1_TCRX | ID_AA64MMFR3_EL1_S1PIE | ID_AA64MMFR3_EL1_S1POE)), - ID_SANITISED(ID_AA64MMFR4_EL1), + ID_WRITABLE(ID_AA64MMFR4_EL1, ID_AA64MMFR4_EL1_NV_frac), ID_UNALLOCATED(7,5), ID_UNALLOCATED(7,6), ID_UNALLOCATED(7,7), From patchwork Thu Feb 20 13:49:05 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marc Zyngier X-Patchwork-Id: 13984000 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 308591FCFF0; Thu, 20 Feb 2025 13:49:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740059356; cv=none; b=lk984GEy7UwlBo8xUcuMExvEJBVailt0WNwuogm/I6qciRIUAtI8o4j5hkFbBsg5eEc9qS+8sLNX/FuXg2/yP2nUwOAsZg8gfwB4puX1thJJXwNfEmvpx8JGjOhlSIrtqOQCnrC8KZ4wOkCly2ECDYV3lcvbzYdEY+fT2mKKwOY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740059356; c=relaxed/simple; bh=l6/K3TgHqFMCERF5V5TBAO9LtyJHG0zZIRxuUinA74M=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=snXWd0dOAoaf8p/R4L0Qm3BVv9GeFWp+zB89PqPOsn0Dr9MVg3KSbi3aP6VDwE3l0fPKwFUKgyH8Il/axWypvIgw9lw43wCuOlXS6lNnxk0wvVC5T3e9u6qb1+mIhGLK2uiP8q2XukAXNBPYlo7YBNiBWKap0CIrec5SRd504Q4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=L5j8g6Mo; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="L5j8g6Mo" Received: by smtp.kernel.org (Postfix) with ESMTPSA id AAB7CC4CEE8; Thu, 20 Feb 2025 13:49:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1740059355; bh=l6/K3TgHqFMCERF5V5TBAO9LtyJHG0zZIRxuUinA74M=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=L5j8g6MotW9B6VRczEP/rJSMp2qFv5aoukQHV67ZTOz9JYZUOdR+DFsLI8NelAlXh xB0iAuMFzRrE1Xv7I+9p4lzysoCJbZBHu5OJlTeqTMRo0Fb+Kd3qZZceJoVWdU684e VOItSdR7ukVPwk9Td16MzNiBQztdbbttWUhWgbplxL5KMKHhiVU27GVpRhntMvx/Ku hHJYljRLqc73efr0wlW822gKOYt9Mp+Ymm9LMEVonDP98WU7ug1OJZO1S1rjpK4bgX yAB10Xfor18INIyuJN9k3xRJ/+0e7ffpP2PaK72/K1fSBerubcg6n0QTUz4PUuXor8 hRa38VWZQNGWA== Received: from sofa.misterjones.org ([185.219.108.64] helo=valley-girl.lan) by disco-boy.misterjones.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1tl6vR-006DXp-VR; Thu, 20 Feb 2025 13:49:14 +0000 From: Marc Zyngier To: kvmarm@lists.linux.dev, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org Cc: Joey Gouly , Suzuki K Poulose , Oliver Upton , Zenghui Yu , Eric Auger , gankulkarni@os.amperecomputing.com Subject: [PATCH v2 12/14] KVM: arm64: Advertise FEAT_ECV when possible Date: Thu, 20 Feb 2025 13:49:05 +0000 Message-Id: <20250220134907.554085-13-maz@kernel.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20250220134907.554085-1-maz@kernel.org> References: <20250220134907.554085-1-maz@kernel.org> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-SA-Exim-Connect-IP: 185.219.108.64 X-SA-Exim-Rcpt-To: kvmarm@lists.linux.dev, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org, joey.gouly@arm.com, suzuki.poulose@arm.com, oliver.upton@linux.dev, yuzenghui@huawei.com, eric.auger@redhat.com, gankulkarni@os.amperecomputing.com X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false We can advertise support for FEAT_ECV if supported on the HW as long as we limit it to the basic trap bits, and not advertise CNTPOFF_EL2 support, even if the host has it (the short story being that CNTPOFF_EL2 is not virtualisable). Signed-off-by: Marc Zyngier --- arch/arm64/kvm/nested.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/arch/arm64/kvm/nested.c b/arch/arm64/kvm/nested.c index 5ec5acb6310e9..d55c296fcb27a 100644 --- a/arch/arm64/kvm/nested.c +++ b/arch/arm64/kvm/nested.c @@ -848,14 +848,16 @@ u64 limit_nv_id_reg(struct kvm *kvm, u32 reg, u64 val) break; case SYS_ID_AA64MMFR0_EL1: - /* Hide ECV, ExS, Secure Memory */ - val &= ~(ID_AA64MMFR0_EL1_EVC | - ID_AA64MMFR0_EL1_EXS | + /* Hide ExS, Secure Memory */ + val &= ~(ID_AA64MMFR0_EL1_EXS | ID_AA64MMFR0_EL1_TGRAN4_2 | ID_AA64MMFR0_EL1_TGRAN16_2 | ID_AA64MMFR0_EL1_TGRAN64_2 | ID_AA64MMFR0_EL1_SNSMEM); + /* Hide CNTPOFF if present */ + val = ID_REG_LIMIT_FIELD_ENUM(val, ID_AA64MMFR0_EL1, ECV, IMP); + /* Disallow unsupported S2 page sizes */ switch (PAGE_SIZE) { case SZ_64K: From patchwork Thu Feb 20 13:49:06 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marc Zyngier X-Patchwork-Id: 13983999 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 03E1D1FCF72; Thu, 20 Feb 2025 13:49:16 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740059356; cv=none; b=eY7Jv+QLxZafVOrvADxs578UF020+nW5qWM4Ov2Pu+Jez8Hrj3rxGz8iqhUW12BtvDBvV2lBXlM2gE1x4EPvAbuVcJYv+6wNniCYxNV6ss3nueJR5XlVlJuWm0rb93fQfRgPtzTx7HIMB1+rAjzOMdM5B4/ShOWvULlYh0TrRKI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740059356; c=relaxed/simple; bh=y7O1hHzcPZT/DmHmjE6yXWnVnGZsmfoF2G8xDlrEQ4E=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=WTlUgr5MXDEwqzXQ91Npli/m7i4kzHO19igSHEqc3L/RCU3wQPUvJsiFzQ2L1IIFJmesfJbtoZsoyiI1BvfkAkVK3qxjf8BUsfk3GL2B0aZGjq/uwcr46l0vvBL8ApXSbha+fshK6IehqCWeWwc2rZ7PDHg/XlAxlMBfldg1teM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=kdjD2Y1D; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="kdjD2Y1D" Received: by smtp.kernel.org (Postfix) with ESMTPSA id DC42AC4CEE3; Thu, 20 Feb 2025 13:49:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1740059355; bh=y7O1hHzcPZT/DmHmjE6yXWnVnGZsmfoF2G8xDlrEQ4E=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=kdjD2Y1DijYW+oiBI5oGeg35yFJTGjGwYyMyBkOfPQVBFNTdmt/Nw7VhY5vnihvBB A8aboI/hT+/luIJcdmN3AKH+yTWjUd6C870KXVnAWHotJCRfiMAJETaj9pktr09biU NLaS9jBY7DUCmyqHIrk/wjamsvGZKYaCxbJqix+yfgH7ygujycQ1WheusgWkTHTCKx INZmXDSoV5o6ILXdBPDjMpmyMAd8Y7io4lezlhOHmox+7pGVmW+gKs24x9Mj/P2jZc 8NYHfGJlbfNfARwWuFAGN9qKa6iv1lAxawuyluu0CJ7klhDR6TdC0yQqP7jQkkz7UY X9bB0DFkArSRg== Received: from sofa.misterjones.org ([185.219.108.64] helo=valley-girl.lan) by disco-boy.misterjones.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1tl6vS-006DXp-52; Thu, 20 Feb 2025 13:49:14 +0000 From: Marc Zyngier To: kvmarm@lists.linux.dev, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org Cc: Joey Gouly , Suzuki K Poulose , Oliver Upton , Zenghui Yu , Eric Auger , gankulkarni@os.amperecomputing.com Subject: [PATCH v2 13/14] KVM: arm64: Allow userspace to request KVM_ARM_VCPU_EL2* Date: Thu, 20 Feb 2025 13:49:06 +0000 Message-Id: <20250220134907.554085-14-maz@kernel.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20250220134907.554085-1-maz@kernel.org> References: <20250220134907.554085-1-maz@kernel.org> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-SA-Exim-Connect-IP: 185.219.108.64 X-SA-Exim-Rcpt-To: kvmarm@lists.linux.dev, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org, joey.gouly@arm.com, suzuki.poulose@arm.com, oliver.upton@linux.dev, yuzenghui@huawei.com, eric.auger@redhat.com, gankulkarni@os.amperecomputing.com X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false Since we're (almost) feature complete, let's allow userspace to request KVM_ARM_VCPU_EL2* by bumping KVM_VCPU_MAX_FEATURES up. We also now advertise the features to userspace with new capabilities. It's going to be great... Reviewed-by: Oliver Upton Signed-off-by: Marc Zyngier --- arch/arm64/include/asm/kvm_host.h | 2 +- arch/arm64/kvm/arm.c | 6 ++++++ include/uapi/linux/kvm.h | 2 ++ 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h index 3a7ec98ef1238..e6b9a601258fd 100644 --- a/arch/arm64/include/asm/kvm_host.h +++ b/arch/arm64/include/asm/kvm_host.h @@ -39,7 +39,7 @@ #define KVM_MAX_VCPUS VGIC_V3_MAX_CPUS -#define KVM_VCPU_MAX_FEATURES 7 +#define KVM_VCPU_MAX_FEATURES 9 #define KVM_VCPU_VALID_FEATURES (BIT(KVM_VCPU_MAX_FEATURES) - 1) #define KVM_REQ_SLEEP \ diff --git a/arch/arm64/kvm/arm.c b/arch/arm64/kvm/arm.c index 5ea09f13c7bc0..1bc79f9e5b23a 100644 --- a/arch/arm64/kvm/arm.c +++ b/arch/arm64/kvm/arm.c @@ -359,6 +359,12 @@ int kvm_vm_ioctl_check_extension(struct kvm *kvm, long ext) case KVM_CAP_ARM_EL1_32BIT: r = cpus_have_final_cap(ARM64_HAS_32BIT_EL1); break; + case KVM_CAP_ARM_EL2: + r = cpus_have_final_cap(ARM64_HAS_NESTED_VIRT); + break; + case KVM_CAP_ARM_EL2_E2H0: + r = cpus_have_final_cap(ARM64_HAS_HCR_NV1); + break; case KVM_CAP_GUEST_DEBUG_HW_BPS: r = get_num_brps(); break; diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index 45e6d8fca9b99..9a6674f51b8be 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -929,6 +929,8 @@ struct kvm_enable_cap { #define KVM_CAP_PRE_FAULT_MEMORY 236 #define KVM_CAP_X86_APIC_BUS_CYCLES_NS 237 #define KVM_CAP_X86_GUEST_MODE 238 +#define KVM_CAP_ARM_EL2 239 +#define KVM_CAP_ARM_EL2_E2H0 240 struct kvm_irq_routing_irqchip { __u32 irqchip; From patchwork Thu Feb 20 13:49:07 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marc Zyngier X-Patchwork-Id: 13984001 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 445361FDA83; Thu, 20 Feb 2025 13:49:16 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740059356; cv=none; b=Qy02oRAf77VzBBhqu7D1RIMvK3KxGF3Rf/WiBLBHYOrpNkU1j9Of6IDQ8sUnJSKGjmnY6nUduF9uUwYoLGWj4+vcdLUj3TmTlduqW8yhMyicyD5oDVIqp7/oy38c6AKNw59JLs3j6QJuNo9htZ/PCN0i618UYDcPKbP2jGSEy6Q= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740059356; c=relaxed/simple; bh=ckzaA4fe/De/c/C7LV9KPu2PIvf0ztKKIvtA/g3YrnU=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=ASlAKv+X7788e7gU1axEkb8RbxFJV0ZjbtKj8eTGXgzjg6Y0zLKyXAg1UZDQYt/e6IZ3pbWa2TpLUgI2HP/knfeVADLw5SCCp5Ja42wY8UXY3exCBpSF4iNfUsp/7k9vbkstybsM2XgQkfwV4jl6+k48+g0IbiYx4l3eyPv8m5A= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=B6V7mlwP; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="B6V7mlwP" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 261DDC4CED1; Thu, 20 Feb 2025 13:49:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1740059356; bh=ckzaA4fe/De/c/C7LV9KPu2PIvf0ztKKIvtA/g3YrnU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=B6V7mlwPR//Kznj54B6u0iavm0DW0OzTlBEdfOLJvsE+XWE5Dbf/FYy755Zsbti5H RlYbu8gnNeX1otzX/y0LTyHAD4Y2X6ckwPIg3i+ySOLVtOwrJg/DPQZSajf2jGiVxs 2zTIRFzC24SATnblSH/uW1XuMKMcNiXGc5A7Uvsg9J6kWL0G8NfAH+Cs6HUDv/QW6q dV7ZMGbBxdLXGzFblKzLkJHU6p04TxKEOpI/LZmicNFqfGzQF/Bnf3I/Hk/36avOOp GE3CjEOAWERxtmJVPJ/e7qMskQ4cZruHSHlq+MiSA/iH0Ugn+3EN7FhoSpK8Ki597w UyXy99cyvhfZQ== Received: from sofa.misterjones.org ([185.219.108.64] helo=valley-girl.lan) by disco-boy.misterjones.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1tl6vS-006DXp-BF; Thu, 20 Feb 2025 13:49:14 +0000 From: Marc Zyngier To: kvmarm@lists.linux.dev, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org Cc: Joey Gouly , Suzuki K Poulose , Oliver Upton , Zenghui Yu , Eric Auger , gankulkarni@os.amperecomputing.com Subject: [PATCH v2 14/14] KVM: arm64: Document NV caps and vcpu flags Date: Thu, 20 Feb 2025 13:49:07 +0000 Message-Id: <20250220134907.554085-15-maz@kernel.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20250220134907.554085-1-maz@kernel.org> References: <20250220134907.554085-1-maz@kernel.org> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-SA-Exim-Connect-IP: 185.219.108.64 X-SA-Exim-Rcpt-To: kvmarm@lists.linux.dev, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org, joey.gouly@arm.com, suzuki.poulose@arm.com, oliver.upton@linux.dev, yuzenghui@huawei.com, eric.auger@redhat.com, gankulkarni@os.amperecomputing.com X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false Describe the two new vcpu flags that control NV, together with the capabilities that advertise them. Reviewed-by: Oliver Upton Signed-off-by: Marc Zyngier --- Documentation/virt/kvm/api.rst | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/Documentation/virt/kvm/api.rst b/Documentation/virt/kvm/api.rst index 2b52eb77e29cb..2d7b516ae408d 100644 --- a/Documentation/virt/kvm/api.rst +++ b/Documentation/virt/kvm/api.rst @@ -3456,7 +3456,8 @@ The initial values are defined as: - FPSIMD/NEON registers: set to 0 - SVE registers: set to 0 - System registers: Reset to their architecturally defined - values as for a warm reset to EL1 (resp. SVC) + values as for a warm reset to EL1 (resp. SVC) or EL2 (in the + case of EL2 being enabled). Note that because some registers reflect machine topology, all vcpus should be created before this ioctl is invoked. @@ -3523,6 +3524,17 @@ Possible features: - the KVM_REG_ARM64_SVE_VLS pseudo-register is immutable, and can no longer be written using KVM_SET_ONE_REG. + - KVM_ARM_VCPU_HAS_EL2: Enable Nested Virtualisation support, + booting the guest from EL2 instead of EL1. + Depends on KVM_CAP_ARM_EL2. + The VM is running with HCR_EL2.E2H being RES1 (VHE) unless + KVM_ARM_VCPU_HAS_EL2_E2H0 is also set. + + - KVM_ARM_VCPU_HAS_EL2_E2H0: Restrict Nested Virtualisation + support to HCR_EL2.E2H being RES0 (non-VHE). + Depends on KVM_CAP_ARM_EL2_E2H0. + KVM_ARM_VCPU_HAS_EL2 must also be set. + 4.83 KVM_ARM_PREFERRED_TARGET -----------------------------