From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-26.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT,USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A1A3AC4332F for ; Wed, 22 Sep 2021 12:47:38 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 8065B60F13 for ; Wed, 22 Sep 2021 12:47:38 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236144AbhIVMtH (ORCPT ); Wed, 22 Sep 2021 08:49:07 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60854 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236158AbhIVMtA (ORCPT ); Wed, 22 Sep 2021 08:49:00 -0400 Received: from mail-qt1-x84a.google.com (mail-qt1-x84a.google.com [IPv6:2607:f8b0:4864:20::84a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 943E9C061574 for ; Wed, 22 Sep 2021 05:47:30 -0700 (PDT) Received: by mail-qt1-x84a.google.com with SMTP id x28-20020ac8701c000000b0029f4b940566so8227252qtm.19 for ; Wed, 22 Sep 2021 05:47:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=fhuyzDrWVkEjtHzFzN+Fx6ExKEiC8uquGig/dbG3Bns=; b=nC1xPUxkO/dCfs8FVpTPJ8s8ewk2VV5qT2a4qephLr4t+EZ5A/JCaPLQIOMf+T4A/F HD3I6c8yXTN2Z1GmvjAB9kHrih+iGQhAnSj1eKpqqyjbYMxx5FzYKn/LNr25KlV8WOU7 CcDVOxXpkPE/wH4yhdOaoYTeBKhVu3k7Xpbf8LOWTzYwQTU5G11agDQnhZ993/d6nOuo e1Zutmt0OI78WrqGYEv1VInt2IpLFMQGCTIjv7vJxx231AmMFGbcOlYGjkTYsksFY5tn byC+9fZxDfQkQ2z8VdC1X5jVwHcf9KuiWm1qDyHW9xbjqQ1JBPkX9mywJExzn54KfSYI j6kg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=fhuyzDrWVkEjtHzFzN+Fx6ExKEiC8uquGig/dbG3Bns=; b=C/ohPLFHsSQHnZRYnhV4R2vE0ZaFU8It1frxpMxHbeASs5UsRxtJPayjnV4ipIQiei mF00dW8CzK/sWdlykiJ8A36pGjzn2Lu18zP4HtGWvziRallQdAsc+cFyHxNjo4IAH3sy MCRY72ln688A+2e/aFMY3CLPAZr7qR+b3Hyr1g04x5/jYz5HFMFJ7NhygkwFubxzEeMP RCA4/WmvPx1jlyybLQLgYWGJ1DvTbotJY1yYLDaOZAWet+ZssAUWMJVWiR7OZiVAo4d+ nSNyj3qAeUdn42qmRZgbjQs7XKjJqo6WIfoGzHfZYSB9arJzzPO+KbETA59MuKFDk4Kq /Fqg== X-Gm-Message-State: AOAM532Ljbr7mbpA+o2AMPEq8e8UzmXtIWDX/zBlgHVEPKvrt5sDyn0F 8kbJL3qNA3CnibP/g5xhsJ3OCXZYjg== X-Google-Smtp-Source: ABdhPJxbrBtZRxlrZyFXhw9pE2+iVlXS5BSDuMMG1cQhJ1gtaZoBRAu5TJ0pEsjLM6ux6doDiNfYq5ulMg== X-Received: from tabba.c.googlers.com ([fda3:e722:ac3:cc00:28:9cb1:c0a8:482]) (user=tabba job=sendgmr) by 2002:ad4:556d:: with SMTP id w13mr8188690qvy.4.1632314849777; Wed, 22 Sep 2021 05:47:29 -0700 (PDT) Date: Wed, 22 Sep 2021 13:47:03 +0100 In-Reply-To: <20210922124704.600087-1-tabba@google.com> Message-Id: <20210922124704.600087-12-tabba@google.com> Mime-Version: 1.0 References: <20210922124704.600087-1-tabba@google.com> X-Mailer: git-send-email 2.33.0.464.g1972c5931b-goog Subject: [PATCH v6 11/12] KVM: arm64: Trap access to pVM restricted features From: Fuad Tabba To: kvmarm@lists.cs.columbia.edu Cc: maz@kernel.org, will@kernel.org, james.morse@arm.com, alexandru.elisei@arm.com, suzuki.poulose@arm.com, mark.rutland@arm.com, christoffer.dall@arm.com, pbonzini@redhat.com, drjones@redhat.com, oupton@google.com, qperret@google.com, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org, kernel-team@android.com, tabba@google.com Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org Trap accesses to restricted features for VMs running in protected mode. Access to feature registers are emulated, and only supported features are exposed to protected VMs. Accesses to restricted registers as well as restricted instructions are trapped, and an undefined exception is injected into the protected guests, i.e., with EC = 0x0 (unknown reason). This EC is the one used, according to the Arm Architecture Reference Manual, for unallocated or undefined system registers or instructions. Only affects the functionality of protected VMs. Otherwise, should not affect non-protected VMs when KVM is running in protected mode. Signed-off-by: Fuad Tabba --- arch/arm64/kvm/hyp/nvhe/switch.c | 60 ++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) diff --git a/arch/arm64/kvm/hyp/nvhe/switch.c b/arch/arm64/kvm/hyp/nvhe/switch.c index 49080c607838..2bf5952f651b 100644 --- a/arch/arm64/kvm/hyp/nvhe/switch.c +++ b/arch/arm64/kvm/hyp/nvhe/switch.c @@ -20,6 +20,7 @@ #include #include #include +#include #include #include #include @@ -28,6 +29,7 @@ #include #include +#include /* Non-VHE specific context */ DEFINE_PER_CPU(struct kvm_host_data, kvm_host_data); @@ -158,6 +160,49 @@ static void __pmu_switch_to_host(struct kvm_cpu_context *host_ctxt) write_sysreg(pmu->events_host, pmcntenset_el0); } +/** + * Handler for protected VM restricted exceptions. + * + * Inject an undefined exception into the guest and return true to indicate that + * the hypervisor has handled the exit, and control should go back to the guest. + */ +static bool kvm_handle_pvm_restricted(struct kvm_vcpu *vcpu, u64 *exit_code) +{ + __inject_undef64(vcpu); + return true; +} + +/** + * Handler for protected VM MSR, MRS or System instruction execution in AArch64. + * + * Returns true if the hypervisor has handled the exit, and control should go + * back to the guest, or false if it hasn't. + */ +static bool kvm_handle_pvm_sys64(struct kvm_vcpu *vcpu, u64 *exit_code) +{ + if (kvm_handle_pvm_sysreg(vcpu, exit_code)) + return true; + else + return kvm_hyp_handle_sysreg(vcpu, exit_code); +} + +/** + * Handler for protected floating-point and Advanced SIMD accesses. + * + * Returns true if the hypervisor has handled the exit, and control should go + * back to the guest, or false if it hasn't. + */ +static bool kvm_handle_pvm_fpsimd(struct kvm_vcpu *vcpu, u64 *exit_code) +{ + /* Linux guests assume support for floating-point and Advanced SIMD. */ + BUILD_BUG_ON(!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR0_FP), + PVM_ID_AA64PFR0_ALLOW)); + BUILD_BUG_ON(!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR0_ASIMD), + PVM_ID_AA64PFR0_ALLOW)); + + return kvm_hyp_handle_fpsimd(vcpu, exit_code); +} + static const exit_handler_fn hyp_exit_handlers[] = { [0 ... ESR_ELx_EC_MAX] = NULL, [ESR_ELx_EC_CP15_32] = kvm_hyp_handle_cp15, @@ -170,8 +215,23 @@ static const exit_handler_fn hyp_exit_handlers[] = { [ESR_ELx_EC_PAC] = kvm_hyp_handle_ptrauth, }; +static const exit_handler_fn pvm_exit_handlers[] = { + [0 ... ESR_ELx_EC_MAX] = NULL, + [ESR_ELx_EC_CP15_32] = kvm_hyp_handle_cp15, + [ESR_ELx_EC_CP15_64] = kvm_hyp_handle_cp15, + [ESR_ELx_EC_SYS64] = kvm_handle_pvm_sys64, + [ESR_ELx_EC_SVE] = kvm_handle_pvm_restricted, + [ESR_ELx_EC_FP_ASIMD] = kvm_handle_pvm_fpsimd, + [ESR_ELx_EC_IABT_LOW] = kvm_hyp_handle_iabt_low, + [ESR_ELx_EC_DABT_LOW] = kvm_hyp_handle_dabt_low, + [ESR_ELx_EC_PAC] = kvm_hyp_handle_ptrauth, +}; + static const exit_handler_fn *kvm_get_exit_handler_array(struct kvm *kvm) { + if (unlikely(kvm_vm_is_protected(kvm))) + return pvm_exit_handlers; + return hyp_exit_handlers; } -- 2.33.0.464.g1972c5931b-goog From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.6 required=3.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED,DKIM_INVALID,DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 31B29C433FE for ; Wed, 22 Sep 2021 12:47:36 +0000 (UTC) Received: from mm01.cs.columbia.edu (mm01.cs.columbia.edu [128.59.11.253]) by mail.kernel.org (Postfix) with ESMTP id CB0CD61181 for ; Wed, 22 Sep 2021 12:47:35 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org CB0CD61181 Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=lists.cs.columbia.edu Received: from localhost (localhost [127.0.0.1]) by mm01.cs.columbia.edu (Postfix) with ESMTP id 7CDA84B0B8; Wed, 22 Sep 2021 08:47:35 -0400 (EDT) X-Virus-Scanned: at lists.cs.columbia.edu Authentication-Results: mm01.cs.columbia.edu (amavisd-new); dkim=softfail (fail, message has been altered) header.i=@google.com Received: from mm01.cs.columbia.edu ([127.0.0.1]) by localhost (mm01.cs.columbia.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XdWKdLBthjXZ; Wed, 22 Sep 2021 08:47:34 -0400 (EDT) Received: from mm01.cs.columbia.edu (localhost [127.0.0.1]) by mm01.cs.columbia.edu (Postfix) with ESMTP id 703734B0E7; Wed, 22 Sep 2021 08:47:34 -0400 (EDT) Received: from localhost (localhost [127.0.0.1]) by mm01.cs.columbia.edu (Postfix) with ESMTP id 4FEE94B0E2 for ; Wed, 22 Sep 2021 08:47:33 -0400 (EDT) X-Virus-Scanned: at lists.cs.columbia.edu Received: from mm01.cs.columbia.edu ([127.0.0.1]) by localhost (mm01.cs.columbia.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lu4W0nbgtikE for ; Wed, 22 Sep 2021 08:47:32 -0400 (EDT) Received: from mail-qv1-f74.google.com (mail-qv1-f74.google.com [209.85.219.74]) by mm01.cs.columbia.edu (Postfix) with ESMTPS id 2FD134B0C3 for ; Wed, 22 Sep 2021 08:47:30 -0400 (EDT) Received: by mail-qv1-f74.google.com with SMTP id w10-20020a0cb54a000000b0037a9848b92fso13149037qvd.0 for ; Wed, 22 Sep 2021 05:47:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=fhuyzDrWVkEjtHzFzN+Fx6ExKEiC8uquGig/dbG3Bns=; b=nC1xPUxkO/dCfs8FVpTPJ8s8ewk2VV5qT2a4qephLr4t+EZ5A/JCaPLQIOMf+T4A/F HD3I6c8yXTN2Z1GmvjAB9kHrih+iGQhAnSj1eKpqqyjbYMxx5FzYKn/LNr25KlV8WOU7 CcDVOxXpkPE/wH4yhdOaoYTeBKhVu3k7Xpbf8LOWTzYwQTU5G11agDQnhZ993/d6nOuo e1Zutmt0OI78WrqGYEv1VInt2IpLFMQGCTIjv7vJxx231AmMFGbcOlYGjkTYsksFY5tn byC+9fZxDfQkQ2z8VdC1X5jVwHcf9KuiWm1qDyHW9xbjqQ1JBPkX9mywJExzn54KfSYI j6kg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=fhuyzDrWVkEjtHzFzN+Fx6ExKEiC8uquGig/dbG3Bns=; b=mQgPBAY/fBOjfEOH7xCcb1N3CuHA2xR5Ss34hbkjGZlKK6Mpp11TgaRki48l95pkcr SIsEuF0nOGqQ9ZnC/aFD/2RTZiCNwGsmIG7CJBJjd/LG13ect+V0NUsUUlGf9mZK2UxA oJIGtbsCv6zNP8KVHpvc66wdyqt4k080dLI5jDBJ1LMY9iKmNyDhs6XKK8Ej099i2Ct5 5cMJj6CtgYUJrMlh96SVqLhlaPpKWdGVIkX2IMnFUB3Otn5q9LIjZslXfXS5s6r5RMG7 55JxQ+vl6p9VPjSIvqiiOTUv/Eq1md8LxxIFTxCbaBJMMh6w2aG8ivu1RnsfgT9dZTbk GHeA== X-Gm-Message-State: AOAM532G3lZMS39QvyrHJRFXTLKCTGij2v3FhPAqy/AmIbBGvW2vIEL3 jT/iMwqpvdc35SBoCOC0z8A0YKyONq597BVPXVemGhHAvQwUx5svN/Iwm1BUxqpmZ+1y58sf7At wvhEnjFQreeiCJnw4QNTtLiAvtQGwjclzrzZ6/hhAqOdoQ2c3VxuDXN6iEWTt82PGsEE= X-Google-Smtp-Source: ABdhPJxbrBtZRxlrZyFXhw9pE2+iVlXS5BSDuMMG1cQhJ1gtaZoBRAu5TJ0pEsjLM6ux6doDiNfYq5ulMg== X-Received: from tabba.c.googlers.com ([fda3:e722:ac3:cc00:28:9cb1:c0a8:482]) (user=tabba job=sendgmr) by 2002:ad4:556d:: with SMTP id w13mr8188690qvy.4.1632314849777; Wed, 22 Sep 2021 05:47:29 -0700 (PDT) Date: Wed, 22 Sep 2021 13:47:03 +0100 In-Reply-To: <20210922124704.600087-1-tabba@google.com> Message-Id: <20210922124704.600087-12-tabba@google.com> Mime-Version: 1.0 References: <20210922124704.600087-1-tabba@google.com> X-Mailer: git-send-email 2.33.0.464.g1972c5931b-goog Subject: [PATCH v6 11/12] KVM: arm64: Trap access to pVM restricted features From: Fuad Tabba To: kvmarm@lists.cs.columbia.edu Cc: kernel-team@android.com, kvm@vger.kernel.org, maz@kernel.org, pbonzini@redhat.com, will@kernel.org, linux-arm-kernel@lists.infradead.org X-BeenThere: kvmarm@lists.cs.columbia.edu X-Mailman-Version: 2.1.14 Precedence: list List-Id: Where KVM/ARM decisions are made List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: kvmarm-bounces@lists.cs.columbia.edu Sender: kvmarm-bounces@lists.cs.columbia.edu Trap accesses to restricted features for VMs running in protected mode. Access to feature registers are emulated, and only supported features are exposed to protected VMs. Accesses to restricted registers as well as restricted instructions are trapped, and an undefined exception is injected into the protected guests, i.e., with EC = 0x0 (unknown reason). This EC is the one used, according to the Arm Architecture Reference Manual, for unallocated or undefined system registers or instructions. Only affects the functionality of protected VMs. Otherwise, should not affect non-protected VMs when KVM is running in protected mode. Signed-off-by: Fuad Tabba --- arch/arm64/kvm/hyp/nvhe/switch.c | 60 ++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) diff --git a/arch/arm64/kvm/hyp/nvhe/switch.c b/arch/arm64/kvm/hyp/nvhe/switch.c index 49080c607838..2bf5952f651b 100644 --- a/arch/arm64/kvm/hyp/nvhe/switch.c +++ b/arch/arm64/kvm/hyp/nvhe/switch.c @@ -20,6 +20,7 @@ #include #include #include +#include #include #include #include @@ -28,6 +29,7 @@ #include #include +#include /* Non-VHE specific context */ DEFINE_PER_CPU(struct kvm_host_data, kvm_host_data); @@ -158,6 +160,49 @@ static void __pmu_switch_to_host(struct kvm_cpu_context *host_ctxt) write_sysreg(pmu->events_host, pmcntenset_el0); } +/** + * Handler for protected VM restricted exceptions. + * + * Inject an undefined exception into the guest and return true to indicate that + * the hypervisor has handled the exit, and control should go back to the guest. + */ +static bool kvm_handle_pvm_restricted(struct kvm_vcpu *vcpu, u64 *exit_code) +{ + __inject_undef64(vcpu); + return true; +} + +/** + * Handler for protected VM MSR, MRS or System instruction execution in AArch64. + * + * Returns true if the hypervisor has handled the exit, and control should go + * back to the guest, or false if it hasn't. + */ +static bool kvm_handle_pvm_sys64(struct kvm_vcpu *vcpu, u64 *exit_code) +{ + if (kvm_handle_pvm_sysreg(vcpu, exit_code)) + return true; + else + return kvm_hyp_handle_sysreg(vcpu, exit_code); +} + +/** + * Handler for protected floating-point and Advanced SIMD accesses. + * + * Returns true if the hypervisor has handled the exit, and control should go + * back to the guest, or false if it hasn't. + */ +static bool kvm_handle_pvm_fpsimd(struct kvm_vcpu *vcpu, u64 *exit_code) +{ + /* Linux guests assume support for floating-point and Advanced SIMD. */ + BUILD_BUG_ON(!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR0_FP), + PVM_ID_AA64PFR0_ALLOW)); + BUILD_BUG_ON(!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR0_ASIMD), + PVM_ID_AA64PFR0_ALLOW)); + + return kvm_hyp_handle_fpsimd(vcpu, exit_code); +} + static const exit_handler_fn hyp_exit_handlers[] = { [0 ... ESR_ELx_EC_MAX] = NULL, [ESR_ELx_EC_CP15_32] = kvm_hyp_handle_cp15, @@ -170,8 +215,23 @@ static const exit_handler_fn hyp_exit_handlers[] = { [ESR_ELx_EC_PAC] = kvm_hyp_handle_ptrauth, }; +static const exit_handler_fn pvm_exit_handlers[] = { + [0 ... ESR_ELx_EC_MAX] = NULL, + [ESR_ELx_EC_CP15_32] = kvm_hyp_handle_cp15, + [ESR_ELx_EC_CP15_64] = kvm_hyp_handle_cp15, + [ESR_ELx_EC_SYS64] = kvm_handle_pvm_sys64, + [ESR_ELx_EC_SVE] = kvm_handle_pvm_restricted, + [ESR_ELx_EC_FP_ASIMD] = kvm_handle_pvm_fpsimd, + [ESR_ELx_EC_IABT_LOW] = kvm_hyp_handle_iabt_low, + [ESR_ELx_EC_DABT_LOW] = kvm_hyp_handle_dabt_low, + [ESR_ELx_EC_PAC] = kvm_hyp_handle_ptrauth, +}; + static const exit_handler_fn *kvm_get_exit_handler_array(struct kvm *kvm) { + if (unlikely(kvm_vm_is_protected(kvm))) + return pvm_exit_handlers; + return hyp_exit_handlers; } -- 2.33.0.464.g1972c5931b-goog _______________________________________________ kvmarm mailing list kvmarm@lists.cs.columbia.edu https://lists.cs.columbia.edu/mailman/listinfo/kvmarm From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.2 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_ADSP_CUSTOM_MED,DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4EDA5C433F5 for ; Wed, 22 Sep 2021 12:54:39 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 17BDC611B0 for ; Wed, 22 Sep 2021 12:54:39 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 17BDC611B0 Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:References: Mime-Version:Message-Id:In-Reply-To:Date:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=O3p3SelhynUIqVKKHsD0rpajx3qxDBr19vpxsadZcJY=; b=sBeXYeiSSuPpiBfQul9AXjx4MB PaDqKRR2Rs/7ev6EgNkZ+I2uPnRjUbFD1CVrv8K8UpK3Y14KpouM1Hb2orM5AHBEcW3O3O7gqBj5t p4ui99ObbqUoUy1EiPuAg1k6hOGTMvmwVxWv4v20blXePSs6oi8cWAUdkYchePh9ZcsTwkNTKix0s MP9lMk1dQtpI4qGVMPvEuYkoNxM0XwJKBHQdL6EB6/1DfYrybtxmNaKxZdV4TrqJge4XWaR4/unY6 H+zJXToAmgf5jqoMo/5lVx5ur0idTbERW/1bH+okHM1Wjzh0kQwEgNDrc2OnBVBS3CdcbiFK/+2lD dyFZNeiw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1mT1i8-008QQn-OX; Wed, 22 Sep 2021 12:50:53 +0000 Received: from mail-qv1-xf49.google.com ([2607:f8b0:4864:20::f49]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1mT1et-008OwT-62 for linux-arm-kernel@lists.infradead.org; Wed, 22 Sep 2021 12:47:32 +0000 Received: by mail-qv1-xf49.google.com with SMTP id h25-20020a0cab19000000b0037a49d15c93so11013897qvb.22 for ; Wed, 22 Sep 2021 05:47:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=fhuyzDrWVkEjtHzFzN+Fx6ExKEiC8uquGig/dbG3Bns=; b=nC1xPUxkO/dCfs8FVpTPJ8s8ewk2VV5qT2a4qephLr4t+EZ5A/JCaPLQIOMf+T4A/F HD3I6c8yXTN2Z1GmvjAB9kHrih+iGQhAnSj1eKpqqyjbYMxx5FzYKn/LNr25KlV8WOU7 CcDVOxXpkPE/wH4yhdOaoYTeBKhVu3k7Xpbf8LOWTzYwQTU5G11agDQnhZ993/d6nOuo e1Zutmt0OI78WrqGYEv1VInt2IpLFMQGCTIjv7vJxx231AmMFGbcOlYGjkTYsksFY5tn byC+9fZxDfQkQ2z8VdC1X5jVwHcf9KuiWm1qDyHW9xbjqQ1JBPkX9mywJExzn54KfSYI j6kg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=fhuyzDrWVkEjtHzFzN+Fx6ExKEiC8uquGig/dbG3Bns=; b=XWLoIV5u9L1R4zNLlSI4NYjcXdqUk+LGgo3Upq/8FQEkDCt0OHdgPZctfxiwXZC6Ea diRyMYP93ynThd3J0s6GK+3oE1MAajSjRP1ME9U2bDN39LPY90mRZjM3saZYy+wn0kUk gotzigGYa+2XIAgT+FmNOC7Ds+y12fg4k4ZvUM8/23P4NoSuH2aQdXZh4b7P4HskKUup r3CHthP5vdtHQa+3TM4iKY3f8fXbltlfa9kmPhc230O4N1HSPNkRC/IUUmYW1qMPVaE3 3uLheJh6pUSn+nLTdJGPxC5vdj1j588+4FD6Bv/Qf0te90CaKHUaoxvVyR/tL6LA2w69 qUBg== X-Gm-Message-State: AOAM531YbKZm6grlVU+Dnrfe0MffEUvpOL33NBs4fZD2FKRKDhpGAxwR XyhpCfR4m0cq3cihpJbq6ILD06Zv+A== X-Google-Smtp-Source: ABdhPJxbrBtZRxlrZyFXhw9pE2+iVlXS5BSDuMMG1cQhJ1gtaZoBRAu5TJ0pEsjLM6ux6doDiNfYq5ulMg== X-Received: from tabba.c.googlers.com ([fda3:e722:ac3:cc00:28:9cb1:c0a8:482]) (user=tabba job=sendgmr) by 2002:ad4:556d:: with SMTP id w13mr8188690qvy.4.1632314849777; Wed, 22 Sep 2021 05:47:29 -0700 (PDT) Date: Wed, 22 Sep 2021 13:47:03 +0100 In-Reply-To: <20210922124704.600087-1-tabba@google.com> Message-Id: <20210922124704.600087-12-tabba@google.com> Mime-Version: 1.0 References: <20210922124704.600087-1-tabba@google.com> X-Mailer: git-send-email 2.33.0.464.g1972c5931b-goog Subject: [PATCH v6 11/12] KVM: arm64: Trap access to pVM restricted features From: Fuad Tabba To: kvmarm@lists.cs.columbia.edu Cc: maz@kernel.org, will@kernel.org, james.morse@arm.com, alexandru.elisei@arm.com, suzuki.poulose@arm.com, mark.rutland@arm.com, christoffer.dall@arm.com, pbonzini@redhat.com, drjones@redhat.com, oupton@google.com, qperret@google.com, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org, kernel-team@android.com, tabba@google.com X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210922_054731_267785_E88B6B78 X-CRM114-Status: GOOD ( 14.69 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Trap accesses to restricted features for VMs running in protected mode. Access to feature registers are emulated, and only supported features are exposed to protected VMs. Accesses to restricted registers as well as restricted instructions are trapped, and an undefined exception is injected into the protected guests, i.e., with EC = 0x0 (unknown reason). This EC is the one used, according to the Arm Architecture Reference Manual, for unallocated or undefined system registers or instructions. Only affects the functionality of protected VMs. Otherwise, should not affect non-protected VMs when KVM is running in protected mode. Signed-off-by: Fuad Tabba --- arch/arm64/kvm/hyp/nvhe/switch.c | 60 ++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) diff --git a/arch/arm64/kvm/hyp/nvhe/switch.c b/arch/arm64/kvm/hyp/nvhe/switch.c index 49080c607838..2bf5952f651b 100644 --- a/arch/arm64/kvm/hyp/nvhe/switch.c +++ b/arch/arm64/kvm/hyp/nvhe/switch.c @@ -20,6 +20,7 @@ #include #include #include +#include #include #include #include @@ -28,6 +29,7 @@ #include #include +#include /* Non-VHE specific context */ DEFINE_PER_CPU(struct kvm_host_data, kvm_host_data); @@ -158,6 +160,49 @@ static void __pmu_switch_to_host(struct kvm_cpu_context *host_ctxt) write_sysreg(pmu->events_host, pmcntenset_el0); } +/** + * Handler for protected VM restricted exceptions. + * + * Inject an undefined exception into the guest and return true to indicate that + * the hypervisor has handled the exit, and control should go back to the guest. + */ +static bool kvm_handle_pvm_restricted(struct kvm_vcpu *vcpu, u64 *exit_code) +{ + __inject_undef64(vcpu); + return true; +} + +/** + * Handler for protected VM MSR, MRS or System instruction execution in AArch64. + * + * Returns true if the hypervisor has handled the exit, and control should go + * back to the guest, or false if it hasn't. + */ +static bool kvm_handle_pvm_sys64(struct kvm_vcpu *vcpu, u64 *exit_code) +{ + if (kvm_handle_pvm_sysreg(vcpu, exit_code)) + return true; + else + return kvm_hyp_handle_sysreg(vcpu, exit_code); +} + +/** + * Handler for protected floating-point and Advanced SIMD accesses. + * + * Returns true if the hypervisor has handled the exit, and control should go + * back to the guest, or false if it hasn't. + */ +static bool kvm_handle_pvm_fpsimd(struct kvm_vcpu *vcpu, u64 *exit_code) +{ + /* Linux guests assume support for floating-point and Advanced SIMD. */ + BUILD_BUG_ON(!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR0_FP), + PVM_ID_AA64PFR0_ALLOW)); + BUILD_BUG_ON(!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR0_ASIMD), + PVM_ID_AA64PFR0_ALLOW)); + + return kvm_hyp_handle_fpsimd(vcpu, exit_code); +} + static const exit_handler_fn hyp_exit_handlers[] = { [0 ... ESR_ELx_EC_MAX] = NULL, [ESR_ELx_EC_CP15_32] = kvm_hyp_handle_cp15, @@ -170,8 +215,23 @@ static const exit_handler_fn hyp_exit_handlers[] = { [ESR_ELx_EC_PAC] = kvm_hyp_handle_ptrauth, }; +static const exit_handler_fn pvm_exit_handlers[] = { + [0 ... ESR_ELx_EC_MAX] = NULL, + [ESR_ELx_EC_CP15_32] = kvm_hyp_handle_cp15, + [ESR_ELx_EC_CP15_64] = kvm_hyp_handle_cp15, + [ESR_ELx_EC_SYS64] = kvm_handle_pvm_sys64, + [ESR_ELx_EC_SVE] = kvm_handle_pvm_restricted, + [ESR_ELx_EC_FP_ASIMD] = kvm_handle_pvm_fpsimd, + [ESR_ELx_EC_IABT_LOW] = kvm_hyp_handle_iabt_low, + [ESR_ELx_EC_DABT_LOW] = kvm_hyp_handle_dabt_low, + [ESR_ELx_EC_PAC] = kvm_hyp_handle_ptrauth, +}; + static const exit_handler_fn *kvm_get_exit_handler_array(struct kvm *kvm) { + if (unlikely(kvm_vm_is_protected(kvm))) + return pvm_exit_handlers; + return hyp_exit_handlers; } -- 2.33.0.464.g1972c5931b-goog _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel