From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id F00B0C433EF for ; Fri, 8 Oct 2021 15:59:02 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id DB0CE60F4F for ; Fri, 8 Oct 2021 15:59:02 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S243265AbhJHQA4 (ORCPT ); Fri, 8 Oct 2021 12:00:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39706 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S243213AbhJHQAw (ORCPT ); Fri, 8 Oct 2021 12:00:52 -0400 Received: from mail-yb1-xb49.google.com (mail-yb1-xb49.google.com [IPv6:2607:f8b0:4864:20::b49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2E356C061755 for ; Fri, 8 Oct 2021 08:58:57 -0700 (PDT) Received: by mail-yb1-xb49.google.com with SMTP id p8-20020a056902114800b005bad2571fbeso1638543ybu.23 for ; Fri, 08 Oct 2021 08:58:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=wJJszilA4UjK4AVsoFrSiurMN2NLV1CPui7ahB+b56k=; b=M51Vbk1q9IjlvFH69oju/v/0EZl0tmloeEi+Zm7yAa5eIazZ3bwWbULGhXTFrF3g+I nvKA2iN14W9lBh5jRZQHy7dbu97XxDElG+vOlto2BkZcB8XdOec8cUXJixbIVWPST05c yqL0gGAZaoP8OUS2Wrd5IOydUMck54gjCvrKb10++sXrM5ZrhxqkwHCz+SGsd/Ap4fYG MMCokjmynYOtvo0q6VOEpMNIMkvHXThtGSd5q/nk60vDUZPj3tKzmViUw7S3+cNNuUth 3rkXCfe7mJk20Q7NOKta4Nj9y/Yp3ENKePr2eqDZcegBFtPhjGY9Kx9ubWGg0Rj2og+u vZVA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=wJJszilA4UjK4AVsoFrSiurMN2NLV1CPui7ahB+b56k=; b=Y6zbkv/qgS+FZaMQmTosEwzbWDiqkoVqL48xvLUiy4DsTSwXDRptgKALpDJDlWUTXd w8So+K2jYjahLsxRDOGVv42aJVdAMyHJa7Nrs6Uxtd3U71ylDE/sOtfnQs6v0owQNyZ/ Y7eEgmrC4979mqn5u6sQusjHtHMmdIKkciNxCLa7MOzUg2rKGTjH8Q1nda3idfR0Nzr7 rhNwGzAg9/+gU0C+Jn2oNXtb3YuP/YAcqAlzNM+zWbatIhLNAEMllzEFGKGIO5YAn2bl WqXK4BsndHEWrQRke9eYrQJMbTrK7hryzF2wqWPwiIemmfAUtzI6Vik9NhwoNT/HnifQ aJdA== X-Gm-Message-State: AOAM532FmanuoCC8x4Bwtu2//c2mBS6ccbhIwRT+U2NgmDxEc4fNSa+5 kzTx3EHAeV5YDXIV/vJWa/DNcx9djQ== X-Google-Smtp-Source: ABdhPJypJlyAK9gZ3NArU2IoVCZTDXwNxMf5X4WHL+8HZexKeq/iR/ES1qBsGJeLq1H3EWl/v9iimIx4Sg== X-Received: from tabba.c.googlers.com ([fda3:e722:ac3:cc00:28:9cb1:c0a8:482]) (user=tabba job=sendgmr) by 2002:a25:3491:: with SMTP id b139mr4249799yba.229.1633708736091; Fri, 08 Oct 2021 08:58:56 -0700 (PDT) Date: Fri, 8 Oct 2021 16:58:31 +0100 In-Reply-To: <20211008155832.1415010-1-tabba@google.com> Message-Id: <20211008155832.1415010-11-tabba@google.com> Mime-Version: 1.0 References: <20211008155832.1415010-1-tabba@google.com> X-Mailer: git-send-email 2.33.0.882.g93a45727a2-goog Subject: [PATCH v7 10/11] KVM: arm64: Trap access to pVM restricted features From: Fuad Tabba To: kvmarm@lists.cs.columbia.edu Cc: maz@kernel.org, will@kernel.org, james.morse@arm.com, alexandru.elisei@arm.com, suzuki.poulose@arm.com, mark.rutland@arm.com, christoffer.dall@arm.com, pbonzini@redhat.com, drjones@redhat.com, oupton@google.com, qperret@google.com, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org, kernel-team@android.com, tabba@google.com Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org Trap accesses to restricted features for VMs running in protected mode. Access to feature registers are emulated, and only supported features are exposed to protected VMs. Accesses to restricted registers as well as restricted instructions are trapped, and an undefined exception is injected into the protected guests, i.e., with EC = 0x0 (unknown reason). This EC is the one used, according to the Arm Architecture Reference Manual, for unallocated or undefined system registers or instructions. Only affects the functionality of protected VMs. Otherwise, should not affect non-protected VMs when KVM is running in protected mode. Signed-off-by: Fuad Tabba --- arch/arm64/kvm/hyp/nvhe/switch.c | 57 ++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) diff --git a/arch/arm64/kvm/hyp/nvhe/switch.c b/arch/arm64/kvm/hyp/nvhe/switch.c index 17d1a9512507..2c72c31e516e 100644 --- a/arch/arm64/kvm/hyp/nvhe/switch.c +++ b/arch/arm64/kvm/hyp/nvhe/switch.c @@ -20,6 +20,7 @@ #include #include #include +#include #include #include #include @@ -159,6 +160,49 @@ static void __pmu_switch_to_host(struct kvm_cpu_context *host_ctxt) write_sysreg(pmu->events_host, pmcntenset_el0); } +/** + * Handler for protected VM restricted exceptions. + * + * Inject an undefined exception into the guest and return true to indicate that + * the hypervisor has handled the exit, and control should go back to the guest. + */ +static bool kvm_handle_pvm_restricted(struct kvm_vcpu *vcpu, u64 *exit_code) +{ + inject_undef64(vcpu); + return true; +} + +/** + * Handler for protected VM MSR, MRS or System instruction execution in AArch64. + * + * Returns true if the hypervisor has handled the exit, and control should go + * back to the guest, or false if it hasn't. + */ +static bool kvm_handle_pvm_sys64(struct kvm_vcpu *vcpu, u64 *exit_code) +{ + if (kvm_handle_pvm_sysreg(vcpu, exit_code)) + return true; + + return kvm_hyp_handle_sysreg(vcpu, exit_code); +} + +/** + * Handler for protected floating-point and Advanced SIMD accesses. + * + * Returns true if the hypervisor has handled the exit, and control should go + * back to the guest, or false if it hasn't. + */ +static bool kvm_handle_pvm_fpsimd(struct kvm_vcpu *vcpu, u64 *exit_code) +{ + /* Linux guests assume support for floating-point and Advanced SIMD. */ + BUILD_BUG_ON(!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR0_FP), + PVM_ID_AA64PFR0_ALLOW)); + BUILD_BUG_ON(!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR0_ASIMD), + PVM_ID_AA64PFR0_ALLOW)); + + return kvm_hyp_handle_fpsimd(vcpu, exit_code); +} + static const exit_handler_fn hyp_exit_handlers[] = { [0 ... ESR_ELx_EC_MAX] = NULL, [ESR_ELx_EC_CP15_32] = kvm_hyp_handle_cp15_32, @@ -170,8 +214,21 @@ static const exit_handler_fn hyp_exit_handlers[] = { [ESR_ELx_EC_PAC] = kvm_hyp_handle_ptrauth, }; +static const exit_handler_fn pvm_exit_handlers[] = { + [0 ... ESR_ELx_EC_MAX] = NULL, + [ESR_ELx_EC_SYS64] = kvm_handle_pvm_sys64, + [ESR_ELx_EC_SVE] = kvm_handle_pvm_restricted, + [ESR_ELx_EC_FP_ASIMD] = kvm_handle_pvm_fpsimd, + [ESR_ELx_EC_IABT_LOW] = kvm_hyp_handle_iabt_low, + [ESR_ELx_EC_DABT_LOW] = kvm_hyp_handle_dabt_low, + [ESR_ELx_EC_PAC] = kvm_hyp_handle_ptrauth, +}; + static const exit_handler_fn *kvm_get_exit_handler_array(struct kvm *kvm) { + if (unlikely(kvm_vm_is_protected(kvm))) + return pvm_exit_handlers; + return hyp_exit_handlers; } -- 2.33.0.882.g93a45727a2-goog From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id CF4F2C4332F for ; Fri, 8 Oct 2021 15:59:01 +0000 (UTC) Received: from mm01.cs.columbia.edu (mm01.cs.columbia.edu [128.59.11.253]) by mail.kernel.org (Postfix) with ESMTP id 837A06101A for ; Fri, 8 Oct 2021 15:59:01 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 837A06101A Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=lists.cs.columbia.edu Received: from localhost (localhost [127.0.0.1]) by mm01.cs.columbia.edu (Postfix) with ESMTP id 3967E4B11A; Fri, 8 Oct 2021 11:59:01 -0400 (EDT) X-Virus-Scanned: at lists.cs.columbia.edu Authentication-Results: mm01.cs.columbia.edu (amavisd-new); dkim=softfail (fail, message has been altered) header.i=@google.com Received: from mm01.cs.columbia.edu ([127.0.0.1]) by localhost (mm01.cs.columbia.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ujXvK-Ev4-Qx; Fri, 8 Oct 2021 11:59:00 -0400 (EDT) Received: from mm01.cs.columbia.edu (localhost [127.0.0.1]) by mm01.cs.columbia.edu (Postfix) with ESMTP id 00CA14B16E; Fri, 8 Oct 2021 11:59:00 -0400 (EDT) Received: from localhost (localhost [127.0.0.1]) by mm01.cs.columbia.edu (Postfix) with ESMTP id 726004B0FC for ; Fri, 8 Oct 2021 11:58:59 -0400 (EDT) X-Virus-Scanned: at lists.cs.columbia.edu Received: from mm01.cs.columbia.edu ([127.0.0.1]) by localhost (mm01.cs.columbia.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zn5nt92rvsTV for ; Fri, 8 Oct 2021 11:58:58 -0400 (EDT) Received: from mail-yb1-f202.google.com (mail-yb1-f202.google.com [209.85.219.202]) by mm01.cs.columbia.edu (Postfix) with ESMTPS id E06974B120 for ; Fri, 8 Oct 2021 11:58:56 -0400 (EDT) Received: by mail-yb1-f202.google.com with SMTP id x16-20020a25b910000000b005b6b7f2f91cso13200889ybj.1 for ; Fri, 08 Oct 2021 08:58:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=wJJszilA4UjK4AVsoFrSiurMN2NLV1CPui7ahB+b56k=; b=M51Vbk1q9IjlvFH69oju/v/0EZl0tmloeEi+Zm7yAa5eIazZ3bwWbULGhXTFrF3g+I nvKA2iN14W9lBh5jRZQHy7dbu97XxDElG+vOlto2BkZcB8XdOec8cUXJixbIVWPST05c yqL0gGAZaoP8OUS2Wrd5IOydUMck54gjCvrKb10++sXrM5ZrhxqkwHCz+SGsd/Ap4fYG MMCokjmynYOtvo0q6VOEpMNIMkvHXThtGSd5q/nk60vDUZPj3tKzmViUw7S3+cNNuUth 3rkXCfe7mJk20Q7NOKta4Nj9y/Yp3ENKePr2eqDZcegBFtPhjGY9Kx9ubWGg0Rj2og+u vZVA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=wJJszilA4UjK4AVsoFrSiurMN2NLV1CPui7ahB+b56k=; b=ZIgx5eGQaV2E3UiH7zLib9NQwg8cLber1XuHgKVyJai3rq+jjQSABCe9mDJG5ewrH5 vPTCAHkwnJp9rYQwQxnCj8OuIp5Vp2fePxL/5/nof5r4TiT72MiipONWSrzEd2HQrQQb U9IoHrgaov73okPkjIFWl628I45sK9QecU7MaazeLnbjOSYYoeDdOOHmgN8ub9WFHVvM c1mR4btvJCRY1he1uc1OOvFUgyufY9PiVNBjWNp/5WJ1Q3Hyv8NLrRoSB/Dx8N4A5g8X GSdufQoTp3m9DBhKmdwb56rCWhpS8QHo6/3XsiPtVxc4c+wxWGXg6sJE7EzLL6sJkjym 7S0A== X-Gm-Message-State: AOAM531/MiB2UsfG4dVtLPaLbOoqmBc0iuj477XPILZvUZFIsR6PSEv8 aEmU1BXeZiQdRZdqOyyxOIJyJoZoLU7XYoUpYChfOFpOoRKsHVW78wsAWqPvIPeShkmWl/7LKFH mcJqO8GmLQXvC69EQYCr1BERVEN92zKQjdlvQydI2vnp6eLBqpyDyVpOdeb9LP9M6KLc= X-Google-Smtp-Source: ABdhPJypJlyAK9gZ3NArU2IoVCZTDXwNxMf5X4WHL+8HZexKeq/iR/ES1qBsGJeLq1H3EWl/v9iimIx4Sg== X-Received: from tabba.c.googlers.com ([fda3:e722:ac3:cc00:28:9cb1:c0a8:482]) (user=tabba job=sendgmr) by 2002:a25:3491:: with SMTP id b139mr4249799yba.229.1633708736091; Fri, 08 Oct 2021 08:58:56 -0700 (PDT) Date: Fri, 8 Oct 2021 16:58:31 +0100 In-Reply-To: <20211008155832.1415010-1-tabba@google.com> Message-Id: <20211008155832.1415010-11-tabba@google.com> Mime-Version: 1.0 References: <20211008155832.1415010-1-tabba@google.com> X-Mailer: git-send-email 2.33.0.882.g93a45727a2-goog Subject: [PATCH v7 10/11] KVM: arm64: Trap access to pVM restricted features From: Fuad Tabba To: kvmarm@lists.cs.columbia.edu Cc: kernel-team@android.com, kvm@vger.kernel.org, maz@kernel.org, pbonzini@redhat.com, will@kernel.org, linux-arm-kernel@lists.infradead.org X-BeenThere: kvmarm@lists.cs.columbia.edu X-Mailman-Version: 2.1.14 Precedence: list List-Id: Where KVM/ARM decisions are made List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: kvmarm-bounces@lists.cs.columbia.edu Sender: kvmarm-bounces@lists.cs.columbia.edu Trap accesses to restricted features for VMs running in protected mode. Access to feature registers are emulated, and only supported features are exposed to protected VMs. Accesses to restricted registers as well as restricted instructions are trapped, and an undefined exception is injected into the protected guests, i.e., with EC = 0x0 (unknown reason). This EC is the one used, according to the Arm Architecture Reference Manual, for unallocated or undefined system registers or instructions. Only affects the functionality of protected VMs. Otherwise, should not affect non-protected VMs when KVM is running in protected mode. Signed-off-by: Fuad Tabba --- arch/arm64/kvm/hyp/nvhe/switch.c | 57 ++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) diff --git a/arch/arm64/kvm/hyp/nvhe/switch.c b/arch/arm64/kvm/hyp/nvhe/switch.c index 17d1a9512507..2c72c31e516e 100644 --- a/arch/arm64/kvm/hyp/nvhe/switch.c +++ b/arch/arm64/kvm/hyp/nvhe/switch.c @@ -20,6 +20,7 @@ #include #include #include +#include #include #include #include @@ -159,6 +160,49 @@ static void __pmu_switch_to_host(struct kvm_cpu_context *host_ctxt) write_sysreg(pmu->events_host, pmcntenset_el0); } +/** + * Handler for protected VM restricted exceptions. + * + * Inject an undefined exception into the guest and return true to indicate that + * the hypervisor has handled the exit, and control should go back to the guest. + */ +static bool kvm_handle_pvm_restricted(struct kvm_vcpu *vcpu, u64 *exit_code) +{ + inject_undef64(vcpu); + return true; +} + +/** + * Handler for protected VM MSR, MRS or System instruction execution in AArch64. + * + * Returns true if the hypervisor has handled the exit, and control should go + * back to the guest, or false if it hasn't. + */ +static bool kvm_handle_pvm_sys64(struct kvm_vcpu *vcpu, u64 *exit_code) +{ + if (kvm_handle_pvm_sysreg(vcpu, exit_code)) + return true; + + return kvm_hyp_handle_sysreg(vcpu, exit_code); +} + +/** + * Handler for protected floating-point and Advanced SIMD accesses. + * + * Returns true if the hypervisor has handled the exit, and control should go + * back to the guest, or false if it hasn't. + */ +static bool kvm_handle_pvm_fpsimd(struct kvm_vcpu *vcpu, u64 *exit_code) +{ + /* Linux guests assume support for floating-point and Advanced SIMD. */ + BUILD_BUG_ON(!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR0_FP), + PVM_ID_AA64PFR0_ALLOW)); + BUILD_BUG_ON(!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR0_ASIMD), + PVM_ID_AA64PFR0_ALLOW)); + + return kvm_hyp_handle_fpsimd(vcpu, exit_code); +} + static const exit_handler_fn hyp_exit_handlers[] = { [0 ... ESR_ELx_EC_MAX] = NULL, [ESR_ELx_EC_CP15_32] = kvm_hyp_handle_cp15_32, @@ -170,8 +214,21 @@ static const exit_handler_fn hyp_exit_handlers[] = { [ESR_ELx_EC_PAC] = kvm_hyp_handle_ptrauth, }; +static const exit_handler_fn pvm_exit_handlers[] = { + [0 ... ESR_ELx_EC_MAX] = NULL, + [ESR_ELx_EC_SYS64] = kvm_handle_pvm_sys64, + [ESR_ELx_EC_SVE] = kvm_handle_pvm_restricted, + [ESR_ELx_EC_FP_ASIMD] = kvm_handle_pvm_fpsimd, + [ESR_ELx_EC_IABT_LOW] = kvm_hyp_handle_iabt_low, + [ESR_ELx_EC_DABT_LOW] = kvm_hyp_handle_dabt_low, + [ESR_ELx_EC_PAC] = kvm_hyp_handle_ptrauth, +}; + static const exit_handler_fn *kvm_get_exit_handler_array(struct kvm *kvm) { + if (unlikely(kvm_vm_is_protected(kvm))) + return pvm_exit_handlers; + return hyp_exit_handlers; } -- 2.33.0.882.g93a45727a2-goog _______________________________________________ kvmarm mailing list kvmarm@lists.cs.columbia.edu https://lists.cs.columbia.edu/mailman/listinfo/kvmarm From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 184F7C433EF for ; Fri, 8 Oct 2021 16:04:59 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id DB03A6101E for ; Fri, 8 Oct 2021 16:04:58 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org DB03A6101E Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:References: Mime-Version:Message-Id:In-Reply-To:Date:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=lxM87nfElpPJ+xlsjQ7MQoFkKTytxk3J3IJRNRbIlY0=; b=bfgg6kOKyMHh+sA+5wz43rPVo3 DCF2UK2HsLh2axKhmK0UC6fbLgnwyTh29Ung+qgDJcx/X3lv368LKHlFObAVOuWmcRzXB5CgJW6+b aD24VVhoxOY8r0+rPD6GK2GuDJbDPWaD86+5vkX9DhwFQ6XuE9nu66dIxfi1zo++CFkr9H6R+cWcc CI2PqolMyAnVyo/QagDwBRgs5s5g5e5/bmMX4orzKSmNGzdQvbhNuIQAWBLMUGiN63+Y6LSCUhfFY cVUss5f9tZOHsplSyYeUk7vsOHWX1joPjGCourTft7+AKhoSW6OtiyocEDpqDqeBmuFsXA8+pXS6v a1X1TceA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1mYsKs-003OL7-8w; Fri, 08 Oct 2021 16:03:02 +0000 Received: from mail-yb1-xb4a.google.com ([2607:f8b0:4864:20::b4a]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1mYsGw-003MRG-0C for linux-arm-kernel@lists.infradead.org; Fri, 08 Oct 2021 15:58:59 +0000 Received: by mail-yb1-xb4a.google.com with SMTP id b197-20020a2534ce000000b005b71a4e189eso13168118yba.5 for ; Fri, 08 Oct 2021 08:58:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=wJJszilA4UjK4AVsoFrSiurMN2NLV1CPui7ahB+b56k=; b=M51Vbk1q9IjlvFH69oju/v/0EZl0tmloeEi+Zm7yAa5eIazZ3bwWbULGhXTFrF3g+I nvKA2iN14W9lBh5jRZQHy7dbu97XxDElG+vOlto2BkZcB8XdOec8cUXJixbIVWPST05c yqL0gGAZaoP8OUS2Wrd5IOydUMck54gjCvrKb10++sXrM5ZrhxqkwHCz+SGsd/Ap4fYG MMCokjmynYOtvo0q6VOEpMNIMkvHXThtGSd5q/nk60vDUZPj3tKzmViUw7S3+cNNuUth 3rkXCfe7mJk20Q7NOKta4Nj9y/Yp3ENKePr2eqDZcegBFtPhjGY9Kx9ubWGg0Rj2og+u vZVA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=wJJszilA4UjK4AVsoFrSiurMN2NLV1CPui7ahB+b56k=; b=iReyKyTCSCvb4V5o89dfZmFrknIdHwZM5+NO8YBPAKvUj/KmR1hvc4oHIoUSxQS8sC 123v1bM2katmvwGwovsvzTGrpFgrLSXRzptYBnaruqvzRLSWTt8QNjasROIXXTX5c5Th lto2yXxzquZz8Wq+5cG6qnVqIHpuTjUwxVrQ7Uh9puK7VNVfMcwWRQCvaEAikxrXsigR 7vNOVZVGDvxwlWfHRTnr3o0/V9lf4YmJQyes63Xk0PooxiA26bd7cudsBWFXLKsJwgNB gFvrRIAWila3v7qJBYZqgWJtQyQPlrmfb4SvAI5sFka+a2SS01TyEzFHSKaRbuC2soqx xZcQ== X-Gm-Message-State: AOAM533tWcoEFsR8zSrJ5Gg8ojz3iNt9GvxjRuhMlORqA1fDJU+fiA0e sRmJCkdTG6omh2z+ahO7LQPBcgfmXQ== X-Google-Smtp-Source: ABdhPJypJlyAK9gZ3NArU2IoVCZTDXwNxMf5X4WHL+8HZexKeq/iR/ES1qBsGJeLq1H3EWl/v9iimIx4Sg== X-Received: from tabba.c.googlers.com ([fda3:e722:ac3:cc00:28:9cb1:c0a8:482]) (user=tabba job=sendgmr) by 2002:a25:3491:: with SMTP id b139mr4249799yba.229.1633708736091; Fri, 08 Oct 2021 08:58:56 -0700 (PDT) Date: Fri, 8 Oct 2021 16:58:31 +0100 In-Reply-To: <20211008155832.1415010-1-tabba@google.com> Message-Id: <20211008155832.1415010-11-tabba@google.com> Mime-Version: 1.0 References: <20211008155832.1415010-1-tabba@google.com> X-Mailer: git-send-email 2.33.0.882.g93a45727a2-goog Subject: [PATCH v7 10/11] KVM: arm64: Trap access to pVM restricted features From: Fuad Tabba To: kvmarm@lists.cs.columbia.edu Cc: maz@kernel.org, will@kernel.org, james.morse@arm.com, alexandru.elisei@arm.com, suzuki.poulose@arm.com, mark.rutland@arm.com, christoffer.dall@arm.com, pbonzini@redhat.com, drjones@redhat.com, oupton@google.com, qperret@google.com, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org, kernel-team@android.com, tabba@google.com X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20211008_085858_085012_BD75A6FC X-CRM114-Status: GOOD ( 14.00 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Trap accesses to restricted features for VMs running in protected mode. Access to feature registers are emulated, and only supported features are exposed to protected VMs. Accesses to restricted registers as well as restricted instructions are trapped, and an undefined exception is injected into the protected guests, i.e., with EC = 0x0 (unknown reason). This EC is the one used, according to the Arm Architecture Reference Manual, for unallocated or undefined system registers or instructions. Only affects the functionality of protected VMs. Otherwise, should not affect non-protected VMs when KVM is running in protected mode. Signed-off-by: Fuad Tabba --- arch/arm64/kvm/hyp/nvhe/switch.c | 57 ++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) diff --git a/arch/arm64/kvm/hyp/nvhe/switch.c b/arch/arm64/kvm/hyp/nvhe/switch.c index 17d1a9512507..2c72c31e516e 100644 --- a/arch/arm64/kvm/hyp/nvhe/switch.c +++ b/arch/arm64/kvm/hyp/nvhe/switch.c @@ -20,6 +20,7 @@ #include #include #include +#include #include #include #include @@ -159,6 +160,49 @@ static void __pmu_switch_to_host(struct kvm_cpu_context *host_ctxt) write_sysreg(pmu->events_host, pmcntenset_el0); } +/** + * Handler for protected VM restricted exceptions. + * + * Inject an undefined exception into the guest and return true to indicate that + * the hypervisor has handled the exit, and control should go back to the guest. + */ +static bool kvm_handle_pvm_restricted(struct kvm_vcpu *vcpu, u64 *exit_code) +{ + inject_undef64(vcpu); + return true; +} + +/** + * Handler for protected VM MSR, MRS or System instruction execution in AArch64. + * + * Returns true if the hypervisor has handled the exit, and control should go + * back to the guest, or false if it hasn't. + */ +static bool kvm_handle_pvm_sys64(struct kvm_vcpu *vcpu, u64 *exit_code) +{ + if (kvm_handle_pvm_sysreg(vcpu, exit_code)) + return true; + + return kvm_hyp_handle_sysreg(vcpu, exit_code); +} + +/** + * Handler for protected floating-point and Advanced SIMD accesses. + * + * Returns true if the hypervisor has handled the exit, and control should go + * back to the guest, or false if it hasn't. + */ +static bool kvm_handle_pvm_fpsimd(struct kvm_vcpu *vcpu, u64 *exit_code) +{ + /* Linux guests assume support for floating-point and Advanced SIMD. */ + BUILD_BUG_ON(!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR0_FP), + PVM_ID_AA64PFR0_ALLOW)); + BUILD_BUG_ON(!FIELD_GET(ARM64_FEATURE_MASK(ID_AA64PFR0_ASIMD), + PVM_ID_AA64PFR0_ALLOW)); + + return kvm_hyp_handle_fpsimd(vcpu, exit_code); +} + static const exit_handler_fn hyp_exit_handlers[] = { [0 ... ESR_ELx_EC_MAX] = NULL, [ESR_ELx_EC_CP15_32] = kvm_hyp_handle_cp15_32, @@ -170,8 +214,21 @@ static const exit_handler_fn hyp_exit_handlers[] = { [ESR_ELx_EC_PAC] = kvm_hyp_handle_ptrauth, }; +static const exit_handler_fn pvm_exit_handlers[] = { + [0 ... ESR_ELx_EC_MAX] = NULL, + [ESR_ELx_EC_SYS64] = kvm_handle_pvm_sys64, + [ESR_ELx_EC_SVE] = kvm_handle_pvm_restricted, + [ESR_ELx_EC_FP_ASIMD] = kvm_handle_pvm_fpsimd, + [ESR_ELx_EC_IABT_LOW] = kvm_hyp_handle_iabt_low, + [ESR_ELx_EC_DABT_LOW] = kvm_hyp_handle_dabt_low, + [ESR_ELx_EC_PAC] = kvm_hyp_handle_ptrauth, +}; + static const exit_handler_fn *kvm_get_exit_handler_array(struct kvm *kvm) { + if (unlikely(kvm_vm_is_protected(kvm))) + return pvm_exit_handlers; + return hyp_exit_handlers; } -- 2.33.0.882.g93a45727a2-goog _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel