From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id A1218C4332F for ; Fri, 1 Apr 2022 01:08:47 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S243656AbiDABKe (ORCPT ); Thu, 31 Mar 2022 21:10:34 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35220 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S243658AbiDABKb (ORCPT ); Thu, 31 Mar 2022 21:10:31 -0400 Received: from mail-il1-x14a.google.com (mail-il1-x14a.google.com [IPv6:2607:f8b0:4864:20::14a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BDEC1140A8 for ; Thu, 31 Mar 2022 18:08:42 -0700 (PDT) Received: by mail-il1-x14a.google.com with SMTP id y2-20020a056e020f4200b002c9de5a79a1so833109ilj.23 for ; Thu, 31 Mar 2022 18:08:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=KA/GWZbBcAZRmPygWsfcVB729yBAl8Atyl9ZfVZwME0=; b=sMywx6e53vxiNm4E7wJ847vJbS+tcnm34/ZvNhHoQYy3ROOnRY8CHkP+7EpwRTLD2h AEVnejaGwfgGzpWlTAvEbVcBQm1DiuJymuDnOlrWvcpiYhiAAfIie8xcEH5/lV2gi+Rg rIeKknmv5TNIOdJJvLCVQvMIxhl5TA5nhOFphDxuLihvtPjhacgeXFDDGIijv/QtJEP4 VQEi8k5K+UV2d75IyliDY1pMTb/7L71JmYJYDFuFb1xuspzzyYBYfjE4S1v5dqgIZyeU bgfxp0AuTGYKCl70CX9fglhMu9JKuwbtXv4epNY207xjuTeVr5xPsSH8+Cy5xh0SKL6A +x7w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=KA/GWZbBcAZRmPygWsfcVB729yBAl8Atyl9ZfVZwME0=; b=1QZK6F4xA5M7ykVtb27AsRIVhOPzo6gmPKz4+nmoXGySvhi34UgYVMA5w726T/DUNh 9Vjt4au1I+kcD/lLuvO50a2n4F7EkYyMFQIalENtQ3THFrZ0RUFTSoYBeFiiW96JQAAT ZpBV7lVefFDOshF+2rb0JBjYFYsviJnx0mVVg3+/qOLcO0+UBmfSYslwrHWnnJsEPU/N fk5JR6XvX1slBKAtJVTdBb80sUnHK1rfz/pnPVU+Pak9AvddL3E8dnyOjpyB/mt3mUnY r4VA1uk0pLBhy3FFys1+JI+MSyEN5pd0D7mjg6LBaYdM7flwymhqUXlVsA3Qtr/fX41B UhhA== X-Gm-Message-State: AOAM530OHqP2x6G8aL0rmGip9+GO9E3YEZ1Udkzn53YsSgoLw5zgotB+ WowkTsKjCAcv64YkzdQbc3nlzLnFBQE= X-Google-Smtp-Source: ABdhPJxcIUgZkoq89DTW0ywDzVC0rUVYrGgHm6b0KDPOULWi8CbLKK4sO2bQ4yU/R77yJcpXNH3RlNMdqm8= X-Received: from oupton.c.googlers.com ([fda3:e722:ac3:cc00:2b:ff92:c0a8:404]) (user=oupton job=sendgmr) by 2002:a05:6e02:190b:b0:2ca:3be:2f52 with SMTP id w11-20020a056e02190b00b002ca03be2f52mr1730936ilu.8.1648775322203; Thu, 31 Mar 2022 18:08:42 -0700 (PDT) Date: Fri, 1 Apr 2022 01:08:32 +0000 In-Reply-To: <20220401010832.3425787-1-oupton@google.com> Message-Id: <20220401010832.3425787-4-oupton@google.com> Mime-Version: 1.0 References: <20220401010832.3425787-1-oupton@google.com> X-Mailer: git-send-email 2.35.1.1094.g7c7d902a7c-goog Subject: [PATCH v2 3/3] KVM: arm64: Start trapping ID registers for 32 bit guests From: Oliver Upton To: kvmarm@lists.cs.columbia.edu Cc: kvm@vger.kernel.org, Marc Zyngier , James Morse , Alexandru Elisei , Suzuki K Poulose , linux-arm-kernel@lists.infradead.org, Peter Shier , Ricardo Koller , Reiji Watanabe , Oliver Upton Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org To date KVM has not trapped ID register accesses from AArch32, meaning that guests get an unconstrained view of what hardware supports. This can be a serious problem because we try to base the guest's feature registers on values that are safe system-wide. Furthermore, KVM does not implement the latest ISA in the PMU and Debug architecture, so we constrain these fields to supported values. Since KVM now correctly handles CP15 and CP10 register traps, we no longer need to clear HCR_EL2.TID3 for 32 bit guests and will instead emulate reads with their safe values. Signed-off-by: Oliver Upton --- arch/arm64/include/asm/kvm_arm.h | 3 ++- arch/arm64/include/asm/kvm_emulate.h | 8 -------- 2 files changed, 2 insertions(+), 9 deletions(-) diff --git a/arch/arm64/include/asm/kvm_arm.h b/arch/arm64/include/asm/kvm_arm.h index 01d47c5886dc..2fc2d995c10a 100644 --- a/arch/arm64/include/asm/kvm_arm.h +++ b/arch/arm64/include/asm/kvm_arm.h @@ -80,11 +80,12 @@ * FMO: Override CPSR.F and enable signaling with VF * SWIO: Turn set/way invalidates into set/way clean+invalidate * PTW: Take a stage2 fault if a stage1 walk steps in device memory + * TID3: Trap EL1 reads of group 3 ID registers */ #define HCR_GUEST_FLAGS (HCR_TSC | HCR_TSW | HCR_TWE | HCR_TWI | HCR_VM | \ HCR_BSU_IS | HCR_FB | HCR_TACR | \ HCR_AMO | HCR_SWIO | HCR_TIDCP | HCR_RW | HCR_TLOR | \ - HCR_FMO | HCR_IMO | HCR_PTW ) + HCR_FMO | HCR_IMO | HCR_PTW | HCR_TID3 ) #define HCR_VIRT_EXCP_MASK (HCR_VSE | HCR_VI | HCR_VF) #define HCR_HOST_NVHE_FLAGS (HCR_RW | HCR_API | HCR_APK | HCR_ATA) #define HCR_HOST_NVHE_PROTECTED_FLAGS (HCR_HOST_NVHE_FLAGS | HCR_TSC) diff --git a/arch/arm64/include/asm/kvm_emulate.h b/arch/arm64/include/asm/kvm_emulate.h index d62405ce3e6d..fe32b4c8b35b 100644 --- a/arch/arm64/include/asm/kvm_emulate.h +++ b/arch/arm64/include/asm/kvm_emulate.h @@ -75,14 +75,6 @@ static inline void vcpu_reset_hcr(struct kvm_vcpu *vcpu) if (test_bit(KVM_ARM_VCPU_EL1_32BIT, vcpu->arch.features)) vcpu->arch.hcr_el2 &= ~HCR_RW; - /* - * TID3: trap feature register accesses that we virtualise. - * For now this is conditional, since no AArch32 feature regs - * are currently virtualised. - */ - if (!vcpu_el1_is_32bit(vcpu)) - vcpu->arch.hcr_el2 |= HCR_TID3; - if (cpus_have_const_cap(ARM64_MISMATCHED_CACHE_TYPE) || vcpu_el1_is_32bit(vcpu)) vcpu->arch.hcr_el2 |= HCR_TID2; -- 2.35.1.1094.g7c7d902a7c-goog From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mm01.cs.columbia.edu (mm01.cs.columbia.edu [128.59.11.253]) by smtp.lore.kernel.org (Postfix) with ESMTP id ED448C433F5 for ; Fri, 1 Apr 2022 01:08:48 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mm01.cs.columbia.edu (Postfix) with ESMTP id 9C36C4B263; Thu, 31 Mar 2022 21:08:48 -0400 (EDT) X-Virus-Scanned: at lists.cs.columbia.edu Authentication-Results: mm01.cs.columbia.edu (amavisd-new); dkim=softfail (fail, message has been altered) header.i=@google.com Received: from mm01.cs.columbia.edu ([127.0.0.1]) by localhost (mm01.cs.columbia.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YM3c4XWslZL2; Thu, 31 Mar 2022 21:08:47 -0400 (EDT) Received: from mm01.cs.columbia.edu (localhost [127.0.0.1]) by mm01.cs.columbia.edu (Postfix) with ESMTP id 4ED4D4B26D; Thu, 31 Mar 2022 21:08:46 -0400 (EDT) Received: from localhost (localhost [127.0.0.1]) by mm01.cs.columbia.edu (Postfix) with ESMTP id 3985D4B20D for ; Thu, 31 Mar 2022 21:08:44 -0400 (EDT) X-Virus-Scanned: at lists.cs.columbia.edu Received: from mm01.cs.columbia.edu ([127.0.0.1]) by localhost (mm01.cs.columbia.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NB781BDON136 for ; Thu, 31 Mar 2022 21:08:43 -0400 (EDT) Received: from mail-il1-f201.google.com (mail-il1-f201.google.com [209.85.166.201]) by mm01.cs.columbia.edu (Postfix) with ESMTPS id B40904B25F for ; Thu, 31 Mar 2022 21:08:42 -0400 (EDT) Received: by mail-il1-f201.google.com with SMTP id f18-20020a926a12000000b002be48b02bc6so849359ilc.17 for ; Thu, 31 Mar 2022 18:08:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=KA/GWZbBcAZRmPygWsfcVB729yBAl8Atyl9ZfVZwME0=; b=sMywx6e53vxiNm4E7wJ847vJbS+tcnm34/ZvNhHoQYy3ROOnRY8CHkP+7EpwRTLD2h AEVnejaGwfgGzpWlTAvEbVcBQm1DiuJymuDnOlrWvcpiYhiAAfIie8xcEH5/lV2gi+Rg rIeKknmv5TNIOdJJvLCVQvMIxhl5TA5nhOFphDxuLihvtPjhacgeXFDDGIijv/QtJEP4 VQEi8k5K+UV2d75IyliDY1pMTb/7L71JmYJYDFuFb1xuspzzyYBYfjE4S1v5dqgIZyeU bgfxp0AuTGYKCl70CX9fglhMu9JKuwbtXv4epNY207xjuTeVr5xPsSH8+Cy5xh0SKL6A +x7w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=KA/GWZbBcAZRmPygWsfcVB729yBAl8Atyl9ZfVZwME0=; b=A/4IFhNTovz7wKY6Nbw2nUF2CORVUs8wnELivN5rT9jiMZzzAakiNh2VicagC5/fs8 cvPUtUEQjNSZS+YSijHGfG+EavHzc+bVsaEllq5ieVaygbhTIKRJaB4bDd9ze2hMWJgt dd5oXmxEEHicQHu/6nrDIlyaWW/crSjvOocvb65fBHF3YcaLu+qYJi39g/jubWbXkFKf +fMQmkpTpc63wxz5M/CNT/aDluXEpydVUPNUl+Z/fDR0szWmVgmDkl7+VgVMmcIGCZqR k2ownjZkBVO1QpXzOmFh9pDTyjxhh+0nxmGlBDMAYVFRBcykuAiIhbG7UuITyjPKcqV+ rS5g== X-Gm-Message-State: AOAM532H9O+CjBfDW+pgNjg+Dpp20bVb3u1waKjCFbULsPXtfaJPrZJP Z1JeXiHn1Kdm5d0P/yof9uQ2kSHfyGfx/UH39M8s7q40sKZe7f5wHXcRg2Ssb4WHURbCq62snu3 Wl2Af0jgaqHOTR6/s6Pf3cz7IiLukkCRp/bEFv4G7ur5MDi9M5H3NwNtijB6Nz+pnnNxoTg== X-Google-Smtp-Source: ABdhPJxcIUgZkoq89DTW0ywDzVC0rUVYrGgHm6b0KDPOULWi8CbLKK4sO2bQ4yU/R77yJcpXNH3RlNMdqm8= X-Received: from oupton.c.googlers.com ([fda3:e722:ac3:cc00:2b:ff92:c0a8:404]) (user=oupton job=sendgmr) by 2002:a05:6e02:190b:b0:2ca:3be:2f52 with SMTP id w11-20020a056e02190b00b002ca03be2f52mr1730936ilu.8.1648775322203; Thu, 31 Mar 2022 18:08:42 -0700 (PDT) Date: Fri, 1 Apr 2022 01:08:32 +0000 In-Reply-To: <20220401010832.3425787-1-oupton@google.com> Message-Id: <20220401010832.3425787-4-oupton@google.com> Mime-Version: 1.0 References: <20220401010832.3425787-1-oupton@google.com> X-Mailer: git-send-email 2.35.1.1094.g7c7d902a7c-goog Subject: [PATCH v2 3/3] KVM: arm64: Start trapping ID registers for 32 bit guests From: Oliver Upton To: kvmarm@lists.cs.columbia.edu Cc: kvm@vger.kernel.org, Marc Zyngier , Peter Shier , linux-arm-kernel@lists.infradead.org X-BeenThere: kvmarm@lists.cs.columbia.edu X-Mailman-Version: 2.1.14 Precedence: list List-Id: Where KVM/ARM decisions are made List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: kvmarm-bounces@lists.cs.columbia.edu Sender: kvmarm-bounces@lists.cs.columbia.edu To date KVM has not trapped ID register accesses from AArch32, meaning that guests get an unconstrained view of what hardware supports. This can be a serious problem because we try to base the guest's feature registers on values that are safe system-wide. Furthermore, KVM does not implement the latest ISA in the PMU and Debug architecture, so we constrain these fields to supported values. Since KVM now correctly handles CP15 and CP10 register traps, we no longer need to clear HCR_EL2.TID3 for 32 bit guests and will instead emulate reads with their safe values. Signed-off-by: Oliver Upton --- arch/arm64/include/asm/kvm_arm.h | 3 ++- arch/arm64/include/asm/kvm_emulate.h | 8 -------- 2 files changed, 2 insertions(+), 9 deletions(-) diff --git a/arch/arm64/include/asm/kvm_arm.h b/arch/arm64/include/asm/kvm_arm.h index 01d47c5886dc..2fc2d995c10a 100644 --- a/arch/arm64/include/asm/kvm_arm.h +++ b/arch/arm64/include/asm/kvm_arm.h @@ -80,11 +80,12 @@ * FMO: Override CPSR.F and enable signaling with VF * SWIO: Turn set/way invalidates into set/way clean+invalidate * PTW: Take a stage2 fault if a stage1 walk steps in device memory + * TID3: Trap EL1 reads of group 3 ID registers */ #define HCR_GUEST_FLAGS (HCR_TSC | HCR_TSW | HCR_TWE | HCR_TWI | HCR_VM | \ HCR_BSU_IS | HCR_FB | HCR_TACR | \ HCR_AMO | HCR_SWIO | HCR_TIDCP | HCR_RW | HCR_TLOR | \ - HCR_FMO | HCR_IMO | HCR_PTW ) + HCR_FMO | HCR_IMO | HCR_PTW | HCR_TID3 ) #define HCR_VIRT_EXCP_MASK (HCR_VSE | HCR_VI | HCR_VF) #define HCR_HOST_NVHE_FLAGS (HCR_RW | HCR_API | HCR_APK | HCR_ATA) #define HCR_HOST_NVHE_PROTECTED_FLAGS (HCR_HOST_NVHE_FLAGS | HCR_TSC) diff --git a/arch/arm64/include/asm/kvm_emulate.h b/arch/arm64/include/asm/kvm_emulate.h index d62405ce3e6d..fe32b4c8b35b 100644 --- a/arch/arm64/include/asm/kvm_emulate.h +++ b/arch/arm64/include/asm/kvm_emulate.h @@ -75,14 +75,6 @@ static inline void vcpu_reset_hcr(struct kvm_vcpu *vcpu) if (test_bit(KVM_ARM_VCPU_EL1_32BIT, vcpu->arch.features)) vcpu->arch.hcr_el2 &= ~HCR_RW; - /* - * TID3: trap feature register accesses that we virtualise. - * For now this is conditional, since no AArch32 feature regs - * are currently virtualised. - */ - if (!vcpu_el1_is_32bit(vcpu)) - vcpu->arch.hcr_el2 |= HCR_TID3; - if (cpus_have_const_cap(ARM64_MISMATCHED_CACHE_TYPE) || vcpu_el1_is_32bit(vcpu)) vcpu->arch.hcr_el2 |= HCR_TID2; -- 2.35.1.1094.g7c7d902a7c-goog _______________________________________________ kvmarm mailing list kvmarm@lists.cs.columbia.edu https://lists.cs.columbia.edu/mailman/listinfo/kvmarm From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 8CA2FC433F5 for ; Fri, 1 Apr 2022 01:10:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:References: Mime-Version:Message-Id:In-Reply-To:Date:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=U5nFZVwncm0fQZsvi1D4uzpcrKhdbtZu5DXFgBGOQmM=; b=gM/0a+mC/MKjBNww6quCGcqM4P /+WA2Z1rq1AudGfM+zm7Dtjd308d9tLJ71/9QXAzZO1dLCfXeh4uOJc5QBql5nHlSRk5zC19fqein RnJH7fIs2MlAn4IFJDzEG9FCNJxEHvNQhT/yJLDizswOYsc1M726T1Km9mmnk2TTyqvSwHzqvCkXk i97bJEnLTBW47L3fxtEBOqkKxdBMJHNz7Roz4v1sS2aZoTIHXAo0pyCB7Vh3VoeMNL24+VwZ1dwr5 0iYkqG6t+/+oNBIueMvNgU+vCc/4AuwcPv9IPZ/BAdaxK03jgV50ETKms3yqJ5W9mczeCmW09wpUA PaFEUpWg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1na5mi-0047d9-6u; Fri, 01 Apr 2022 01:09:04 +0000 Received: from mail-io1-xd4a.google.com ([2607:f8b0:4864:20::d4a]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1na5mN-0047XJ-Bj for linux-arm-kernel@lists.infradead.org; Fri, 01 Apr 2022 01:08:45 +0000 Received: by mail-io1-xd4a.google.com with SMTP id z16-20020a05660217d000b006461c7cbee3so766756iox.21 for ; Thu, 31 Mar 2022 18:08:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=KA/GWZbBcAZRmPygWsfcVB729yBAl8Atyl9ZfVZwME0=; b=sMywx6e53vxiNm4E7wJ847vJbS+tcnm34/ZvNhHoQYy3ROOnRY8CHkP+7EpwRTLD2h AEVnejaGwfgGzpWlTAvEbVcBQm1DiuJymuDnOlrWvcpiYhiAAfIie8xcEH5/lV2gi+Rg rIeKknmv5TNIOdJJvLCVQvMIxhl5TA5nhOFphDxuLihvtPjhacgeXFDDGIijv/QtJEP4 VQEi8k5K+UV2d75IyliDY1pMTb/7L71JmYJYDFuFb1xuspzzyYBYfjE4S1v5dqgIZyeU bgfxp0AuTGYKCl70CX9fglhMu9JKuwbtXv4epNY207xjuTeVr5xPsSH8+Cy5xh0SKL6A +x7w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=KA/GWZbBcAZRmPygWsfcVB729yBAl8Atyl9ZfVZwME0=; b=l4IQgzv+XqgdT8Prcssa68iUrWdsUvBJfcPLEcbejgAFL8UMSuGB7ZWi8vpvBimfkQ 1R/LZVWtAnqwPbwtOPTuTa8S5waaWu5yM0e9dxs73a1diOq1uXyb0nByM9wEWLnT8QGb WO1sZC8+z8lWeRPe28ttP1CMXrSQ6suQbO9sLLqxRpqOntEJAhvJhfVi3ggmS2Qq1ZTW 5xdeGaTmVHU8D/uXkIpGd8VMOmt1nFh+1oHV59W1jT/3LSJOix94GpLevphrTYhEkeoA b8tKVMoohu6KDQKpUDfD8G19T7TfZmqFAV0HIDjOTp67i6VD5FyEOCAXjR4htV/b+BXT n00Q== X-Gm-Message-State: AOAM533LvmrItQSqWRGC+poSBVG2QY1CqoYBAMEIawBcOQSQlnz+oXn5 KEOEEjCzusQcwgw2vyHjaxuS26uUygw= X-Google-Smtp-Source: ABdhPJxcIUgZkoq89DTW0ywDzVC0rUVYrGgHm6b0KDPOULWi8CbLKK4sO2bQ4yU/R77yJcpXNH3RlNMdqm8= X-Received: from oupton.c.googlers.com ([fda3:e722:ac3:cc00:2b:ff92:c0a8:404]) (user=oupton job=sendgmr) by 2002:a05:6e02:190b:b0:2ca:3be:2f52 with SMTP id w11-20020a056e02190b00b002ca03be2f52mr1730936ilu.8.1648775322203; Thu, 31 Mar 2022 18:08:42 -0700 (PDT) Date: Fri, 1 Apr 2022 01:08:32 +0000 In-Reply-To: <20220401010832.3425787-1-oupton@google.com> Message-Id: <20220401010832.3425787-4-oupton@google.com> Mime-Version: 1.0 References: <20220401010832.3425787-1-oupton@google.com> X-Mailer: git-send-email 2.35.1.1094.g7c7d902a7c-goog Subject: [PATCH v2 3/3] KVM: arm64: Start trapping ID registers for 32 bit guests From: Oliver Upton To: kvmarm@lists.cs.columbia.edu Cc: kvm@vger.kernel.org, Marc Zyngier , James Morse , Alexandru Elisei , Suzuki K Poulose , linux-arm-kernel@lists.infradead.org, Peter Shier , Ricardo Koller , Reiji Watanabe , Oliver Upton X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220331_180843_455420_A72E40BC X-CRM114-Status: GOOD ( 13.48 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org To date KVM has not trapped ID register accesses from AArch32, meaning that guests get an unconstrained view of what hardware supports. This can be a serious problem because we try to base the guest's feature registers on values that are safe system-wide. Furthermore, KVM does not implement the latest ISA in the PMU and Debug architecture, so we constrain these fields to supported values. Since KVM now correctly handles CP15 and CP10 register traps, we no longer need to clear HCR_EL2.TID3 for 32 bit guests and will instead emulate reads with their safe values. Signed-off-by: Oliver Upton --- arch/arm64/include/asm/kvm_arm.h | 3 ++- arch/arm64/include/asm/kvm_emulate.h | 8 -------- 2 files changed, 2 insertions(+), 9 deletions(-) diff --git a/arch/arm64/include/asm/kvm_arm.h b/arch/arm64/include/asm/kvm_arm.h index 01d47c5886dc..2fc2d995c10a 100644 --- a/arch/arm64/include/asm/kvm_arm.h +++ b/arch/arm64/include/asm/kvm_arm.h @@ -80,11 +80,12 @@ * FMO: Override CPSR.F and enable signaling with VF * SWIO: Turn set/way invalidates into set/way clean+invalidate * PTW: Take a stage2 fault if a stage1 walk steps in device memory + * TID3: Trap EL1 reads of group 3 ID registers */ #define HCR_GUEST_FLAGS (HCR_TSC | HCR_TSW | HCR_TWE | HCR_TWI | HCR_VM | \ HCR_BSU_IS | HCR_FB | HCR_TACR | \ HCR_AMO | HCR_SWIO | HCR_TIDCP | HCR_RW | HCR_TLOR | \ - HCR_FMO | HCR_IMO | HCR_PTW ) + HCR_FMO | HCR_IMO | HCR_PTW | HCR_TID3 ) #define HCR_VIRT_EXCP_MASK (HCR_VSE | HCR_VI | HCR_VF) #define HCR_HOST_NVHE_FLAGS (HCR_RW | HCR_API | HCR_APK | HCR_ATA) #define HCR_HOST_NVHE_PROTECTED_FLAGS (HCR_HOST_NVHE_FLAGS | HCR_TSC) diff --git a/arch/arm64/include/asm/kvm_emulate.h b/arch/arm64/include/asm/kvm_emulate.h index d62405ce3e6d..fe32b4c8b35b 100644 --- a/arch/arm64/include/asm/kvm_emulate.h +++ b/arch/arm64/include/asm/kvm_emulate.h @@ -75,14 +75,6 @@ static inline void vcpu_reset_hcr(struct kvm_vcpu *vcpu) if (test_bit(KVM_ARM_VCPU_EL1_32BIT, vcpu->arch.features)) vcpu->arch.hcr_el2 &= ~HCR_RW; - /* - * TID3: trap feature register accesses that we virtualise. - * For now this is conditional, since no AArch32 feature regs - * are currently virtualised. - */ - if (!vcpu_el1_is_32bit(vcpu)) - vcpu->arch.hcr_el2 |= HCR_TID3; - if (cpus_have_const_cap(ARM64_MISMATCHED_CACHE_TYPE) || vcpu_el1_is_32bit(vcpu)) vcpu->arch.hcr_el2 |= HCR_TID2; -- 2.35.1.1094.g7c7d902a7c-goog _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel