From: Oliver Upton <oupton@google.com>
To: Reiji Watanabe <reijiw@google.com>
Cc: kvmarm@lists.cs.columbia.edu, kvm@vger.kernel.org,
Marc Zyngier <maz@kernel.org>, James Morse <james.morse@arm.com>,
Alexandru Elisei <alexandru.elisei@arm.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
Linux ARM <linux-arm-kernel@lists.infradead.org>,
Peter Shier <pshier@google.com>,
Ricardo Koller <ricarkol@google.com>
Subject: Re: [PATCH v2 3/3] KVM: arm64: Start trapping ID registers for 32 bit guests
Date: Mon, 4 Apr 2022 05:46:39 +0000 [thread overview]
Message-ID: <YkqGP/OaKK7LpKF2@google.com> (raw)
In-Reply-To: <CAAeT=Fz4cB_SoZCMkOp9cEuMbY+M+ieQ6PTBcvCOQRwGkGv9pA@mail.gmail.com>
Hi Reiji,
On Sun, Apr 03, 2022 at 09:45:15PM -0700, Reiji Watanabe wrote:
> On Thu, Mar 31, 2022 at 6:08 PM Oliver Upton <oupton@google.com> wrote:
> >
> > To date KVM has not trapped ID register accesses from AArch32, meaning
> > that guests get an unconstrained view of what hardware supports. This
> > can be a serious problem because we try to base the guest's feature
> > registers on values that are safe system-wide. Furthermore, KVM does not
> > implement the latest ISA in the PMU and Debug architecture, so we
> > constrain these fields to supported values.
> >
> > Since KVM now correctly handles CP15 and CP10 register traps, we no
> > longer need to clear HCR_EL2.TID3 for 32 bit guests and will instead
> > emulate reads with their safe values.
> >
> > Signed-off-by: Oliver Upton <oupton@google.com>
>
> Reviewed-by: Reiji Watanabe <reijiw@google.com>
>
> BTW, due to this, on a system that supports PMUv3, ID_DFR0_E1 value will
> become 0 for the aarch32 guest without PMUv3. This is the correct behavior,
> but it affects migration. I'm not sure how much we should care about
> migration of the aarch32 guest though (and it will be resolved once ID
> registers become configurable anyway).
I believe userspace has been accessing the sanitised values of these
feature registers the entire time, so we should be OK on the UAPI side.
From the guest's perspective, I don't believe there is a meaningful
change. Even if the guest were to believe the value it sees in
ID_DFR0.PerfMon, it'll crash and burn on the first attempt to poke a PMU
register as we synthesize an UNDEF, right? At least now we cover our
tracks and ensure the vCPU correctly identifies itself to the guest.
This is, of course, unless I missed something painfully obvious :)
--
Thanks,
Oliver
WARNING: multiple messages have this Message-ID (diff)
From: Oliver Upton <oupton@google.com>
To: Reiji Watanabe <reijiw@google.com>
Cc: kvm@vger.kernel.org, Marc Zyngier <maz@kernel.org>,
Peter Shier <pshier@google.com>,
kvmarm@lists.cs.columbia.edu,
Linux ARM <linux-arm-kernel@lists.infradead.org>
Subject: Re: [PATCH v2 3/3] KVM: arm64: Start trapping ID registers for 32 bit guests
Date: Mon, 4 Apr 2022 05:46:39 +0000 [thread overview]
Message-ID: <YkqGP/OaKK7LpKF2@google.com> (raw)
In-Reply-To: <CAAeT=Fz4cB_SoZCMkOp9cEuMbY+M+ieQ6PTBcvCOQRwGkGv9pA@mail.gmail.com>
Hi Reiji,
On Sun, Apr 03, 2022 at 09:45:15PM -0700, Reiji Watanabe wrote:
> On Thu, Mar 31, 2022 at 6:08 PM Oliver Upton <oupton@google.com> wrote:
> >
> > To date KVM has not trapped ID register accesses from AArch32, meaning
> > that guests get an unconstrained view of what hardware supports. This
> > can be a serious problem because we try to base the guest's feature
> > registers on values that are safe system-wide. Furthermore, KVM does not
> > implement the latest ISA in the PMU and Debug architecture, so we
> > constrain these fields to supported values.
> >
> > Since KVM now correctly handles CP15 and CP10 register traps, we no
> > longer need to clear HCR_EL2.TID3 for 32 bit guests and will instead
> > emulate reads with their safe values.
> >
> > Signed-off-by: Oliver Upton <oupton@google.com>
>
> Reviewed-by: Reiji Watanabe <reijiw@google.com>
>
> BTW, due to this, on a system that supports PMUv3, ID_DFR0_E1 value will
> become 0 for the aarch32 guest without PMUv3. This is the correct behavior,
> but it affects migration. I'm not sure how much we should care about
> migration of the aarch32 guest though (and it will be resolved once ID
> registers become configurable anyway).
I believe userspace has been accessing the sanitised values of these
feature registers the entire time, so we should be OK on the UAPI side.
From the guest's perspective, I don't believe there is a meaningful
change. Even if the guest were to believe the value it sees in
ID_DFR0.PerfMon, it'll crash and burn on the first attempt to poke a PMU
register as we synthesize an UNDEF, right? At least now we cover our
tracks and ensure the vCPU correctly identifies itself to the guest.
This is, of course, unless I missed something painfully obvious :)
--
Thanks,
Oliver
_______________________________________________
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
WARNING: multiple messages have this Message-ID (diff)
From: Oliver Upton <oupton@google.com>
To: Reiji Watanabe <reijiw@google.com>
Cc: kvmarm@lists.cs.columbia.edu, kvm@vger.kernel.org,
Marc Zyngier <maz@kernel.org>, James Morse <james.morse@arm.com>,
Alexandru Elisei <alexandru.elisei@arm.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
Linux ARM <linux-arm-kernel@lists.infradead.org>,
Peter Shier <pshier@google.com>,
Ricardo Koller <ricarkol@google.com>
Subject: Re: [PATCH v2 3/3] KVM: arm64: Start trapping ID registers for 32 bit guests
Date: Mon, 4 Apr 2022 05:46:39 +0000 [thread overview]
Message-ID: <YkqGP/OaKK7LpKF2@google.com> (raw)
In-Reply-To: <CAAeT=Fz4cB_SoZCMkOp9cEuMbY+M+ieQ6PTBcvCOQRwGkGv9pA@mail.gmail.com>
Hi Reiji,
On Sun, Apr 03, 2022 at 09:45:15PM -0700, Reiji Watanabe wrote:
> On Thu, Mar 31, 2022 at 6:08 PM Oliver Upton <oupton@google.com> wrote:
> >
> > To date KVM has not trapped ID register accesses from AArch32, meaning
> > that guests get an unconstrained view of what hardware supports. This
> > can be a serious problem because we try to base the guest's feature
> > registers on values that are safe system-wide. Furthermore, KVM does not
> > implement the latest ISA in the PMU and Debug architecture, so we
> > constrain these fields to supported values.
> >
> > Since KVM now correctly handles CP15 and CP10 register traps, we no
> > longer need to clear HCR_EL2.TID3 for 32 bit guests and will instead
> > emulate reads with their safe values.
> >
> > Signed-off-by: Oliver Upton <oupton@google.com>
>
> Reviewed-by: Reiji Watanabe <reijiw@google.com>
>
> BTW, due to this, on a system that supports PMUv3, ID_DFR0_E1 value will
> become 0 for the aarch32 guest without PMUv3. This is the correct behavior,
> but it affects migration. I'm not sure how much we should care about
> migration of the aarch32 guest though (and it will be resolved once ID
> registers become configurable anyway).
I believe userspace has been accessing the sanitised values of these
feature registers the entire time, so we should be OK on the UAPI side.
From the guest's perspective, I don't believe there is a meaningful
change. Even if the guest were to believe the value it sees in
ID_DFR0.PerfMon, it'll crash and burn on the first attempt to poke a PMU
register as we synthesize an UNDEF, right? At least now we cover our
tracks and ensure the vCPU correctly identifies itself to the guest.
This is, of course, unless I missed something painfully obvious :)
--
Thanks,
Oliver
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2022-04-04 5:46 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-01 1:08 [PATCH v2 0/3] KVM: arm64: Limit feature register reads from AArch32 Oliver Upton
2022-04-01 1:08 ` Oliver Upton
2022-04-01 1:08 ` Oliver Upton
2022-04-01 1:08 ` [PATCH v2 1/3] KVM: arm64: Wire up CP15 feature registers to their AArch64 equivalents Oliver Upton
2022-04-01 1:08 ` Oliver Upton
2022-04-01 1:08 ` Oliver Upton
2022-04-04 1:51 ` Reiji Watanabe
2022-04-04 1:51 ` Reiji Watanabe
2022-04-04 1:51 ` Reiji Watanabe
2022-04-06 15:07 ` Marc Zyngier
2022-04-06 15:07 ` Marc Zyngier
2022-04-06 15:07 ` Marc Zyngier
2022-04-07 20:12 ` Oliver Upton
2022-04-07 20:12 ` Oliver Upton
2022-04-07 20:12 ` Oliver Upton
2022-04-01 1:08 ` [PATCH v2 2/3] KVM: arm64: Plumb cp10 ID traps through the AArch64 sysreg handler Oliver Upton
2022-04-01 1:08 ` Oliver Upton
2022-04-01 1:08 ` Oliver Upton
2022-04-04 3:57 ` Reiji Watanabe
2022-04-04 3:57 ` Reiji Watanabe
2022-04-04 3:57 ` Reiji Watanabe
2022-04-04 5:28 ` Oliver Upton
2022-04-04 5:28 ` Oliver Upton
2022-04-04 5:28 ` Oliver Upton
2022-04-04 23:19 ` Oliver Upton
2022-04-04 23:19 ` Oliver Upton
2022-04-04 23:19 ` Oliver Upton
2022-04-05 1:46 ` Reiji Watanabe
2022-04-05 1:46 ` Reiji Watanabe
2022-04-05 1:46 ` Reiji Watanabe
2022-04-01 1:08 ` [PATCH v2 3/3] KVM: arm64: Start trapping ID registers for 32 bit guests Oliver Upton
2022-04-01 1:08 ` Oliver Upton
2022-04-01 1:08 ` Oliver Upton
2022-04-04 4:45 ` Reiji Watanabe
2022-04-04 4:45 ` Reiji Watanabe
2022-04-04 4:45 ` Reiji Watanabe
2022-04-04 5:46 ` Oliver Upton [this message]
2022-04-04 5:46 ` Oliver Upton
2022-04-04 5:46 ` Oliver Upton
2022-04-05 1:53 ` Reiji Watanabe
2022-04-05 1:53 ` Reiji Watanabe
2022-04-05 1:53 ` Reiji Watanabe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YkqGP/OaKK7LpKF2@google.com \
--to=oupton@google.com \
--cc=alexandru.elisei@arm.com \
--cc=james.morse@arm.com \
--cc=kvm@vger.kernel.org \
--cc=kvmarm@lists.cs.columbia.edu \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=maz@kernel.org \
--cc=pshier@google.com \
--cc=reijiw@google.com \
--cc=ricarkol@google.com \
--cc=suzuki.poulose@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.