From: Oliver Upton <oupton@google.com>
To: kvmarm@lists.cs.columbia.edu
Cc: kvm@vger.kernel.org, Marc Zyngier <maz@kernel.org>,
James Morse <james.morse@arm.com>,
Alexandru Elisei <alexandru.elisei@arm.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
linux-arm-kernel@lists.infradead.org,
Peter Shier <pshier@google.com>,
Ricardo Koller <ricarkol@google.com>,
Reiji Watanabe <reijiw@google.com>,
Oliver Upton <oupton@google.com>
Subject: [PATCH v2 0/3] KVM: arm64: Limit feature register reads from AArch32
Date: Fri, 1 Apr 2022 01:08:29 +0000 [thread overview]
Message-ID: <20220401010832.3425787-1-oupton@google.com> (raw)
KVM/arm64 does not restrict the guest's view of the AArch32 feature
registers when read from AArch32. HCR_EL2.TID3 is cleared for AArch32
guests, meaning that register reads come straight from hardware. This is
problematic as KVM relies on read_sanitised_ftr_reg() to expose a set of
features consistent for a particular system.
Appropriate handlers must first be put in place for CP10 and CP15 ID
register accesses before setting TID3. Rather than exhaustively
enumerating each of the encodings for CP10 and CP15 registers, take the
lazy route and aim the register accesses at the AArch64 system register
table.
Patch 1 reroutes the CP15 registers into the AArch64 table, taking care
to immediately RAZ undefined ranges of registers. This is done to avoid
possibly conflicting with encodings for future AArch64 registers.
Patch 2 installs an exit handler for the CP10 ID registers and also
relies on the general AArch64 register handler to implement reads.
Finally, patch 3 actually sets TID3 for AArch32 guests, providing
known-safe values for feature register accesses.
Series applies cleanly to kvmarm/fixes at commit:
8872d9b3e35a ("KVM: arm64: Drop unneeded minor version check from PSCI v1.x handler")
There is an argument that the series is in fact a bug fix for running
AArch32 VMs on heterogeneous systems. To that end, it could be
blamed/backported to when we first knew better:
93390c0a1b20 ("arm64: KVM: Hide unsupported AArch64 CPU features from guests")
But I left that tag off as in the aforementioned change skipping
AArch32 was intentional.
Tested with AArch32 kvm-unit-tests and booting an AArch32 debian guest
on a Raspberry Pi 4.
v1: https://lore.kernel.org/kvmarm/20220329011301.1166265-1-oupton@google.com/
v1 -> v2:
- Actually set TID3! Oops.
- Refactor kvm_emulate_cp15_id_reg() to check preconditions before
proceeding to emulation (Reiji)
- Tighten up comment on kvm_is_cp15_id_reg() to indicate that the only
other trapped ID register (CTR) is already handled in the cp15
register table (Reiji)
Oliver Upton (3):
KVM: arm64: Wire up CP15 feature registers to their AArch64
equivalents
KVM: arm64: Plumb cp10 ID traps through the AArch64 sysreg handler
KVM: arm64: Start trapping ID registers for 32 bit guests
arch/arm64/include/asm/kvm_arm.h | 3 +-
arch/arm64/include/asm/kvm_emulate.h | 8 --
arch/arm64/include/asm/kvm_host.h | 1 +
arch/arm64/kvm/handle_exit.c | 1 +
arch/arm64/kvm/sys_regs.c | 129 +++++++++++++++++++++++++++
5 files changed, 133 insertions(+), 9 deletions(-)
--
2.35.1.1094.g7c7d902a7c-goog
WARNING: multiple messages have this Message-ID (diff)
From: Oliver Upton <oupton@google.com>
To: kvmarm@lists.cs.columbia.edu
Cc: kvm@vger.kernel.org, Marc Zyngier <maz@kernel.org>,
Peter Shier <pshier@google.com>,
linux-arm-kernel@lists.infradead.org
Subject: [PATCH v2 0/3] KVM: arm64: Limit feature register reads from AArch32
Date: Fri, 1 Apr 2022 01:08:29 +0000 [thread overview]
Message-ID: <20220401010832.3425787-1-oupton@google.com> (raw)
KVM/arm64 does not restrict the guest's view of the AArch32 feature
registers when read from AArch32. HCR_EL2.TID3 is cleared for AArch32
guests, meaning that register reads come straight from hardware. This is
problematic as KVM relies on read_sanitised_ftr_reg() to expose a set of
features consistent for a particular system.
Appropriate handlers must first be put in place for CP10 and CP15 ID
register accesses before setting TID3. Rather than exhaustively
enumerating each of the encodings for CP10 and CP15 registers, take the
lazy route and aim the register accesses at the AArch64 system register
table.
Patch 1 reroutes the CP15 registers into the AArch64 table, taking care
to immediately RAZ undefined ranges of registers. This is done to avoid
possibly conflicting with encodings for future AArch64 registers.
Patch 2 installs an exit handler for the CP10 ID registers and also
relies on the general AArch64 register handler to implement reads.
Finally, patch 3 actually sets TID3 for AArch32 guests, providing
known-safe values for feature register accesses.
Series applies cleanly to kvmarm/fixes at commit:
8872d9b3e35a ("KVM: arm64: Drop unneeded minor version check from PSCI v1.x handler")
There is an argument that the series is in fact a bug fix for running
AArch32 VMs on heterogeneous systems. To that end, it could be
blamed/backported to when we first knew better:
93390c0a1b20 ("arm64: KVM: Hide unsupported AArch64 CPU features from guests")
But I left that tag off as in the aforementioned change skipping
AArch32 was intentional.
Tested with AArch32 kvm-unit-tests and booting an AArch32 debian guest
on a Raspberry Pi 4.
v1: https://lore.kernel.org/kvmarm/20220329011301.1166265-1-oupton@google.com/
v1 -> v2:
- Actually set TID3! Oops.
- Refactor kvm_emulate_cp15_id_reg() to check preconditions before
proceeding to emulation (Reiji)
- Tighten up comment on kvm_is_cp15_id_reg() to indicate that the only
other trapped ID register (CTR) is already handled in the cp15
register table (Reiji)
Oliver Upton (3):
KVM: arm64: Wire up CP15 feature registers to their AArch64
equivalents
KVM: arm64: Plumb cp10 ID traps through the AArch64 sysreg handler
KVM: arm64: Start trapping ID registers for 32 bit guests
arch/arm64/include/asm/kvm_arm.h | 3 +-
arch/arm64/include/asm/kvm_emulate.h | 8 --
arch/arm64/include/asm/kvm_host.h | 1 +
arch/arm64/kvm/handle_exit.c | 1 +
arch/arm64/kvm/sys_regs.c | 129 +++++++++++++++++++++++++++
5 files changed, 133 insertions(+), 9 deletions(-)
--
2.35.1.1094.g7c7d902a7c-goog
_______________________________________________
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
WARNING: multiple messages have this Message-ID (diff)
From: Oliver Upton <oupton@google.com>
To: kvmarm@lists.cs.columbia.edu
Cc: kvm@vger.kernel.org, Marc Zyngier <maz@kernel.org>,
James Morse <james.morse@arm.com>,
Alexandru Elisei <alexandru.elisei@arm.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
linux-arm-kernel@lists.infradead.org,
Peter Shier <pshier@google.com>,
Ricardo Koller <ricarkol@google.com>,
Reiji Watanabe <reijiw@google.com>,
Oliver Upton <oupton@google.com>
Subject: [PATCH v2 0/3] KVM: arm64: Limit feature register reads from AArch32
Date: Fri, 1 Apr 2022 01:08:29 +0000 [thread overview]
Message-ID: <20220401010832.3425787-1-oupton@google.com> (raw)
KVM/arm64 does not restrict the guest's view of the AArch32 feature
registers when read from AArch32. HCR_EL2.TID3 is cleared for AArch32
guests, meaning that register reads come straight from hardware. This is
problematic as KVM relies on read_sanitised_ftr_reg() to expose a set of
features consistent for a particular system.
Appropriate handlers must first be put in place for CP10 and CP15 ID
register accesses before setting TID3. Rather than exhaustively
enumerating each of the encodings for CP10 and CP15 registers, take the
lazy route and aim the register accesses at the AArch64 system register
table.
Patch 1 reroutes the CP15 registers into the AArch64 table, taking care
to immediately RAZ undefined ranges of registers. This is done to avoid
possibly conflicting with encodings for future AArch64 registers.
Patch 2 installs an exit handler for the CP10 ID registers and also
relies on the general AArch64 register handler to implement reads.
Finally, patch 3 actually sets TID3 for AArch32 guests, providing
known-safe values for feature register accesses.
Series applies cleanly to kvmarm/fixes at commit:
8872d9b3e35a ("KVM: arm64: Drop unneeded minor version check from PSCI v1.x handler")
There is an argument that the series is in fact a bug fix for running
AArch32 VMs on heterogeneous systems. To that end, it could be
blamed/backported to when we first knew better:
93390c0a1b20 ("arm64: KVM: Hide unsupported AArch64 CPU features from guests")
But I left that tag off as in the aforementioned change skipping
AArch32 was intentional.
Tested with AArch32 kvm-unit-tests and booting an AArch32 debian guest
on a Raspberry Pi 4.
v1: https://lore.kernel.org/kvmarm/20220329011301.1166265-1-oupton@google.com/
v1 -> v2:
- Actually set TID3! Oops.
- Refactor kvm_emulate_cp15_id_reg() to check preconditions before
proceeding to emulation (Reiji)
- Tighten up comment on kvm_is_cp15_id_reg() to indicate that the only
other trapped ID register (CTR) is already handled in the cp15
register table (Reiji)
Oliver Upton (3):
KVM: arm64: Wire up CP15 feature registers to their AArch64
equivalents
KVM: arm64: Plumb cp10 ID traps through the AArch64 sysreg handler
KVM: arm64: Start trapping ID registers for 32 bit guests
arch/arm64/include/asm/kvm_arm.h | 3 +-
arch/arm64/include/asm/kvm_emulate.h | 8 --
arch/arm64/include/asm/kvm_host.h | 1 +
arch/arm64/kvm/handle_exit.c | 1 +
arch/arm64/kvm/sys_regs.c | 129 +++++++++++++++++++++++++++
5 files changed, 133 insertions(+), 9 deletions(-)
--
2.35.1.1094.g7c7d902a7c-goog
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next reply other threads:[~2022-04-01 1:08 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-01 1:08 Oliver Upton [this message]
2022-04-01 1:08 ` [PATCH v2 0/3] KVM: arm64: Limit feature register reads from AArch32 Oliver Upton
2022-04-01 1:08 ` Oliver Upton
2022-04-01 1:08 ` [PATCH v2 1/3] KVM: arm64: Wire up CP15 feature registers to their AArch64 equivalents Oliver Upton
2022-04-01 1:08 ` Oliver Upton
2022-04-01 1:08 ` Oliver Upton
2022-04-04 1:51 ` Reiji Watanabe
2022-04-04 1:51 ` Reiji Watanabe
2022-04-04 1:51 ` Reiji Watanabe
2022-04-06 15:07 ` Marc Zyngier
2022-04-06 15:07 ` Marc Zyngier
2022-04-06 15:07 ` Marc Zyngier
2022-04-07 20:12 ` Oliver Upton
2022-04-07 20:12 ` Oliver Upton
2022-04-07 20:12 ` Oliver Upton
2022-04-01 1:08 ` [PATCH v2 2/3] KVM: arm64: Plumb cp10 ID traps through the AArch64 sysreg handler Oliver Upton
2022-04-01 1:08 ` Oliver Upton
2022-04-01 1:08 ` Oliver Upton
2022-04-04 3:57 ` Reiji Watanabe
2022-04-04 3:57 ` Reiji Watanabe
2022-04-04 3:57 ` Reiji Watanabe
2022-04-04 5:28 ` Oliver Upton
2022-04-04 5:28 ` Oliver Upton
2022-04-04 5:28 ` Oliver Upton
2022-04-04 23:19 ` Oliver Upton
2022-04-04 23:19 ` Oliver Upton
2022-04-04 23:19 ` Oliver Upton
2022-04-05 1:46 ` Reiji Watanabe
2022-04-05 1:46 ` Reiji Watanabe
2022-04-05 1:46 ` Reiji Watanabe
2022-04-01 1:08 ` [PATCH v2 3/3] KVM: arm64: Start trapping ID registers for 32 bit guests Oliver Upton
2022-04-01 1:08 ` Oliver Upton
2022-04-01 1:08 ` Oliver Upton
2022-04-04 4:45 ` Reiji Watanabe
2022-04-04 4:45 ` Reiji Watanabe
2022-04-04 4:45 ` Reiji Watanabe
2022-04-04 5:46 ` Oliver Upton
2022-04-04 5:46 ` Oliver Upton
2022-04-04 5:46 ` Oliver Upton
2022-04-05 1:53 ` Reiji Watanabe
2022-04-05 1:53 ` Reiji Watanabe
2022-04-05 1:53 ` Reiji Watanabe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220401010832.3425787-1-oupton@google.com \
--to=oupton@google.com \
--cc=alexandru.elisei@arm.com \
--cc=james.morse@arm.com \
--cc=kvm@vger.kernel.org \
--cc=kvmarm@lists.cs.columbia.edu \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=maz@kernel.org \
--cc=pshier@google.com \
--cc=reijiw@google.com \
--cc=ricarkol@google.com \
--cc=suzuki.poulose@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.