* [PATCH 0/3] KVM: arm64: Fixes for 'writable' ID registers in protected mode
@ 2025-03-05 23:08 Oliver Upton
2025-03-05 23:08 ` [PATCH 1/3] KVM: arm64: Copy guest CTR_EL0 into hyp VM Oliver Upton
` (4 more replies)
0 siblings, 5 replies; 8+ messages in thread
From: Oliver Upton @ 2025-03-05 23:08 UTC (permalink / raw)
To: kvmarm
Cc: Marc Zyngier, Joey Gouly, Suzuki K Poulose, Sebastian Ott,
Oliver Upton
Address a few issues with ID register handling in protected mode:
- CTR_EL0 isn't trapped on FEAT_EVT systems if userspace changed the
guest value
- VPIDR_EL2 is set to 0 if userspace enabled writable 'implementation
ID' registers
- Fix in capability documentation
Oliver Upton (3):
KVM: arm64: Copy guest CTR_EL0 into hyp VM
KVM: arm64: Copy MIDR_EL1 into hyp VM when it is writable
KVM: arm64: Fix documentation for KVM_CAP_ARM_WRITABLE_IMP_ID_REGS
Documentation/virt/kvm/api.rst | 2 +-
arch/arm64/kvm/hyp/nvhe/pkvm.c | 7 ++++++-
2 files changed, 7 insertions(+), 2 deletions(-)
base-commit: 164f95739b6893716add9439cf765edd5254d0f6
--
2.39.5
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH 1/3] KVM: arm64: Copy guest CTR_EL0 into hyp VM
2025-03-05 23:08 [PATCH 0/3] KVM: arm64: Fixes for 'writable' ID registers in protected mode Oliver Upton
@ 2025-03-05 23:08 ` Oliver Upton
2025-03-06 0:25 ` Marc Zyngier
2025-03-05 23:08 ` [PATCH 2/3] KVM: arm64: Copy MIDR_EL1 into hyp VM when it is writable Oliver Upton
` (3 subsequent siblings)
4 siblings, 1 reply; 8+ messages in thread
From: Oliver Upton @ 2025-03-05 23:08 UTC (permalink / raw)
To: kvmarm
Cc: Marc Zyngier, Joey Gouly, Suzuki K Poulose, Sebastian Ott,
Oliver Upton
Since commit 2843cae26644 ("KVM: arm64: Treat CTR_EL0 as a VM feature
ID register") KVM has allowed userspace to configure the VM-wide view of
CTR_EL0, falling back to trap-n-emulate if the value doesn't match
hardware. It appears that this has worked by chance in protected-mode
for some time, and on systems with FEAT_EVT protected-mode
unconditionally sets TID4 (i.e. TID2 traps sans CTR_EL0).
Forward the guest CTR_EL0 value through to the hyp VM and align the
TID2/TID4 configuration with the non-protected setup.
Fixes: 2843cae26644 ("KVM: arm64: Treat CTR_EL0 as a VM feature ID register")
Signed-off-by: Oliver Upton <oliver.upton@linux.dev>
---
arch/arm64/kvm/hyp/nvhe/pkvm.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/arch/arm64/kvm/hyp/nvhe/pkvm.c b/arch/arm64/kvm/hyp/nvhe/pkvm.c
index 3927fe52a3dd..2e2975248cd3 100644
--- a/arch/arm64/kvm/hyp/nvhe/pkvm.c
+++ b/arch/arm64/kvm/hyp/nvhe/pkvm.c
@@ -46,7 +46,8 @@ static void pkvm_vcpu_reset_hcr(struct kvm_vcpu *vcpu)
vcpu->arch.hcr_el2 |= HCR_FWB;
if (cpus_have_final_cap(ARM64_HAS_EVT) &&
- !cpus_have_final_cap(ARM64_MISMATCHED_CACHE_TYPE))
+ !cpus_have_final_cap(ARM64_MISMATCHED_CACHE_TYPE) &&
+ kvm_read_vm_id_reg(vcpu->kvm, SYS_CTR_EL0) == read_cpuid(CTR_EL0))
vcpu->arch.hcr_el2 |= HCR_TID4;
else
vcpu->arch.hcr_el2 |= HCR_TID2;
@@ -374,6 +375,7 @@ static void init_pkvm_hyp_vm(struct kvm *host_kvm, struct pkvm_hyp_vm *hyp_vm,
hyp_vm->kvm.arch.pkvm.enabled = READ_ONCE(host_kvm->arch.pkvm.enabled);
hyp_vm->kvm.arch.flags = 0;
pkvm_init_features_from_host(hyp_vm, host_kvm);
+ hyp_vm->kvm.arch.ctr_el0 = host_kvm->arch.ctr_el0;
}
static void pkvm_vcpu_init_sve(struct pkvm_hyp_vcpu *hyp_vcpu, struct kvm_vcpu *host_vcpu)
--
2.39.5
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH 2/3] KVM: arm64: Copy MIDR_EL1 into hyp VM when it is writable
2025-03-05 23:08 [PATCH 0/3] KVM: arm64: Fixes for 'writable' ID registers in protected mode Oliver Upton
2025-03-05 23:08 ` [PATCH 1/3] KVM: arm64: Copy guest CTR_EL0 into hyp VM Oliver Upton
@ 2025-03-05 23:08 ` Oliver Upton
2025-03-06 10:52 ` Sebastian Ott
2025-03-05 23:08 ` [PATCH 3/3] KVM: arm64: Fix documentation for KVM_CAP_ARM_WRITABLE_IMP_ID_REGS Oliver Upton
` (2 subsequent siblings)
4 siblings, 1 reply; 8+ messages in thread
From: Oliver Upton @ 2025-03-05 23:08 UTC (permalink / raw)
To: kvmarm
Cc: Marc Zyngier, Joey Gouly, Suzuki K Poulose, Sebastian Ott,
Oliver Upton, Mark Brown
KVM recently added a capability that allows userspace to override the
'implementation ID' registers presented to the VM. MIDR_EL1 is a special
example, where the hypervisor can directly set the value when read from
EL1 using VPIDR_EL2.
Copy the VM-wide value for MIDR_EL1 into the hyp VM for non-protected
guests when the capability is enabled so VPIDR_EL2 gets set up
correctly.
Reported-by: Mark Brown <broonie@kernel.org>
Closes: https://lore.kernel.org/kvmarm/ac594b9c-4bbb-46c8-9391-e7a68ce4de5b@sirena.org.uk/
Fixes: 3adaee783061 ("KVM: arm64: Allow userspace to change the implementation ID registers")
Signed-off-by: Oliver Upton <oliver.upton@linux.dev>
---
arch/arm64/kvm/hyp/nvhe/pkvm.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/arch/arm64/kvm/hyp/nvhe/pkvm.c b/arch/arm64/kvm/hyp/nvhe/pkvm.c
index 2e2975248cd3..afc1b5c403c9 100644
--- a/arch/arm64/kvm/hyp/nvhe/pkvm.c
+++ b/arch/arm64/kvm/hyp/nvhe/pkvm.c
@@ -376,6 +376,9 @@ static void init_pkvm_hyp_vm(struct kvm *host_kvm, struct pkvm_hyp_vm *hyp_vm,
hyp_vm->kvm.arch.flags = 0;
pkvm_init_features_from_host(hyp_vm, host_kvm);
hyp_vm->kvm.arch.ctr_el0 = host_kvm->arch.ctr_el0;
+
+ if (test_bit(KVM_ARCH_FLAG_WRITABLE_IMP_ID_REGS, &hyp_vm->kvm.arch.flags))
+ hyp_vm->kvm.arch.midr_el1 = host_kvm->arch.midr_el1;
}
static void pkvm_vcpu_init_sve(struct pkvm_hyp_vcpu *hyp_vcpu, struct kvm_vcpu *host_vcpu)
--
2.39.5
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH 3/3] KVM: arm64: Fix documentation for KVM_CAP_ARM_WRITABLE_IMP_ID_REGS
2025-03-05 23:08 [PATCH 0/3] KVM: arm64: Fixes for 'writable' ID registers in protected mode Oliver Upton
2025-03-05 23:08 ` [PATCH 1/3] KVM: arm64: Copy guest CTR_EL0 into hyp VM Oliver Upton
2025-03-05 23:08 ` [PATCH 2/3] KVM: arm64: Copy MIDR_EL1 into hyp VM when it is writable Oliver Upton
@ 2025-03-05 23:08 ` Oliver Upton
2025-03-06 0:26 ` [PATCH 0/3] KVM: arm64: Fixes for 'writable' ID registers in protected mode Marc Zyngier
2025-03-06 1:01 ` Oliver Upton
4 siblings, 0 replies; 8+ messages in thread
From: Oliver Upton @ 2025-03-05 23:08 UTC (permalink / raw)
To: kvmarm
Cc: Marc Zyngier, Joey Gouly, Suzuki K Poulose, Sebastian Ott,
Oliver Upton
The capability actually fails with EINVAL if vCPUs have already been
created.
Signed-off-by: Oliver Upton <oliver.upton@linux.dev>
---
Documentation/virt/kvm/api.rst | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Documentation/virt/kvm/api.rst b/Documentation/virt/kvm/api.rst
index 56f3dcdc4477..3468a2a7de6b 100644
--- a/Documentation/virt/kvm/api.rst
+++ b/Documentation/virt/kvm/api.rst
@@ -8264,7 +8264,7 @@ take care to differentiate between these cases.
:Architectures: arm64
:Target: VM
:Parameters: None
-:Returns: 0 on success, -EBUSY if vCPUs have been created before enabling this
+:Returns: 0 on success, -EINVAL if vCPUs have been created before enabling this
capability.
This capability changes the behavior of the registers that identify a PE
--
2.39.5
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH 1/3] KVM: arm64: Copy guest CTR_EL0 into hyp VM
2025-03-05 23:08 ` [PATCH 1/3] KVM: arm64: Copy guest CTR_EL0 into hyp VM Oliver Upton
@ 2025-03-06 0:25 ` Marc Zyngier
0 siblings, 0 replies; 8+ messages in thread
From: Marc Zyngier @ 2025-03-06 0:25 UTC (permalink / raw)
To: Oliver Upton; +Cc: kvmarm, Joey Gouly, Suzuki K Poulose, Sebastian Ott
On Wed, 05 Mar 2025 23:08:23 +0000,
Oliver Upton <oliver.upton@linux.dev> wrote:
>
> Since commit 2843cae26644 ("KVM: arm64: Treat CTR_EL0 as a VM feature
> ID register") KVM has allowed userspace to configure the VM-wide view of
> CTR_EL0, falling back to trap-n-emulate if the value doesn't match
> hardware. It appears that this has worked by chance in protected-mode
> for some time, and on systems with FEAT_EVT protected-mode
> unconditionally sets TID4 (i.e. TID2 traps sans CTR_EL0).
>
> Forward the guest CTR_EL0 value through to the hyp VM and align the
> TID2/TID4 configuration with the non-protected setup.
>
> Fixes: 2843cae26644 ("KVM: arm64: Treat CTR_EL0 as a VM feature ID register")
> Signed-off-by: Oliver Upton <oliver.upton@linux.dev>
> ---
> arch/arm64/kvm/hyp/nvhe/pkvm.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/arch/arm64/kvm/hyp/nvhe/pkvm.c b/arch/arm64/kvm/hyp/nvhe/pkvm.c
> index 3927fe52a3dd..2e2975248cd3 100644
> --- a/arch/arm64/kvm/hyp/nvhe/pkvm.c
> +++ b/arch/arm64/kvm/hyp/nvhe/pkvm.c
> @@ -46,7 +46,8 @@ static void pkvm_vcpu_reset_hcr(struct kvm_vcpu *vcpu)
> vcpu->arch.hcr_el2 |= HCR_FWB;
>
> if (cpus_have_final_cap(ARM64_HAS_EVT) &&
> - !cpus_have_final_cap(ARM64_MISMATCHED_CACHE_TYPE))
> + !cpus_have_final_cap(ARM64_MISMATCHED_CACHE_TYPE) &&
> + kvm_read_vm_id_reg(vcpu->kvm, SYS_CTR_EL0) == read_cpuid(CTR_EL0))
> vcpu->arch.hcr_el2 |= HCR_TID4;
> else
> vcpu->arch.hcr_el2 |= HCR_TID2;
> @@ -374,6 +375,7 @@ static void init_pkvm_hyp_vm(struct kvm *host_kvm, struct pkvm_hyp_vm *hyp_vm,
> hyp_vm->kvm.arch.pkvm.enabled = READ_ONCE(host_kvm->arch.pkvm.enabled);
> hyp_vm->kvm.arch.flags = 0;
> pkvm_init_features_from_host(hyp_vm, host_kvm);
> + hyp_vm->kvm.arch.ctr_el0 = host_kvm->arch.ctr_el0;
Maybe it'd be better to stick this into pkvm_init_features_from_host()
in order to keep all the "inherit stuff from host" together?
Same thing for the following patch.
Thanks,
M.
--
Without deviation from the norm, progress is not possible.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 0/3] KVM: arm64: Fixes for 'writable' ID registers in protected mode
2025-03-05 23:08 [PATCH 0/3] KVM: arm64: Fixes for 'writable' ID registers in protected mode Oliver Upton
` (2 preceding siblings ...)
2025-03-05 23:08 ` [PATCH 3/3] KVM: arm64: Fix documentation for KVM_CAP_ARM_WRITABLE_IMP_ID_REGS Oliver Upton
@ 2025-03-06 0:26 ` Marc Zyngier
2025-03-06 1:01 ` Oliver Upton
4 siblings, 0 replies; 8+ messages in thread
From: Marc Zyngier @ 2025-03-06 0:26 UTC (permalink / raw)
To: Oliver Upton; +Cc: kvmarm, Joey Gouly, Suzuki K Poulose, Sebastian Ott
On Wed, 05 Mar 2025 23:08:22 +0000,
Oliver Upton <oliver.upton@linux.dev> wrote:
>
> Address a few issues with ID register handling in protected mode:
>
> - CTR_EL0 isn't trapped on FEAT_EVT systems if userspace changed the
> guest value
>
> - VPIDR_EL2 is set to 0 if userspace enabled writable 'implementation
> ID' registers
>
> - Fix in capability documentation
>
> Oliver Upton (3):
> KVM: arm64: Copy guest CTR_EL0 into hyp VM
> KVM: arm64: Copy MIDR_EL1 into hyp VM when it is writable
> KVM: arm64: Fix documentation for KVM_CAP_ARM_WRITABLE_IMP_ID_REGS
>
> Documentation/virt/kvm/api.rst | 2 +-
> arch/arm64/kvm/hyp/nvhe/pkvm.c | 7 ++++++-
> 2 files changed, 7 insertions(+), 2 deletions(-)
Irrespective of the comments for the first two patches:
Reviewed-by: Marc Zyngier <maz@kernel.org>
M.
--
Without deviation from the norm, progress is not possible.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 0/3] KVM: arm64: Fixes for 'writable' ID registers in protected mode
2025-03-05 23:08 [PATCH 0/3] KVM: arm64: Fixes for 'writable' ID registers in protected mode Oliver Upton
` (3 preceding siblings ...)
2025-03-06 0:26 ` [PATCH 0/3] KVM: arm64: Fixes for 'writable' ID registers in protected mode Marc Zyngier
@ 2025-03-06 1:01 ` Oliver Upton
4 siblings, 0 replies; 8+ messages in thread
From: Oliver Upton @ 2025-03-06 1:01 UTC (permalink / raw)
To: kvmarm, Oliver Upton
Cc: Marc Zyngier, Joey Gouly, Suzuki K Poulose, Sebastian Ott
On Wed, 05 Mar 2025 15:08:22 -0800, Oliver Upton wrote:
> Address a few issues with ID register handling in protected mode:
>
> - CTR_EL0 isn't trapped on FEAT_EVT systems if userspace changed the
> guest value
>
> - VPIDR_EL2 is set to 0 if userspace enabled writable 'implementation
> ID' registers
>
> [...]
Marc, I fixed it in post :)
Applied to next, thanks!
[1/3] KVM: arm64: Copy guest CTR_EL0 into hyp VM
https://git.kernel.org/kvmarm/kvmarm/c/9d9122736433
[2/3] KVM: arm64: Copy MIDR_EL1 into hyp VM when it is writable
https://git.kernel.org/kvmarm/kvmarm/c/03e1b89d051f
[3/3] KVM: arm64: Fix documentation for KVM_CAP_ARM_WRITABLE_IMP_ID_REGS
https://git.kernel.org/kvmarm/kvmarm/c/5980a6937012
--
Best,
Oliver
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 2/3] KVM: arm64: Copy MIDR_EL1 into hyp VM when it is writable
2025-03-05 23:08 ` [PATCH 2/3] KVM: arm64: Copy MIDR_EL1 into hyp VM when it is writable Oliver Upton
@ 2025-03-06 10:52 ` Sebastian Ott
0 siblings, 0 replies; 8+ messages in thread
From: Sebastian Ott @ 2025-03-06 10:52 UTC (permalink / raw)
To: Oliver Upton
Cc: kvmarm, Marc Zyngier, Joey Gouly, Suzuki K Poulose, Mark Brown
On Wed, 5 Mar 2025, Oliver Upton wrote:
> KVM recently added a capability that allows userspace to override the
> 'implementation ID' registers presented to the VM. MIDR_EL1 is a special
> example, where the hypervisor can directly set the value when read from
> EL1 using VPIDR_EL2.
>
> Copy the VM-wide value for MIDR_EL1 into the hyp VM for non-protected
> guests when the capability is enabled so VPIDR_EL2 gets set up
> correctly.
>
> Reported-by: Mark Brown <broonie@kernel.org>
> Closes: https://lore.kernel.org/kvmarm/ac594b9c-4bbb-46c8-9391-e7a68ce4de5b@sirena.org.uk/
> Fixes: 3adaee783061 ("KVM: arm64: Allow userspace to change the implementation ID registers")
> Signed-off-by: Oliver Upton <oliver.upton@linux.dev>
> ---
> arch/arm64/kvm/hyp/nvhe/pkvm.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/arch/arm64/kvm/hyp/nvhe/pkvm.c b/arch/arm64/kvm/hyp/nvhe/pkvm.c
> index 2e2975248cd3..afc1b5c403c9 100644
> --- a/arch/arm64/kvm/hyp/nvhe/pkvm.c
> +++ b/arch/arm64/kvm/hyp/nvhe/pkvm.c
> @@ -376,6 +376,9 @@ static void init_pkvm_hyp_vm(struct kvm *host_kvm, struct pkvm_hyp_vm *hyp_vm,
> hyp_vm->kvm.arch.flags = 0;
> pkvm_init_features_from_host(hyp_vm, host_kvm);
> hyp_vm->kvm.arch.ctr_el0 = host_kvm->arch.ctr_el0;
> +
> + if (test_bit(KVM_ARCH_FLAG_WRITABLE_IMP_ID_REGS, &hyp_vm->kvm.arch.flags))
> + hyp_vm->kvm.arch.midr_el1 = host_kvm->arch.midr_el1;
> }
Oh, I didn't even think that all that's missing was to update the trusted
kvm instance ... I was looking on where to set VPIDR_EL2 for pkvm.
Thanks for the fix, I guess I'll have some more code reading todo...
Sebastian
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2025-03-06 10:52 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-03-05 23:08 [PATCH 0/3] KVM: arm64: Fixes for 'writable' ID registers in protected mode Oliver Upton
2025-03-05 23:08 ` [PATCH 1/3] KVM: arm64: Copy guest CTR_EL0 into hyp VM Oliver Upton
2025-03-06 0:25 ` Marc Zyngier
2025-03-05 23:08 ` [PATCH 2/3] KVM: arm64: Copy MIDR_EL1 into hyp VM when it is writable Oliver Upton
2025-03-06 10:52 ` Sebastian Ott
2025-03-05 23:08 ` [PATCH 3/3] KVM: arm64: Fix documentation for KVM_CAP_ARM_WRITABLE_IMP_ID_REGS Oliver Upton
2025-03-06 0:26 ` [PATCH 0/3] KVM: arm64: Fixes for 'writable' ID registers in protected mode Marc Zyngier
2025-03-06 1:01 ` Oliver Upton
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.