From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5A38A201106 for ; Fri, 18 Oct 2024 10:23:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729247005; cv=none; b=Gf4RDZP85u5Ad+xjtTffQmVidpMXDH9v+m9J3MqryKLxKWBk3d2lF9SY6haFs607zPKfn0YxuPhMO3nNqM6wILcTFcmmBI2Kbz1aijY2ieoQu5Z2MAoxyDIHbumYITscqPTiKET4EspvE23ZGZn+B/y/CKOn7Ns81kYsx+HwbfI= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729247005; c=relaxed/simple; bh=/66c9/H7Fi/NiRoqzhE7bvDtC0JZ26GedV/t2crh9Hw=; h=Date:Message-ID:From:To:Cc:Subject:In-Reply-To:References: MIME-Version:Content-Type; b=YIhWtIL5SpxxC0eOsjpfB/X6jRMEDj46NepuUwe/D25AZkZP06oCDP9GUS8IIYWf9aAH1rntzvUICcxjuCQV9ZtgWEX2uQGRpfF5Nweo8RM1zWsHal6HSUHSVzHXXDb8JnZWXdtz4myZh5p3hJAs3q/Abyrkroi8l2JaSYf0cpk= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=WzCsJLht; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="WzCsJLht" Received: by smtp.kernel.org (Postfix) with ESMTPSA id E0CEAC4CEC3; Fri, 18 Oct 2024 10:23:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1729247004; bh=/66c9/H7Fi/NiRoqzhE7bvDtC0JZ26GedV/t2crh9Hw=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=WzCsJLhtsMzfPKjje3WJITjpl786xJYBrMLrjuBXAt/daIhP4/Vp4K6igJqRbfVB/ 5lnzqEOLxeJ96J73R6LpLAp/lRI8XUoldrT67apa0XXiRmBHnEiFscsIlogHLxVLbI CBsSJMYISNxPzzdeckl8d7/gxSzx3iin8j5Hfc20DxyzWhv8ZHP/GnlXwOw3ftnyN5 yquzrj/3SFqhrv5SplzpQ2R8rJcL+vWwNsj0RxiwoLRmNZvlEGCMYJHGpbLdn+PM+P OIYg6pBbWhJMqGxBTz+Vny9W0c7IGcbOhVwm2oAFOaK4DJMeNMhs/VnAguInLRE2N3 J2OP96qNpZ4EA== Received: from sofa.misterjones.org ([185.219.108.64] helo=goblin-girl.misterjones.org) by disco-boy.misterjones.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1t1k8g-004kD1-8X; Fri, 18 Oct 2024 11:23:22 +0100 Date: Fri, 18 Oct 2024 11:23:20 +0100 Message-ID: <86h6994smf.wl-maz@kernel.org> From: Marc Zyngier To: Shameer Kolothum Cc: , , , , , , , , Subject: Re: [PATCH] KVM: arm64: Make L1Ip feature in CTR_EL0 writable from userspace In-Reply-To: <20241017085925.40532-1-shameerali.kolothum.thodi@huawei.com> References: <20241017085925.40532-1-shameerali.kolothum.thodi@huawei.com> User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM-LB/1.14.9 (=?UTF-8?B?R29qxY0=?=) APEL-LB/10.8 EasyPG/1.0.0 Emacs/29.4 (aarch64-unknown-linux-gnu) MULE/6.0 (HANACHIRUSATO) Precedence: bulk X-Mailing-List: kvmarm@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-SA-Exim-Connect-IP: 185.219.108.64 X-SA-Exim-Rcpt-To: shameerali.kolothum.thodi@huawei.com, kvmarm@lists.linux.dev, oliver.upton@linux.dev, james.morse@arm.com, joey.gouly@arm.com, suzuki.poulose@arm.com, yuzenghui@huawei.com, wangzhou1@hisilicon.com, linux-arm-kernel@lists.infradead.org, linuxarm@huawei.com X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false On Thu, 17 Oct 2024 09:59:25 +0100, Shameer Kolothum wrote: >=20 > Only allow userspace to set VIPT(0b10) or PIPT(0b11) for L1Ip based on > what hardware reports as both=C2=A0AIVIVT (0b01) and VPIPT (0b00) are > documented as reserved. >=20 > Using a VIPT for Guest where hardware reports PIPT may lead to over > invalidation, but is still correct. Hence, we can allow downgrading > PIPT to VIPT, but not the other way around. >=20 > Signed-off-by: Shameer Kolothum > --- > This is based on the dicsussion here[0]. > https://lore.kernel.org/kvmarm/0db19a081d9e41f08b0043baeef16f16@huawei.co= m/ >=20 > Also depends on Joey's series[1] as it make use of the ID_FILTERED macro. >=20 > I am not sure we need to explicitly make the ftr type as FTR_LOWER_SAFE > in kvm_arm64_ftr_safe_value() or as mentioned below can depend on > arm64_ftr_safe_value() for this ftr bits. I think relying on the arch code for this is the right thing to do. This was designed to cope with heterogeneous systems where you could have both PIPT and VIPT caches in the system, and we don't allow a late comer to be VIPT if we're decided on PIPT (hence the FTR_EXACT). >=20 > Please take a look and let me know. >=20 > Thanks, > Shameer >=20 > [0] https://lore.kernel.org/kvmarm/0db19a081d9e41f08b0043baeef16f16@huawe= i.com/ > [1] https://lore.kernel.org/kvmarm/20241015133923.3910916-1-joey.gouly@ar= m.com/ > --- > arch/arm64/kvm/sys_regs.c | 32 ++++++++++++++++++++++++++++---- > 1 file changed, 28 insertions(+), 4 deletions(-) >=20 > diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c > index d97ccf1c1558..819dcb63febd 100644 > --- a/arch/arm64/kvm/sys_regs.c > +++ b/arch/arm64/kvm/sys_regs.c > @@ -1872,6 +1872,28 @@ static int set_id_aa64pfr1_el1(struct kvm_vcpu *vc= pu, > return set_id_reg(vcpu, rd, user_val); > } > =20 > +static int set_ctr_el0(struct kvm_vcpu *vcpu, > + const struct sys_reg_desc *rd, u64 user_val) > +{ > + u8 user_L1Ip =3D SYS_FIELD_GET(CTR_EL0, L1Ip, user_val); > + > + /* > + * Both AIVIVT (0b01) and VPIPT (0b00) are documented as reserved. > + * Hence only allow to set VIPT(0b10) or PIPT(0b11) for L1Ip based > + * on what hardware reports. > + * > + * Using a VIPT software model on PIPT will lead to over invalidation, > + * but still correct. Hence, we can allow downgrading PIPT to VIPT, > + * but not the other way around. This is handled via arm64_ftr_safe_val= ue() > + * as CTR_EL0 ftr_bits has L1Ip field type FTR_EXACT with safe value > + * set as VIPT) > + */ > + if (user_L1Ip < CTR_EL0_L1Ip_VIPT) > + return -EINVAL; I'm not overly fond of this, because the ordering of cache types is arbitrary (it really is an enumeration). I would rather see the allowed cache types explicitly listed. It doesn't change a thing, but makes it all much more readable. With this fixed: Reviewed-by: Marc Zyngier Thanks, M. --=20 Without deviation from the norm, progress is not possible.