From: Marc Zyngier <maz@kernel.org>
To: Jing Zhang <jingzhangos@google.com>
Cc: KVM <kvm@vger.kernel.org>, KVMARM <kvmarm@lists.linux.dev>,
ARMLinux <linux-arm-kernel@lists.infradead.org>,
Oliver Upton <oupton@google.com>, Will Deacon <will@kernel.org>,
Paolo Bonzini <pbonzini@redhat.com>,
James Morse <james.morse@arm.com>,
Alexandru Elisei <alexandru.elisei@arm.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
Fuad Tabba <tabba@google.com>, Reiji Watanabe <reijiw@google.com>,
Raghavendra Rao Ananta <rananta@google.com>
Subject: Re: [PATCH v8 2/6] KVM: arm64: Save ID registers' sanitized value per guest
Date: Wed, 17 May 2023 08:41:14 +0100 [thread overview]
Message-ID: <86wn17l811.wl-maz@kernel.org> (raw)
In-Reply-To: <20230503171618.2020461-3-jingzhangos@google.com>
On Wed, 03 May 2023 18:16:14 +0100,
Jing Zhang <jingzhangos@google.com> wrote:
>
> Introduce id_regs[] in kvm_arch as a storage of guest's ID registers,
> and save ID registers' sanitized value in the array at KVM_CREATE_VM.
> Use the saved ones when ID registers are read by the guest or
> userspace (via KVM_GET_ONE_REG).
>
> No functional change intended.
>
> Co-developed-by: Reiji Watanabe <reijiw@google.com>
> Signed-off-by: Reiji Watanabe <reijiw@google.com>
> Signed-off-by: Jing Zhang <jingzhangos@google.com>
> ---
> arch/arm64/include/asm/kvm_host.h | 20 ++++++++++++++
> arch/arm64/kvm/arm.c | 1 +
> arch/arm64/kvm/id_regs.c | 46 +++++++++++++++++++++++++------
> arch/arm64/kvm/sys_regs.c | 11 +++++++-
> arch/arm64/kvm/sys_regs.h | 3 +-
> 5 files changed, 69 insertions(+), 12 deletions(-)
>
> diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h
> index bcd774d74f34..a7d4d9e093e3 100644
> --- a/arch/arm64/include/asm/kvm_host.h
> +++ b/arch/arm64/include/asm/kvm_host.h
> @@ -177,6 +177,21 @@ struct kvm_smccc_features {
> unsigned long vendor_hyp_bmap;
> };
>
> +/*
> + * Emulated CPU ID registers per VM
> + * (Op0, Op1, CRn, CRm, Op2) of the ID registers to be saved in it
> + * is (3, 0, 0, crm, op2), where 1<=crm<8, 0<=op2<8.
> + *
> + * These emulated idregs are VM-wide, but accessed from the context of a vCPU.
> + * Access to id regs are guarded by kvm_arch.config_lock.
> + */
> +#define KVM_ARM_ID_REG_NUM 56
You already have this as part of patch #1 in another include file, and
then move it here. Surely you can do that in one go. I'd also like it
to be defined in terms of encodings, and not as a raw value.
> +#define IDREG_IDX(id) (((sys_reg_CRm(id) - 1) << 3) | sys_reg_Op2(id))
> +#define IDREG(kvm, id) kvm->arch.idregs.regs[IDREG_IDX(id)]
Missing brackets around 'kvm'.
> +struct kvm_idregs {
> + u64 regs[KVM_ARM_ID_REG_NUM];
> +};
> +
> typedef unsigned int pkvm_handle_t;
>
> struct kvm_protected_vm {
> @@ -243,6 +258,9 @@ struct kvm_arch {
> /* Hypercall features firmware registers' descriptor */
> struct kvm_smccc_features smccc_feat;
>
> + /* Emulated CPU ID registers */
> + struct kvm_idregs idregs;
> +
> /*
> * For an untrusted host VM, 'pkvm.handle' is used to lookup
> * the associated pKVM instance in the hypervisor.
> @@ -1008,6 +1026,8 @@ int kvm_arm_vcpu_arch_has_attr(struct kvm_vcpu *vcpu,
> long kvm_vm_ioctl_mte_copy_tags(struct kvm *kvm,
> struct kvm_arm_copy_mte_tags *copy_tags);
>
> +void kvm_arm_init_id_regs(struct kvm *kvm);
> +
> /* Guest/host FPSIMD coordination helpers */
> int kvm_arch_vcpu_run_map_fp(struct kvm_vcpu *vcpu);
> void kvm_arch_vcpu_load_fp(struct kvm_vcpu *vcpu);
> diff --git a/arch/arm64/kvm/arm.c b/arch/arm64/kvm/arm.c
> index 4b2e16e696a8..e34744c36406 100644
> --- a/arch/arm64/kvm/arm.c
> +++ b/arch/arm64/kvm/arm.c
> @@ -153,6 +153,7 @@ int kvm_arch_init_vm(struct kvm *kvm, unsigned long type)
>
> set_default_spectre(kvm);
> kvm_arm_init_hypercalls(kvm);
> + kvm_arm_init_id_regs(kvm);
>
> /*
> * Initialise the default PMUver before there is a chance to
> diff --git a/arch/arm64/kvm/id_regs.c b/arch/arm64/kvm/id_regs.c
> index 96b4c43a5100..e769223bcee2 100644
> --- a/arch/arm64/kvm/id_regs.c
> +++ b/arch/arm64/kvm/id_regs.c
> @@ -52,16 +52,9 @@ static u8 pmuver_to_perfmon(u8 pmuver)
> }
> }
>
> -/* Read a sanitised cpufeature ID register by sys_reg_desc */
Why getting rid of this comment instead of moving it next to the
(re-implemented) function?
> -static u64 read_id_reg(const struct kvm_vcpu *vcpu, struct sys_reg_desc const *r)
> +u64 kvm_arm_read_id_reg(const struct kvm_vcpu *vcpu, u32 id)
> {
> - u32 id = reg_to_encoding(r);
> - u64 val;
> -
> - if (sysreg_visible_as_raz(vcpu, r))
> - return 0;
> -
> - val = read_sanitised_ftr_reg(id);
> + u64 val = IDREG(vcpu->kvm, id);
>
> switch (id) {
> case SYS_ID_AA64PFR0_EL1:
> @@ -126,6 +119,14 @@ static u64 read_id_reg(const struct kvm_vcpu *vcpu, struct sys_reg_desc const *r
> return val;
> }
>
> +static u64 read_id_reg(const struct kvm_vcpu *vcpu, struct sys_reg_desc const *r)
> +{
> + if (sysreg_visible_as_raz(vcpu, r))
> + return 0;
> +
> + return kvm_arm_read_id_reg(vcpu, reg_to_encoding(r));
> +}
> +
> /* cpufeature ID register access trap handlers */
>
> static bool access_id_reg(struct kvm_vcpu *vcpu,
> @@ -458,3 +459,30 @@ int emulate_id_reg(struct kvm_vcpu *vcpu, struct sys_reg_params *params)
>
> return 1;
> }
> +
> +/*
> + * Set the guest's ID registers that are defined in id_reg_descs[]
> + * with ID_SANITISED() to the host's sanitized value.
> + */
> +void kvm_arm_init_id_regs(struct kvm *kvm)
> +{
> + u64 val;
> + u32 id;
> + int i;
> +
> + for (i = 0; i < ARRAY_SIZE(id_reg_descs); i++) {
> + id = reg_to_encoding(&id_reg_descs[i]);
> +
> + /*
> + * Some hidden ID registers which are not in arm64_ftr_regs[]
> + * would cause warnings from read_sanitised_ftr_reg().
> + * Skip those ID registers to avoid the warnings.
> + */
> + if (id_reg_descs[i].visibility == raz_visibility)
> + /* Hidden or reserved ID register */
> + continue;
Are you sure? What about other visibility attributes that are normally
evaluated at runtime? This may work as a short term hack, but I'm not
sure this is the correct long-term solution...
M.
--
Without deviation from the norm, progress is not possible.
WARNING: multiple messages have this Message-ID (diff)
From: Marc Zyngier <maz@kernel.org>
To: Jing Zhang <jingzhangos@google.com>
Cc: KVM <kvm@vger.kernel.org>, KVMARM <kvmarm@lists.linux.dev>,
ARMLinux <linux-arm-kernel@lists.infradead.org>,
Oliver Upton <oupton@google.com>, Will Deacon <will@kernel.org>,
Paolo Bonzini <pbonzini@redhat.com>,
James Morse <james.morse@arm.com>,
Alexandru Elisei <alexandru.elisei@arm.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
Fuad Tabba <tabba@google.com>, Reiji Watanabe <reijiw@google.com>,
Raghavendra Rao Ananta <rananta@google.com>
Subject: Re: [PATCH v8 2/6] KVM: arm64: Save ID registers' sanitized value per guest
Date: Wed, 17 May 2023 08:41:14 +0100 [thread overview]
Message-ID: <86wn17l811.wl-maz@kernel.org> (raw)
In-Reply-To: <20230503171618.2020461-3-jingzhangos@google.com>
On Wed, 03 May 2023 18:16:14 +0100,
Jing Zhang <jingzhangos@google.com> wrote:
>
> Introduce id_regs[] in kvm_arch as a storage of guest's ID registers,
> and save ID registers' sanitized value in the array at KVM_CREATE_VM.
> Use the saved ones when ID registers are read by the guest or
> userspace (via KVM_GET_ONE_REG).
>
> No functional change intended.
>
> Co-developed-by: Reiji Watanabe <reijiw@google.com>
> Signed-off-by: Reiji Watanabe <reijiw@google.com>
> Signed-off-by: Jing Zhang <jingzhangos@google.com>
> ---
> arch/arm64/include/asm/kvm_host.h | 20 ++++++++++++++
> arch/arm64/kvm/arm.c | 1 +
> arch/arm64/kvm/id_regs.c | 46 +++++++++++++++++++++++++------
> arch/arm64/kvm/sys_regs.c | 11 +++++++-
> arch/arm64/kvm/sys_regs.h | 3 +-
> 5 files changed, 69 insertions(+), 12 deletions(-)
>
> diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h
> index bcd774d74f34..a7d4d9e093e3 100644
> --- a/arch/arm64/include/asm/kvm_host.h
> +++ b/arch/arm64/include/asm/kvm_host.h
> @@ -177,6 +177,21 @@ struct kvm_smccc_features {
> unsigned long vendor_hyp_bmap;
> };
>
> +/*
> + * Emulated CPU ID registers per VM
> + * (Op0, Op1, CRn, CRm, Op2) of the ID registers to be saved in it
> + * is (3, 0, 0, crm, op2), where 1<=crm<8, 0<=op2<8.
> + *
> + * These emulated idregs are VM-wide, but accessed from the context of a vCPU.
> + * Access to id regs are guarded by kvm_arch.config_lock.
> + */
> +#define KVM_ARM_ID_REG_NUM 56
You already have this as part of patch #1 in another include file, and
then move it here. Surely you can do that in one go. I'd also like it
to be defined in terms of encodings, and not as a raw value.
> +#define IDREG_IDX(id) (((sys_reg_CRm(id) - 1) << 3) | sys_reg_Op2(id))
> +#define IDREG(kvm, id) kvm->arch.idregs.regs[IDREG_IDX(id)]
Missing brackets around 'kvm'.
> +struct kvm_idregs {
> + u64 regs[KVM_ARM_ID_REG_NUM];
> +};
> +
> typedef unsigned int pkvm_handle_t;
>
> struct kvm_protected_vm {
> @@ -243,6 +258,9 @@ struct kvm_arch {
> /* Hypercall features firmware registers' descriptor */
> struct kvm_smccc_features smccc_feat;
>
> + /* Emulated CPU ID registers */
> + struct kvm_idregs idregs;
> +
> /*
> * For an untrusted host VM, 'pkvm.handle' is used to lookup
> * the associated pKVM instance in the hypervisor.
> @@ -1008,6 +1026,8 @@ int kvm_arm_vcpu_arch_has_attr(struct kvm_vcpu *vcpu,
> long kvm_vm_ioctl_mte_copy_tags(struct kvm *kvm,
> struct kvm_arm_copy_mte_tags *copy_tags);
>
> +void kvm_arm_init_id_regs(struct kvm *kvm);
> +
> /* Guest/host FPSIMD coordination helpers */
> int kvm_arch_vcpu_run_map_fp(struct kvm_vcpu *vcpu);
> void kvm_arch_vcpu_load_fp(struct kvm_vcpu *vcpu);
> diff --git a/arch/arm64/kvm/arm.c b/arch/arm64/kvm/arm.c
> index 4b2e16e696a8..e34744c36406 100644
> --- a/arch/arm64/kvm/arm.c
> +++ b/arch/arm64/kvm/arm.c
> @@ -153,6 +153,7 @@ int kvm_arch_init_vm(struct kvm *kvm, unsigned long type)
>
> set_default_spectre(kvm);
> kvm_arm_init_hypercalls(kvm);
> + kvm_arm_init_id_regs(kvm);
>
> /*
> * Initialise the default PMUver before there is a chance to
> diff --git a/arch/arm64/kvm/id_regs.c b/arch/arm64/kvm/id_regs.c
> index 96b4c43a5100..e769223bcee2 100644
> --- a/arch/arm64/kvm/id_regs.c
> +++ b/arch/arm64/kvm/id_regs.c
> @@ -52,16 +52,9 @@ static u8 pmuver_to_perfmon(u8 pmuver)
> }
> }
>
> -/* Read a sanitised cpufeature ID register by sys_reg_desc */
Why getting rid of this comment instead of moving it next to the
(re-implemented) function?
> -static u64 read_id_reg(const struct kvm_vcpu *vcpu, struct sys_reg_desc const *r)
> +u64 kvm_arm_read_id_reg(const struct kvm_vcpu *vcpu, u32 id)
> {
> - u32 id = reg_to_encoding(r);
> - u64 val;
> -
> - if (sysreg_visible_as_raz(vcpu, r))
> - return 0;
> -
> - val = read_sanitised_ftr_reg(id);
> + u64 val = IDREG(vcpu->kvm, id);
>
> switch (id) {
> case SYS_ID_AA64PFR0_EL1:
> @@ -126,6 +119,14 @@ static u64 read_id_reg(const struct kvm_vcpu *vcpu, struct sys_reg_desc const *r
> return val;
> }
>
> +static u64 read_id_reg(const struct kvm_vcpu *vcpu, struct sys_reg_desc const *r)
> +{
> + if (sysreg_visible_as_raz(vcpu, r))
> + return 0;
> +
> + return kvm_arm_read_id_reg(vcpu, reg_to_encoding(r));
> +}
> +
> /* cpufeature ID register access trap handlers */
>
> static bool access_id_reg(struct kvm_vcpu *vcpu,
> @@ -458,3 +459,30 @@ int emulate_id_reg(struct kvm_vcpu *vcpu, struct sys_reg_params *params)
>
> return 1;
> }
> +
> +/*
> + * Set the guest's ID registers that are defined in id_reg_descs[]
> + * with ID_SANITISED() to the host's sanitized value.
> + */
> +void kvm_arm_init_id_regs(struct kvm *kvm)
> +{
> + u64 val;
> + u32 id;
> + int i;
> +
> + for (i = 0; i < ARRAY_SIZE(id_reg_descs); i++) {
> + id = reg_to_encoding(&id_reg_descs[i]);
> +
> + /*
> + * Some hidden ID registers which are not in arm64_ftr_regs[]
> + * would cause warnings from read_sanitised_ftr_reg().
> + * Skip those ID registers to avoid the warnings.
> + */
> + if (id_reg_descs[i].visibility == raz_visibility)
> + /* Hidden or reserved ID register */
> + continue;
Are you sure? What about other visibility attributes that are normally
evaluated at runtime? This may work as a short term hack, but I'm not
sure this is the correct long-term solution...
M.
--
Without deviation from the norm, progress is not possible.
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2023-05-17 7:41 UTC|newest]
Thread overview: 70+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-03 17:16 [PATCH v8 0/6] Support writable CPU ID registers from userspace Jing Zhang
2023-05-03 17:16 ` Jing Zhang
2023-05-03 17:16 ` [PATCH v8 1/6] KVM: arm64: Move CPU ID feature registers emulation into a separate file Jing Zhang
2023-05-03 17:16 ` Jing Zhang
2023-05-16 16:11 ` Marc Zyngier
2023-05-16 16:11 ` Marc Zyngier
2023-05-16 19:14 ` Jing Zhang
2023-05-16 19:14 ` Jing Zhang
2023-05-03 17:16 ` [PATCH v8 2/6] KVM: arm64: Save ID registers' sanitized value per guest Jing Zhang
2023-05-03 17:16 ` Jing Zhang
2023-05-17 7:41 ` Marc Zyngier [this message]
2023-05-17 7:41 ` Marc Zyngier
2023-05-17 16:28 ` Jing Zhang
2023-05-17 16:28 ` Jing Zhang
2023-05-03 17:16 ` [PATCH v8 3/6] KVM: arm64: Use per guest ID register for ID_AA64PFR0_EL1.[CSV2|CSV3] Jing Zhang
2023-05-03 17:16 ` Jing Zhang
2023-05-03 23:43 ` kernel test robot
2023-05-03 23:43 ` kernel test robot
2023-05-03 17:16 ` [PATCH v8 4/6] KVM: arm64: Use per guest ID register for ID_AA64DFR0_EL1.PMUVer Jing Zhang
2023-05-03 17:16 ` Jing Zhang
2023-05-03 17:16 ` [PATCH v8 5/6] KVM: arm64: Reuse fields of sys_reg_desc for idreg Jing Zhang
2023-05-03 17:16 ` Jing Zhang
2023-05-16 10:26 ` Cornelia Huck
2023-05-16 10:26 ` Cornelia Huck
2023-05-16 19:10 ` Jing Zhang
2023-05-16 19:10 ` Jing Zhang
2023-05-03 17:16 ` [PATCH v8 6/6] KVM: arm64: Refactor writings for PMUVer/CSV2/CSV3 Jing Zhang
2023-05-03 17:16 ` Jing Zhang
2023-05-17 22:00 ` Jitindar Singh, Suraj
2023-05-17 22:00 ` Jitindar Singh, Suraj
2023-05-17 22:55 ` Jing Zhang
2023-05-17 22:55 ` Jing Zhang
2023-05-18 21:08 ` Jitindar Singh, Suraj
2023-05-18 21:08 ` Jitindar Singh, Suraj
2023-05-19 9:16 ` Marc Zyngier
2023-05-19 9:16 ` Marc Zyngier
2023-05-19 23:04 ` Jitindar Singh, Suraj
2023-05-19 23:04 ` Jitindar Singh, Suraj
2023-05-20 8:45 ` Marc Zyngier
2023-05-20 8:45 ` Marc Zyngier
2023-05-19 23:25 ` Suraj Jitindar Singh
2023-05-19 23:25 ` Suraj Jitindar Singh
2023-05-16 10:37 ` [PATCH v8 0/6] Support writable CPU ID registers from userspace Shameerali Kolothum Thodi
2023-05-16 10:37 ` Shameerali Kolothum Thodi
2023-05-16 11:01 ` Marc Zyngier
2023-05-16 11:01 ` Marc Zyngier
2023-05-16 11:11 ` Shameerali Kolothum Thodi
2023-05-16 11:11 ` Shameerali Kolothum Thodi
2023-05-16 11:55 ` Cornelia Huck
2023-05-16 11:55 ` Cornelia Huck
2023-05-16 13:11 ` Marc Zyngier
2023-05-16 13:11 ` Marc Zyngier
2023-05-16 13:44 ` Shameerali Kolothum Thodi
2023-05-16 13:44 ` Shameerali Kolothum Thodi
2023-05-16 14:21 ` Cornelia Huck
2023-05-16 14:21 ` Cornelia Huck
2023-05-16 14:19 ` Cornelia Huck
2023-05-16 14:19 ` Cornelia Huck
2023-05-16 16:01 ` Marc Zyngier
2023-05-16 16:01 ` Marc Zyngier
2023-05-17 15:36 ` Cornelia Huck
2023-05-17 15:36 ` Cornelia Huck
2023-05-17 15:53 ` Marc Zyngier
2023-05-17 15:53 ` Marc Zyngier
2023-05-16 16:31 ` Oliver Upton
2023-05-16 16:31 ` Oliver Upton
2023-05-16 16:44 ` Marc Zyngier
2023-05-16 16:44 ` Marc Zyngier
2023-05-16 16:57 ` Oliver Upton
2023-05-16 16:57 ` Oliver Upton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=86wn17l811.wl-maz@kernel.org \
--to=maz@kernel.org \
--cc=alexandru.elisei@arm.com \
--cc=james.morse@arm.com \
--cc=jingzhangos@google.com \
--cc=kvm@vger.kernel.org \
--cc=kvmarm@lists.linux.dev \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=oupton@google.com \
--cc=pbonzini@redhat.com \
--cc=rananta@google.com \
--cc=reijiw@google.com \
--cc=suzuki.poulose@arm.com \
--cc=tabba@google.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.