From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DD32123C0 for ; Sat, 29 Oct 2022 11:47:21 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 779D4C433C1; Sat, 29 Oct 2022 11:47:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1667044041; bh=e8q9QWpdeHJ2UrWEmnMHXMdJmiLRe/1/bLcgiHgO1Ik=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=GY2JgIo72nc79K+fMliWo006ZH5YpdUnGabv0RGnrDXs+bP6xoW3dzxg77YznNM2y oJZ15MC/2Cp7mEzYMoogb4M0fkW/nMw51DBYGsCVNLZNm20WDMf/xRayzrlwH48aBJ Dgi1lPa2wnSx57x4Orv8+CL1DbjW9QgrKZcw0+KwW1RmeKNmOgIV4dsCyAU5lkhvFQ uRXBcTAsr/v0mF4mKCanYqEqbrgL5ehR3pVfKeAo6cd9YbgfeXXmwCbfs2GjaeV4zb Qk0YlB9JM0eLH+CrvYvaq5iV4cwuAdFhp88q9Quy6Z4V1P3fC4Th+1B6Vg7fhVTvm4 Dnk9LubWzSh4w== Received: from sofa.misterjones.org ([185.219.108.64] helo=wait-a-minute.misterjones.org) by disco-boy.misterjones.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1ookJ5-002RoE-2p; Sat, 29 Oct 2022 12:47:19 +0100 Date: Sat, 29 Oct 2022 12:46:43 +0100 Message-ID: <8735b6hmxo.wl-maz@kernel.org> From: Marc Zyngier To: Mark Brown Cc: Catalin Marinas , Will Deacon , Peter Maydell , Richard Henderson , Vincent Donnefort , James Morse , Alexandru Elisei , Suzuki K Poulose , Oliver Upton , linux-arm-kernel@lists.infradead.org, kvmarm@lists.linux.dev Subject: Re: [PATCH v1 0/2] KVM: arm: Refuse to enable KVM on systems with SME but not FGT In-Reply-To: <20221027205246.812586-1-broonie@kernel.org> References: <20221027205246.812586-1-broonie@kernel.org> User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM-LB/1.14.9 (=?UTF-8?B?R29qxY0=?=) APEL-LB/10.8 EasyPG/1.0.0 Emacs/27.1 (x86_64-pc-linux-gnu) MULE/6.0 (HANACHIRUSATO) Precedence: bulk X-Mailing-List: kvmarm@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII X-SA-Exim-Connect-IP: 185.219.108.64 X-SA-Exim-Rcpt-To: broonie@kernel.org, catalin.marinas@arm.com, will@kernel.org, peter.maydell@linaro.org, richard.henderson@linaro.org, vdonnefort@google.com, james.morse@arm.com, alexandru.elisei@arm.com, suzuki.poulose@arm.com, oliver.upton@linux.dev, linux-arm-kernel@lists.infradead.org, kvmarm@lists.linux.dev X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false On Thu, 27 Oct 2022 21:52:44 +0100, Mark Brown wrote: > > The architecture requires that any system which implements SME also has > fine grained traps since SME is a v9.2 feature, meaning that v8.7 must be > implemented, and FGT is mandatory from v8.6. SME relies on fine grained > traps to control access to SMPRI_EL1 and in nVHE mode to TPIDR2_EL0, > without traps SMPRI_EL1.Priority and TPIDR2_EL0 can be used as side > channels. > > This series adds support for detecting FGT and refuses to allow KVM to > be used in architecturally invalid configurations which have SME but not > FGT, without detection the issue presents as faults due to EL2 > attempting to access the FGT registers which isn't obvious to users. > Currently fine grained traps are only used in nVHE but but a series > "arm64/sme: Fix SMPRI_EL1 traps for KVM guests" sent along with this > will add usage for VHE mode too making the issue more pressing. I think this goes the wrong way around. SME without FGT is invalid, and yet you keep SME around and device to kill virtualisation support. I'd rather it is SME that gets disabled when the kernel boots at EL2. Furthermore, this is only working around a QEMU issue which can be fixed (as opposed to HW that is forever baked). To me, it looks like the most reasonable course of action is a mention in the QEMU release notes that virtualization and SME are currently incompatible, and that the user needs to chose one or the other. We had similar issues in the past where QEMU would ignore certain trap bits (HCR_EL2.TID{1,2,3}), leading to KVM misbehaving. Did we disable KVM? No, we fixed QEMU instead. This case isn't different. Thanks, M. -- Without deviation from the norm, progress is not possible. From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 8C9A7C433FE for ; Sat, 29 Oct 2022 11:48:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Subject:Cc:To:From:Message-ID:Date:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=AWT8vd0NxWXOOCp7T+7OaqsgWUcT+Le5bhl7uBW9bwk=; b=GcWUXZ02X3MQQp JLBw1u3NidepUWnJr32EltLPnvKXwRQ/HcCtQWB5Y43doL5K49u9FTVRkZJO7IhJdlwII3xxtQxbe I7oFYgkBWKtFmm3zuec9JrD2NYqv6nU0rZ6La2sIVvE1RuhleqaGg5HEMQsYTJ51JMK0oURDOqzeT joV0c8AB7cLt197l0Pn+lK63FNK34G0Ho8feqJ6QA8qDTeB4yeVOJfUjdMO/M0rFbOPu5k1WMBTJq bJSfHfQcOPzP5nqF/o1QI18AswgtodoU3DyZHnv3mcQhyB4p0VTFnLDHQltDHPiXbHLZFRQJinyqE QIcP8LoSeeoVWzsO/Wbw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1ookJB-005zxg-Qb; Sat, 29 Oct 2022 11:47:25 +0000 Received: from dfw.source.kernel.org ([2604:1380:4641:c500::1]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1ookJ9-005zwy-Nz for linux-arm-kernel@lists.infradead.org; Sat, 29 Oct 2022 11:47:25 +0000 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 1B79060EA0; Sat, 29 Oct 2022 11:47:22 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 779D4C433C1; Sat, 29 Oct 2022 11:47:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1667044041; bh=e8q9QWpdeHJ2UrWEmnMHXMdJmiLRe/1/bLcgiHgO1Ik=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=GY2JgIo72nc79K+fMliWo006ZH5YpdUnGabv0RGnrDXs+bP6xoW3dzxg77YznNM2y oJZ15MC/2Cp7mEzYMoogb4M0fkW/nMw51DBYGsCVNLZNm20WDMf/xRayzrlwH48aBJ Dgi1lPa2wnSx57x4Orv8+CL1DbjW9QgrKZcw0+KwW1RmeKNmOgIV4dsCyAU5lkhvFQ uRXBcTAsr/v0mF4mKCanYqEqbrgL5ehR3pVfKeAo6cd9YbgfeXXmwCbfs2GjaeV4zb Qk0YlB9JM0eLH+CrvYvaq5iV4cwuAdFhp88q9Quy6Z4V1P3fC4Th+1B6Vg7fhVTvm4 Dnk9LubWzSh4w== Received: from sofa.misterjones.org ([185.219.108.64] helo=wait-a-minute.misterjones.org) by disco-boy.misterjones.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1ookJ5-002RoE-2p; Sat, 29 Oct 2022 12:47:19 +0100 Date: Sat, 29 Oct 2022 12:46:43 +0100 Message-ID: <8735b6hmxo.wl-maz@kernel.org> From: Marc Zyngier To: Mark Brown Cc: Catalin Marinas , Will Deacon , Peter Maydell , Richard Henderson , Vincent Donnefort , James Morse , Alexandru Elisei , Suzuki K Poulose , Oliver Upton , linux-arm-kernel@lists.infradead.org, kvmarm@lists.linux.dev Subject: Re: [PATCH v1 0/2] KVM: arm: Refuse to enable KVM on systems with SME but not FGT In-Reply-To: <20221027205246.812586-1-broonie@kernel.org> References: <20221027205246.812586-1-broonie@kernel.org> User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM-LB/1.14.9 (=?UTF-8?B?R29qxY0=?=) APEL-LB/10.8 EasyPG/1.0.0 Emacs/27.1 (x86_64-pc-linux-gnu) MULE/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") X-SA-Exim-Connect-IP: 185.219.108.64 X-SA-Exim-Rcpt-To: broonie@kernel.org, catalin.marinas@arm.com, will@kernel.org, peter.maydell@linaro.org, richard.henderson@linaro.org, vdonnefort@google.com, james.morse@arm.com, alexandru.elisei@arm.com, suzuki.poulose@arm.com, oliver.upton@linux.dev, linux-arm-kernel@lists.infradead.org, kvmarm@lists.linux.dev X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20221029_044723_878328_B4FE21B0 X-CRM114-Status: GOOD ( 22.93 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Thu, 27 Oct 2022 21:52:44 +0100, Mark Brown wrote: > > The architecture requires that any system which implements SME also has > fine grained traps since SME is a v9.2 feature, meaning that v8.7 must be > implemented, and FGT is mandatory from v8.6. SME relies on fine grained > traps to control access to SMPRI_EL1 and in nVHE mode to TPIDR2_EL0, > without traps SMPRI_EL1.Priority and TPIDR2_EL0 can be used as side > channels. > > This series adds support for detecting FGT and refuses to allow KVM to > be used in architecturally invalid configurations which have SME but not > FGT, without detection the issue presents as faults due to EL2 > attempting to access the FGT registers which isn't obvious to users. > Currently fine grained traps are only used in nVHE but but a series > "arm64/sme: Fix SMPRI_EL1 traps for KVM guests" sent along with this > will add usage for VHE mode too making the issue more pressing. I think this goes the wrong way around. SME without FGT is invalid, and yet you keep SME around and device to kill virtualisation support. I'd rather it is SME that gets disabled when the kernel boots at EL2. Furthermore, this is only working around a QEMU issue which can be fixed (as opposed to HW that is forever baked). To me, it looks like the most reasonable course of action is a mention in the QEMU release notes that virtualization and SME are currently incompatible, and that the user needs to chose one or the other. We had similar issues in the past where QEMU would ignore certain trap bits (HCR_EL2.TID{1,2,3}), leading to KVM misbehaving. Did we disable KVM? No, we fixed QEMU instead. This case isn't different. Thanks, M. -- Without deviation from the norm, progress is not possible. _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel