[PATCH] KVM: arm64: Fix FEAT_MOPS in pKVM

[PATCH] KVM: arm64: Fix FEAT_MOPS in pKVM

[Vladimir Murzin]

Flush HCRX_EL2 when switching between the host and the guests.

Fixes: 84de212d739e ("KVM: arm64: Make FEAT_MOPS UNDEF if not advertised to the guest")
Signed-off-by: Vladimir Murzin <vladimir.murzin@arm.com>
---
 arch/arm64/kvm/hyp/nvhe/hyp-main.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/arch/arm64/kvm/hyp/nvhe/hyp-main.c b/arch/arm64/kvm/hyp/nvhe/hyp-main.c
index 6aa0b13d86..d9a41ddc63 100644
--- a/arch/arm64/kvm/hyp/nvhe/hyp-main.c
+++ b/arch/arm64/kvm/hyp/nvhe/hyp-main.c
@@ -109,6 +109,7 @@ static void flush_hyp_vcpu(struct pkvm_hyp_vcpu *hyp_vcpu)
 	hyp_vcpu->vcpu.arch.hcr_el2 &= ~(HCR_TWI | HCR_TWE);
 	hyp_vcpu->vcpu.arch.hcr_el2 |= READ_ONCE(host_vcpu->arch.hcr_el2) &
 						 (HCR_TWI | HCR_TWE);
+	hyp_vcpu->vcpu.arch.hcrx_el2    = host_vcpu->arch.hcrx_el2;
 
 	hyp_vcpu->vcpu.arch.iflags	= host_vcpu->arch.iflags;
 
-- 
2.24.0

Re: [PATCH] KVM: arm64: Fix FEAT_MOPS in pKVM

[Oliver Upton]

+cc Fuad

On Mon, Jan 06, 2025 at 11:23:29AM +0000, Vladimir Murzin wrote:
> Flush HCRX_EL2 when switching between the host and the guests.
> 
> Fixes: 84de212d739e ("KVM: arm64: Make FEAT_MOPS UNDEF if not advertised to the guest")
> Signed-off-by: Vladimir Murzin <vladimir.murzin@arm.com>

We shouldn't be trusting the host's hcrx_el2 in this case and should
instead calculate it for the pVM similar to the other trap registers
(see pkvm_vcpu_init_traps() and friends).

It is apparent, though, that we erroneously exposed MOPS before commit
3d7ff00700d1 ("KVM: arm64: Rework specifying restricted features for protected VMs").

-- 
Thanks,
Oliver 

Re: [PATCH] KVM: arm64: Fix FEAT_MOPS in pKVM

[Fuad Tabba]

On Mon, 6 Jan 2025 at 23:20, Oliver Upton <oliver.upton@linux.dev> wrote:
>
> +cc Fuad
>
> On Mon, Jan 06, 2025 at 11:23:29AM +0000, Vladimir Murzin wrote:
> > Flush HCRX_EL2 when switching between the host and the guests.
> >
> > Fixes: 84de212d739e ("KVM: arm64: Make FEAT_MOPS UNDEF if not advertised to the guest")
> > Signed-off-by: Vladimir Murzin <vladimir.murzin@arm.com>
>
> We shouldn't be trusting the host's hcrx_el2 in this case and should
> instead calculate it for the pVM similar to the other trap registers
> (see pkvm_vcpu_init_traps() and friends).
>
> It is apparent, though, that we erroneously exposed MOPS before commit
> 3d7ff00700d1 ("KVM: arm64: Rework specifying restricted features for protected VMs").

Yeah, actually FEAT_MOPS needs a bit more work for it to work with
pKVM. I have patches (downstream, Android) that add MOPS support for
pKVM. If there's interest I can post them now, but since protected VMs
aren't completely done upstream I thought I'd wait a bit.

Cheers,
/fuad

>
> --
> Thanks,
> Oliver

Re: [PATCH] KVM: arm64: Fix FEAT_MOPS in pKVM

[Vladimir Murzin]

On 1/7/25 08:08, Fuad Tabba wrote:
> On Mon, 6 Jan 2025 at 23:20, Oliver Upton <oliver.upton@linux.dev> wrote:
>> +cc Fuad
>>
>> On Mon, Jan 06, 2025 at 11:23:29AM +0000, Vladimir Murzin wrote:
>>> Flush HCRX_EL2 when switching between the host and the guests.
>>>
>>> Fixes: 84de212d739e ("KVM: arm64: Make FEAT_MOPS UNDEF if not advertised to the guest")
>>> Signed-off-by: Vladimir Murzin <vladimir.murzin@arm.com>
>> We shouldn't be trusting the host's hcrx_el2 in this case and should
>> instead calculate it for the pVM similar to the other trap registers
>> (see pkvm_vcpu_init_traps() and friends).
>>
>> It is apparent, though, that we erroneously exposed MOPS before commit
>> 3d7ff00700d1 ("KVM: arm64: Rework specifying restricted features for protected VMs").
> Yeah, actually FEAT_MOPS needs a bit more work for it to work with
> pKVM. I have patches (downstream, Android) that add MOPS support for
> pKVM. If there's interest I can post them now, but since protected VMs
> aren't completely done upstream I thought I'd wait a bit.

Fair enough.

Vladimir

> 
> Cheers,
> /fuad
> 
>> --
>> Thanks,
>> Oliver