[PATCH 0/3] KVM: arm64: Cleanups for managing SMCCC filter maple tree

[PATCH 0/3] KVM: arm64: Cleanups for managing SMCCC filter maple tree

[Oliver Upton]

Small series to clean up the way KVM manages the maple tree
representation of the SMCCC filter, only allocating nodes in the tree if
the SMCCC filter is used.

The other ugly bit that this fixes is the error path when 'reserved'
ranges cannot be inserted into the maple tree, instead returning an
error to userspace.

Oliver Upton (3):
  KVM: arm64: Add a predicate for testing if SMCCC filter is configured
  KVM: arm64: Only insert reserved ranges when SMCCC filter is used
  KVM: arm64: Use mtree_empty() to determine if SMCCC filter configured

 arch/arm64/include/asm/kvm_host.h |  4 +---
 arch/arm64/kvm/hypercalls.c       | 34 ++++++++++++++++++++-----------
 2 files changed, 23 insertions(+), 15 deletions(-)


base-commit: 6465e260f48790807eef06b583b38ca9789b6072
-- 
2.42.0.609.gbb76f46606-goog

[PATCH 1/3] KVM: arm64: Add a predicate for testing if SMCCC filter is configured

[Oliver Upton]

Eventually we can drop the VM flag, move around the existing
implementation for now.

Signed-off-by: Oliver Upton <oliver.upton@linux.dev>
---
 arch/arm64/kvm/hypercalls.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/arch/arm64/kvm/hypercalls.c b/arch/arm64/kvm/hypercalls.c
index 7fb4df0456de..35e023322cdb 100644
--- a/arch/arm64/kvm/hypercalls.c
+++ b/arch/arm64/kvm/hypercalls.c
@@ -158,6 +158,11 @@ static void init_smccc_filter(struct kvm *kvm)
 
 }
 
+static bool kvm_smccc_filter_configured(struct kvm *kvm)
+{
+	return test_bit(KVM_ARCH_FLAT_SMCCC_FILTER_CONFIGURED, &kvm->arch.flags);
+}
+
 static int kvm_smccc_set_filter(struct kvm *kvm, struct kvm_smccc_filter __user *uaddr)
 {
 	const void *zero_page = page_to_virt(ZERO_PAGE(0));
@@ -201,7 +206,7 @@ static u8 kvm_smccc_filter_get_action(struct kvm *kvm, u32 func_id)
 	unsigned long idx = func_id;
 	void *val;
 
-	if (!test_bit(KVM_ARCH_FLAG_SMCCC_FILTER_CONFIGURED, &kvm->arch.flags))
+	if (!kvm_smccc_filter_configured(kvm))
 		return KVM_SMCCC_FILTER_HANDLE;
 
 	/*
-- 
2.42.0.609.gbb76f46606-goog

[PATCH 2/3] KVM: arm64: Only insert reserved ranges when SMCCC filter is used

[Oliver Upton]

The reserved ranges are only useful for preventing userspace from
adding a rule that intersects with functions we must handle in KVM. If
userspace never writes to the SMCCC filter than this is all just wasted
work/memory.

Insert reserved ranges on the first call to KVM_ARM_VM_SMCCC_FILTER.

Signed-off-by: Oliver Upton <oliver.upton@linux.dev>
---
 arch/arm64/kvm/hypercalls.c | 22 ++++++++++++++++------
 1 file changed, 16 insertions(+), 6 deletions(-)

diff --git a/arch/arm64/kvm/hypercalls.c b/arch/arm64/kvm/hypercalls.c
index 35e023322cdb..20a878c64ba7 100644
--- a/arch/arm64/kvm/hypercalls.c
+++ b/arch/arm64/kvm/hypercalls.c
@@ -133,12 +133,10 @@ static bool kvm_smccc_test_fw_bmap(struct kvm_vcpu *vcpu, u32 func_id)
 						   ARM_SMCCC_SMC_64,		\
 						   0, ARM_SMCCC_FUNC_MASK)
 
-static void init_smccc_filter(struct kvm *kvm)
+static int kvm_smccc_filter_insert_reserved(struct kvm *kvm)
 {
 	int r;
 
-	mt_init(&kvm->arch.smccc_filter);
-
 	/*
 	 * Prevent userspace from handling any SMCCC calls in the architecture
 	 * range, avoiding the risk of misrepresenting Spectre mitigation status
@@ -148,14 +146,20 @@ static void init_smccc_filter(struct kvm *kvm)
 			       SMC32_ARCH_RANGE_BEGIN, SMC32_ARCH_RANGE_END,
 			       xa_mk_value(KVM_SMCCC_FILTER_HANDLE),
 			       GFP_KERNEL_ACCOUNT);
-	WARN_ON_ONCE(r);
+	if (r)
+		goto out_destroy;
 
 	r = mtree_insert_range(&kvm->arch.smccc_filter,
 			       SMC64_ARCH_RANGE_BEGIN, SMC64_ARCH_RANGE_END,
 			       xa_mk_value(KVM_SMCCC_FILTER_HANDLE),
 			       GFP_KERNEL_ACCOUNT);
-	WARN_ON_ONCE(r);
+	if (r)
+		goto out_destroy;
 
+	return 0;
+out_destroy:
+	mtree_destroy(&kvm->arch.smccc_filter);
+	return r;
 }
 
 static bool kvm_smccc_filter_configured(struct kvm *kvm)
@@ -189,6 +193,12 @@ static int kvm_smccc_set_filter(struct kvm *kvm, struct kvm_smccc_filter __user
 		goto out_unlock;
 	}
 
+	if (!kvm_smccc_filter_configured(kvm)) {
+		r = kvm_smccc_filter_insert_reserved(kvm);
+		if (WARN_ON_ONCE(r))
+			goto out_unlock;
+	}
+
 	r = mtree_insert_range(&kvm->arch.smccc_filter, start, end,
 			       xa_mk_value(filter.action), GFP_KERNEL_ACCOUNT);
 	if (r)
@@ -392,7 +402,7 @@ void kvm_arm_init_hypercalls(struct kvm *kvm)
 	smccc_feat->std_hyp_bmap = KVM_ARM_SMCCC_STD_HYP_FEATURES;
 	smccc_feat->vendor_hyp_bmap = KVM_ARM_SMCCC_VENDOR_HYP_FEATURES;
 
-	init_smccc_filter(kvm);
+	mt_init(&kvm->arch.smccc_filter);
 }
 
 void kvm_arm_teardown_hypercalls(struct kvm *kvm)
-- 
2.42.0.609.gbb76f46606-goog

[PATCH 3/3] KVM: arm64: Use mtree_empty() to determine if SMCCC filter configured

[Oliver Upton]

The smccc_filter maple tree is only populated if userspace attempted to
configure it. Use the state of the maple tree to determine if the filter
has been configured, eliminating the VM flag.

Signed-off-by: Oliver Upton <oliver.upton@linux.dev>
---
 arch/arm64/include/asm/kvm_host.h | 4 +---
 arch/arm64/kvm/hypercalls.c       | 7 +------
 2 files changed, 2 insertions(+), 9 deletions(-)

diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h
index af06ccb7ee34..feb63db7a5cf 100644
--- a/arch/arm64/include/asm/kvm_host.h
+++ b/arch/arm64/include/asm/kvm_host.h
@@ -239,10 +239,8 @@ struct kvm_arch {
 #define KVM_ARCH_FLAG_VM_COUNTER_OFFSET			5
 	/* Timer PPIs made immutable */
 #define KVM_ARCH_FLAG_TIMER_PPIS_IMMUTABLE		6
-	/* SMCCC filter initialized for the VM */
-#define KVM_ARCH_FLAG_SMCCC_FILTER_CONFIGURED		7
 	/* Initial ID reg values loaded */
-#define KVM_ARCH_FLAG_ID_REGS_INITIALIZED		8
+#define KVM_ARCH_FLAG_ID_REGS_INITIALIZED		7
 	unsigned long flags;
 
 	/* VM-wide vCPU feature set */
diff --git a/arch/arm64/kvm/hypercalls.c b/arch/arm64/kvm/hypercalls.c
index 20a878c64ba7..a61213786e5f 100644
--- a/arch/arm64/kvm/hypercalls.c
+++ b/arch/arm64/kvm/hypercalls.c
@@ -164,7 +164,7 @@ static int kvm_smccc_filter_insert_reserved(struct kvm *kvm)
 
 static bool kvm_smccc_filter_configured(struct kvm *kvm)
 {
-	return test_bit(KVM_ARCH_FLAT_SMCCC_FILTER_CONFIGURED, &kvm->arch.flags);
+	return !mtree_empty(&kvm->arch.smccc_filter);
 }
 
 static int kvm_smccc_set_filter(struct kvm *kvm, struct kvm_smccc_filter __user *uaddr)
@@ -201,11 +201,6 @@ static int kvm_smccc_set_filter(struct kvm *kvm, struct kvm_smccc_filter __user
 
 	r = mtree_insert_range(&kvm->arch.smccc_filter, start, end,
 			       xa_mk_value(filter.action), GFP_KERNEL_ACCOUNT);
-	if (r)
-		goto out_unlock;
-
-	set_bit(KVM_ARCH_FLAG_SMCCC_FILTER_CONFIGURED, &kvm->arch.flags);
-
 out_unlock:
 	mutex_unlock(&kvm->arch.config_lock);
 	return r;
-- 
2.42.0.609.gbb76f46606-goog

Re: [PATCH 0/3] KVM: arm64: Cleanups for managing SMCCC filter maple tree

[Marc Zyngier]

On Thu, 05 Oct 2023 00:49:44 +0100,
Oliver Upton <oliver.upton@linux.dev> wrote:
> 
> Small series to clean up the way KVM manages the maple tree
> representation of the SMCCC filter, only allocating nodes in the tree if
> the SMCCC filter is used.
> 
> The other ugly bit that this fixes is the error path when 'reserved'
> ranges cannot be inserted into the maple tree, instead returning an
> error to userspace.
> 
> Oliver Upton (3):
>   KVM: arm64: Add a predicate for testing if SMCCC filter is configured
>   KVM: arm64: Only insert reserved ranges when SMCCC filter is used
>   KVM: arm64: Use mtree_empty() to determine if SMCCC filter configured
> 
>  arch/arm64/include/asm/kvm_host.h |  4 +---
>  arch/arm64/kvm/hypercalls.c       | 34 ++++++++++++++++++++-----------
>  2 files changed, 23 insertions(+), 15 deletions(-)

Reviewed-by: Marc Zyngier <maz@kernel.org>

	M.

-- 
Without deviation from the norm, progress is not possible.

Re: [PATCH 0/3] KVM: arm64: Cleanups for managing SMCCC filter maple tree

[Oliver Upton]

On Wed, 4 Oct 2023 23:49:44 +0000, Oliver Upton wrote:
> Small series to clean up the way KVM manages the maple tree
> representation of the SMCCC filter, only allocating nodes in the tree if
> the SMCCC filter is used.
> 
> The other ugly bit that this fixes is the error path when 'reserved'
> ranges cannot be inserted into the maple tree, instead returning an
> error to userspace.
> 
> [...]

Applied to kvmarm/next, thanks!

[1/3] KVM: arm64: Add a predicate for testing if SMCCC filter is configured
      https://git.kernel.org/kvmarm/kvmarm/c/bb17fb31f00e
[2/3] KVM: arm64: Only insert reserved ranges when SMCCC filter is used
      https://git.kernel.org/kvmarm/kvmarm/c/d34b76489ea0
[3/3] KVM: arm64: Use mtree_empty() to determine if SMCCC filter configured
      https://git.kernel.org/kvmarm/kvmarm/c/4202bcac5e65

--
Best,
Oliver