[PATCH v5 37/37] KVM: arm64: Handle WXN attribute

public inbox for kvm@vger.kernel.org
 help / color / mirror / Atom feed

From: Marc Zyngier <maz@kernel.org>
To: kvmarm@lists.linux.dev, linux-arm-kernel@lists.infradead.org,
	kvm@vger.kernel.org
Cc: Joey Gouly <joey.gouly@arm.com>,
	Suzuki K Poulose <suzuki.poulose@arm.com>,
	Oliver Upton <oliver.upton@linux.dev>,
	Zenghui Yu <yuzenghui@huawei.com>,
	Alexandru Elisei <alexandru.elisei@arm.com>,
	Mark Brown <broonie@kernel.org>
Subject: [PATCH v5 37/37] KVM: arm64: Handle WXN attribute
Date: Wed, 23 Oct 2024 15:53:45 +0100	[thread overview]
Message-ID: <20241023145345.1613824-38-maz@kernel.org> (raw)
In-Reply-To: <20241023145345.1613824-1-maz@kernel.org>

Until now, we didn't really care about WXN as it didn't have an
effect on the R/W permissions (only the execution could be droppped),
and therefore not of interest for AT.

However, with S1POE, WXN can revoke the Write permission if an
overlay is active and that execution is allowed. This *is* relevant
to AT.

Add full handling of WXN so that we correctly handle this case.

Signed-off-by: Marc Zyngier <maz@kernel.org>
---
 arch/arm64/kvm/at.c | 45 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 45 insertions(+)

diff --git a/arch/arm64/kvm/at.c b/arch/arm64/kvm/at.c
index d300cd1a0d8a7..8c5d7990e5b31 100644
--- a/arch/arm64/kvm/at.c
+++ b/arch/arm64/kvm/at.c
@@ -40,10 +40,12 @@ struct s1_walk_result {
 			u8	APTable;
 			bool	UXNTable;
 			bool	PXNTable;
+			bool	uwxn;
 			bool	uov;
 			bool	ur;
 			bool	uw;
 			bool	ux;
+			bool	pwxn;
 			bool	pov;
 			bool	pr;
 			bool	pw;
@@ -847,6 +849,8 @@ static void compute_s1_direct_permissions(struct kvm_vcpu *vcpu,
 					  struct s1_walk_info *wi,
 					  struct s1_walk_result *wr)
 {
+	bool wxn;
+
 	/* Non-hierarchical part of AArch64.S1DirectBasePermissions() */
 	if (wi->regime != TR_EL2) {
 		switch (FIELD_GET(PTE_USER | PTE_RDONLY, wr->desc)) {
@@ -884,6 +888,17 @@ static void compute_s1_direct_permissions(struct kvm_vcpu *vcpu,
 		wr->px = !(wr->desc & PTE_UXN);
 	}
 
+	switch (wi->regime) {
+	case TR_EL2:
+	case TR_EL20:
+		wxn = (vcpu_read_sys_reg(vcpu, SCTLR_EL2) & SCTLR_ELx_WXN);
+		break;
+	case TR_EL10:
+		wxn = (__vcpu_sys_reg(vcpu, SCTLR_EL1) & SCTLR_ELx_WXN);
+		break;
+	}
+
+	wr->pwxn = wr->uwxn = wxn;
 	wr->pov = wi->poe;
 	wr->uov = wi->e0poe;
 }
@@ -935,6 +950,16 @@ static void compute_s1_hierarchical_permissions(struct kvm_vcpu *vcpu,
 		(wr)->ux = (x);		\
 	} while (0)
 
+#define set_priv_wxn(wr, v)		\
+	do {				\
+		(wr)->pwxn = (v);	\
+	} while (0)
+
+#define set_unpriv_wxn(wr, v)		\
+	do {				\
+		(wr)->uwxn = (v);	\
+	} while (0)
+
 /* Similar to AArch64.S1IndirectBasePermissions(), without GCS  */
 #define set_perms(w, wr, ip)						\
 	do {								\
@@ -989,6 +1014,10 @@ static void compute_s1_hierarchical_permissions(struct kvm_vcpu *vcpu,
 			set_ ## w ## _perms((wr), false, false, false);	\
 			break;						\
 		}							\
+									\
+		/* R_HJYGR */						\
+		set_ ## w ## _wxn((wr), ((ip) == 0b0110));		\
+									\
 	} while (0)
 
 static void compute_s1_indirect_permissions(struct kvm_vcpu *vcpu,
@@ -1090,6 +1119,22 @@ static void compute_s1_permissions(struct kvm_vcpu *vcpu,
 	if (wi->poe || wi->e0poe)
 		compute_s1_overlay_permissions(vcpu, wi, wr);
 
+	/* R_QXXPC */
+	if (wr->pwxn) {
+		if (!wr->pov && wr->pw)
+			wr->px = false;
+		if (wr->pov && wr->px)
+			wr->pw = false;
+	}
+
+	/* R_NPBXC */
+	if (wr->uwxn) {
+		if (!wr->uov && wr->uw)
+			wr->ux = false;
+		if (wr->uov && wr->ux)
+			wr->uw = false;
+	}
+
 	pan = wi->pan && (wr->ur || wr->uw ||
 			  (pan3_enabled(vcpu, wi->regime) && wr->ux));
 	wr->pw &= !pan;
-- 
2.39.2

next prev parent reply	other threads:[~2024-10-23 14:53 UTC|newest]

Thread overview: 55+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-10-23 14:53 [PATCH v5 00/37] KVM: arm64: Add EL2 support to FEAT_S1PIE/S1POE Marc Zyngier
2024-10-23 14:53 ` [PATCH v5 01/37] arm64: Drop SKL0/SKL1 from TCR2_EL2 Marc Zyngier
2024-10-23 14:53 ` [PATCH v5 02/37] arm64: Remove VNCR definition for PIRE0_EL2 Marc Zyngier
2024-10-23 14:53 ` [PATCH v5 03/37] arm64: Add encoding " Marc Zyngier
2024-10-23 16:11   ` Mark Brown
2024-10-23 14:53 ` [PATCH v5 04/37] KVM: arm64: Drop useless struct s2_mmu in __kvm_at_s1e2() Marc Zyngier
2024-10-23 14:53 ` [PATCH v5 05/37] KVM: arm64: nv: Add missing EL2->EL1 mappings in get_el2_to_el1_mapping() Marc Zyngier
2024-10-23 14:53 ` [PATCH v5 06/37] KVM: arm64: nv: Handle CNTHCTL_EL2 specially Marc Zyngier
2024-10-23 14:53 ` [PATCH v5 07/37] KVM: arm64: nv: Save/Restore vEL2 sysregs Marc Zyngier
2024-10-23 14:53 ` [PATCH v5 08/37] KVM: arm64: Correctly access TCR2_EL1, PIR_EL1, PIRE0_EL1 with VHE Marc Zyngier
2024-10-24 10:03   ` Joey Gouly
2024-10-23 14:53 ` [PATCH v5 09/37] KVM: arm64: Extend masking facility to arbitrary registers Marc Zyngier
2024-10-24 10:38   ` Joey Gouly
2024-10-23 14:53 ` [PATCH v5 10/37] arm64: Define ID_AA64MMFR1_EL1.HAFDBS advertising FEAT_HAFT Marc Zyngier
2024-10-23 16:09   ` Mark Brown
2024-10-23 14:53 ` [PATCH v5 11/37] KVM: arm64: Add TCR2_EL2 to the sysreg arrays Marc Zyngier
2024-10-23 14:53 ` [PATCH v5 12/37] KVM: arm64: Sanitise TCR2_EL2 Marc Zyngier
2024-10-24 10:21   ` Joey Gouly
2024-10-23 14:53 ` [PATCH v5 13/37] KVM: arm64: Add save/restore for TCR2_EL2 Marc Zyngier
2024-10-23 14:53 ` [PATCH v5 14/37] KVM: arm64: Add PIR{,E0}_EL2 to the sysreg arrays Marc Zyngier
2024-10-23 14:53 ` [PATCH v5 15/37] KVM: arm64: Add save/restore for PIR{,E0}_EL2 Marc Zyngier
2024-10-23 14:53 ` [PATCH v5 16/37] KVM: arm64: Handle PIR{,E0}_EL2 traps Marc Zyngier
2024-10-23 14:53 ` [PATCH v5 17/37] KVM: arm64: Sanitise ID_AA64MMFR3_EL1 Marc Zyngier
2024-10-24 12:32   ` Mark Brown
2024-10-24 12:45     ` Joey Gouly
2024-10-24 12:55       ` Mark Brown
2024-10-23 14:53 ` [PATCH v5 18/37] KVM: arm64: Add AT fast-path support for S1PIE Marc Zyngier
2024-10-24 14:49   ` Joey Gouly
2024-10-23 14:53 ` [PATCH v5 19/37] KVM: arm64: Split S1 permission evaluation into direct and hierarchical parts Marc Zyngier
2024-10-23 14:53 ` [PATCH v5 20/37] KVM: arm64: Disable hierarchical permissions when S1PIE is enabled Marc Zyngier
2024-10-24 14:02   ` Joey Gouly
2024-10-23 14:53 ` [PATCH v5 21/37] KVM: arm64: Implement AT S1PIE support Marc Zyngier
2024-10-24 13:59   ` Joey Gouly
2024-10-24 14:21     ` Marc Zyngier
2024-10-23 14:53 ` [PATCH v5 22/37] KVM: arm64: Add a composite EL2 visibility helper Marc Zyngier
2024-10-23 14:53 ` [PATCH v5 23/37] KVM: arm64: Define helper for EL2 registers with custom visibility Marc Zyngier
2024-10-23 14:53 ` [PATCH v5 24/37] KVM: arm64: Hide TCR2_EL1 from userspace when disabled for guests Marc Zyngier
2024-10-23 14:53 ` [PATCH v5 25/37] KVM: arm64: Hide S1PIE registers " Marc Zyngier
2024-10-23 14:53 ` [PATCH v5 26/37] KVM: arm64: Rely on visibility to let PIR*_ELx/TCR2_ELx UNDEF Marc Zyngier
2024-10-23 14:53 ` [PATCH v5 27/37] arm64: Add encoding for POR_EL2 Marc Zyngier
2024-10-23 16:13   ` Mark Brown
2024-10-23 16:28     ` Marc Zyngier
2024-10-23 14:53 ` [PATCH v5 28/37] KVM: arm64: Drop bogus CPTR_EL2.E0POE trap routing Marc Zyngier
2024-10-23 14:53 ` [PATCH v5 29/37] KVM: arm64: Subject S1PIE/S1POE registers to HCR_EL2.{TVM,TRVM} Marc Zyngier
2024-10-23 14:53 ` [PATCH v5 30/37] KVM: arm64: Add kvm_has_s1poe() helper Marc Zyngier
2024-10-23 14:53 ` [PATCH v5 31/37] KVM: arm64: Add basic support for POR_EL2 Marc Zyngier
2024-10-23 14:53 ` [PATCH v5 32/37] KVM: arm64: Add save/restore " Marc Zyngier
2024-10-23 14:53 ` [PATCH v5 33/37] KVM: arm64: Add POE save/restore for AT emulation fast-path Marc Zyngier
2024-10-24 15:26   ` Joey Gouly
2024-10-23 14:53 ` [PATCH v5 34/37] KVM: arm64: Disable hierarchical permissions when POE is enabled Marc Zyngier
2024-10-24 15:36   ` Joey Gouly
2024-10-23 14:53 ` [PATCH v5 35/37] KVM: arm64: Make PAN conditions part of the S1 walk context Marc Zyngier
2024-10-23 14:53 ` [PATCH v5 36/37] KVM: arm64: Handle stage-1 permission overlays Marc Zyngier
2024-10-23 14:53 ` Marc Zyngier [this message]
2024-10-31  3:04 ` [PATCH v5 00/37] KVM: arm64: Add EL2 support to FEAT_S1PIE/S1POE Oliver Upton

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:d300cd1a0d8a dfblob:8c5d7990e5b3 )
 OR (
bs:"[PATCH v5 37/37] KVM: arm64: Handle WXN attribute" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20241023145345.1613824-38-maz@kernel.org \
    --to=maz@kernel.org \
    --cc=alexandru.elisei@arm.com \
    --cc=broonie@kernel.org \
    --cc=joey.gouly@arm.com \
    --cc=kvm@vger.kernel.org \
    --cc=kvmarm@lists.linux.dev \
    --cc=linux-arm-kernel@lists.infradead.org \
    --cc=oliver.upton@linux.dev \
    --cc=suzuki.poulose@arm.com \
    --cc=yuzenghui@huawei.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox