From: Jonathan Cameron <jonathan.cameron@huawei.com>
To: Sascha Bischoff <Sascha.Bischoff@arm.com>
Cc: "linux-arm-kernel@lists.infradead.org"
<linux-arm-kernel@lists.infradead.org>,
"kvmarm@lists.linux.dev" <kvmarm@lists.linux.dev>,
"kvm@vger.kernel.org" <kvm@vger.kernel.org>, nd <nd@arm.com>,
"maz@kernel.org" <maz@kernel.org>,
"oliver.upton@linux.dev" <oliver.upton@linux.dev>,
Joey Gouly <Joey.Gouly@arm.com>,
Suzuki Poulose <Suzuki.Poulose@arm.com>,
"yuzenghui@huawei.com" <yuzenghui@huawei.com>,
"peter.maydell@linaro.org" <peter.maydell@linaro.org>,
"lpieralisi@kernel.org" <lpieralisi@kernel.org>,
Timothy Hayes <Timothy.Hayes@arm.com>
Subject: Re: [PATCH v2 10/36] KVM: arm64: gic-v5: Sanitize ID_AA64PFR2_EL1.GCIE
Date: Wed, 7 Jan 2026 10:58:03 +0000 [thread overview]
Message-ID: <20260107105803.000050be@huawei.com> (raw)
In-Reply-To: <20251219155222.1383109-11-sascha.bischoff@arm.com>
On Fri, 19 Dec 2025 15:52:39 +0000
Sascha Bischoff <Sascha.Bischoff@arm.com> wrote:
> Set the guest's view of the GCIE field to IMP when running a GICv5 VM,
> NI otherwise. Reject any writes to the register that try to do
> anything but set GCIE to IMP when running a GICv5 VM.
>
> As part of this change, we also introduce vgic_is_v5(kvm), in order to
> check if the guest is a GICv5-native VM. We're also required to extend
> vgic_is_v3_compat to check for the actual vgic_model. This has one
> potential issue - if any of the vgic_is_v* checks are used prior to
> setting the vgic_model (that is, before kvm_vgic_create) then
> vgic_model will be set to 0, which can result in a false-positive.
>
> Co-authored-by: Timothy Hayes <timothy.hayes@arm.com>
> Signed-off-by: Timothy Hayes <timothy.hayes@arm.com>
> Signed-off-by: Sascha Bischoff <sascha.bischoff@arm.com>
Hi Sascha, Timothy
The masking of val has me a little confused in the sanitize function.
Probably needs a slightly rewrite.
Jonathan
> ---
> arch/arm64/kvm/sys_regs.c | 39 ++++++++++++++++++++++++++++++--------
> arch/arm64/kvm/vgic/vgic.h | 10 +++++++++-
> 2 files changed, 40 insertions(+), 9 deletions(-)
>
> diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c
> index c8fd7c6a12a13..a065f8939bc8f 100644
> --- a/arch/arm64/kvm/sys_regs.c
> +++ b/arch/arm64/kvm/sys_regs.c
> @@ -1758,6 +1758,7 @@ static u8 pmuver_to_perfmon(u8 pmuver)
>
> static u64 sanitise_id_aa64pfr0_el1(const struct kvm_vcpu *vcpu, u64 val);
> static u64 sanitise_id_aa64pfr1_el1(const struct kvm_vcpu *vcpu, u64 val);
> +static u64 sanitise_id_aa64pfr2_el1(const struct kvm_vcpu *vcpu, u64 val);
> static u64 sanitise_id_aa64dfr0_el1(const struct kvm_vcpu *vcpu, u64 val);
>
> /* Read a sanitised cpufeature ID register by sys_reg_desc */
> @@ -1783,10 +1784,7 @@ static u64 __kvm_read_sanitised_id_reg(const struct kvm_vcpu *vcpu,
> val = sanitise_id_aa64pfr1_el1(vcpu, val);
> break;
> case SYS_ID_AA64PFR2_EL1:
> - val &= ID_AA64PFR2_EL1_FPMR |
> - (kvm_has_mte(vcpu->kvm) ?
> - ID_AA64PFR2_EL1_MTEFAR | ID_AA64PFR2_EL1_MTESTOREONLY :
> - 0);
> + val = sanitise_id_aa64pfr2_el1(vcpu, val);
> break;
> case SYS_ID_AA64ISAR1_EL1:
> if (!vcpu_has_ptrauth(vcpu))
> @@ -2024,6 +2022,20 @@ static u64 sanitise_id_aa64pfr1_el1(const struct kvm_vcpu *vcpu, u64 val)
> return val;
> }
>
> +static u64 sanitise_id_aa64pfr2_el1(const struct kvm_vcpu *vcpu, u64 val)
> +{
The code flow in here seems confusing, so maybe needs a rethink even if it
works. Feels like we need a mask first of everything the kernel understands,
then specific masking out / setting of parts for each feature.
I'm not sure if the initial mask is handled by the caller (didn't check but
it's in the register array structure).
Also I love crossing specs where the gicv5 spec says all the other fields are
reserved and they aren't any more. Would have been better if that had
just said see arm arm for the other parts of this register.
> + val &= ID_AA64PFR2_EL1_FPMR |
> + (kvm_has_mte(vcpu->kvm) ?
> + ID_AA64PFR2_EL1_MTEFAR | ID_AA64PFR2_EL1_MTESTOREONLY : 0);
So this either masks out everything other than FPRM or masks out everything other
than EL1_MTEFAR, EL1_MTESTORE_ONLY and FPMR.
Hence...
> +
> + if (vgic_is_v5(vcpu->kvm)) {
> + val &= ~ID_AA64PFR2_EL1_GCIE_MASK;
This is doing nothing as that field isn't set anyway in either of the earlier
possible maskings of val.
> + val |= SYS_FIELD_PREP_ENUM(ID_AA64PFR2_EL1, GCIE, IMP);
> + }
> +
> + return val;
> +}
next prev parent reply other threads:[~2026-01-07 10:58 UTC|newest]
Thread overview: 101+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-19 15:52 [PATCH v2 00/36] KVM: arm64: Introduce vGIC-v5 with PPI support Sascha Bischoff
2025-12-19 15:52 ` [PATCH v2 01/36] KVM: arm64: Account for RES1 bits in DECLARE_FEAT_MAP() and co Sascha Bischoff
2026-01-06 17:23 ` Jonathan Cameron
2026-01-08 16:52 ` Sascha Bischoff
2025-12-19 15:52 ` [PATCH v2 02/36] KVM: arm64: gic-v3: Switch vGIC-v3 to use generated ICH_VMCR_EL2 Sascha Bischoff
2026-01-06 18:00 ` Jonathan Cameron
2026-01-07 10:55 ` Sascha Bischoff
2026-01-09 16:57 ` Sascha Bischoff
2026-01-12 12:41 ` Jonathan Cameron
2025-12-19 15:52 ` [PATCH v2 03/36] arm64/sysreg: Drop ICH_HFGRTR_EL2.ICC_HAPR_EL1 and make RES1 Sascha Bischoff
2025-12-19 15:52 ` [PATCH v2 05/36] arm64/sysreg: Add GICR CDNMIA encoding Sascha Bischoff
2026-01-06 18:08 ` Jonathan Cameron
2026-01-07 8:39 ` Sascha Bischoff
2025-12-19 15:52 ` [PATCH v2 04/36] arm64/sysreg: Add remaining GICv5 ICC_ & ICH_ sysregs for KVM support Sascha Bischoff
2026-01-06 18:28 ` Jonathan Cameron
2025-12-19 15:52 ` [PATCH v2 06/36] KVM: arm64: gic-v5: Add ARM_VGIC_V5 device to KVM headers Sascha Bischoff
2025-12-19 15:52 ` [PATCH v2 08/36] KVM: arm64: Introduce kvm_call_hyp_nvhe_res() Sascha Bischoff
2026-01-07 10:30 ` Jonathan Cameron
2026-01-08 9:48 ` Sascha Bischoff
2026-01-08 10:26 ` Jonathan Cameron
2025-12-19 15:52 ` [PATCH v2 09/36] KVM: arm64: gic-v5: Detect implemented PPIs on boot Sascha Bischoff
2026-01-06 18:34 ` Jonathan Cameron
2025-12-19 15:52 ` [PATCH v2 07/36] KVM: arm64: gic: Introduce interrupt type helpers Sascha Bischoff
2026-01-06 14:51 ` Joey Gouly
2026-01-06 18:43 ` Jonathan Cameron
2026-01-08 9:33 ` Sascha Bischoff
2026-01-08 10:25 ` Jonathan Cameron
2025-12-19 15:52 ` [PATCH v2 12/36] KVM: arm64: gic-v5: Add emulation for ICC_IAFFIDR_EL1 accesses Sascha Bischoff
2026-01-07 11:10 ` Jonathan Cameron
2025-12-19 15:52 ` [PATCH v2 11/36] KVM: arm64: gic-v5: Support GICv5 FGTs & FGUs Sascha Bischoff
2026-01-07 11:19 ` Jonathan Cameron
2026-01-08 10:36 ` Sascha Bischoff
2025-12-19 15:52 ` [PATCH v2 10/36] KVM: arm64: gic-v5: Sanitize ID_AA64PFR2_EL1.GCIE Sascha Bischoff
2026-01-07 10:58 ` Jonathan Cameron [this message]
2026-01-08 9:54 ` Sascha Bischoff
2025-12-19 15:52 ` [PATCH v2 13/36] KVM: arm64: gic: Set vgic_model before initing private IRQs Sascha Bischoff
2026-01-07 11:24 ` Jonathan Cameron
2026-01-08 13:39 ` Sascha Bischoff
2025-12-19 15:52 ` [PATCH v2 14/36] KVM: arm64: gic-v5: Add vgic-v5 save/restore hyp interface Sascha Bischoff
2025-12-19 15:52 ` [PATCH v2 15/36] KVM: arm64: gic-v5: Implement GICv5 load/put and save/restore Sascha Bischoff
2026-01-07 12:28 ` Jonathan Cameron
2026-01-08 13:40 ` Sascha Bischoff
2026-01-08 16:52 ` Jonathan Cameron
2025-12-19 15:52 ` [PATCH v2 17/36] KVM: arm64: gic: Introduce irq_queue and set_pending_state to irq_ops Sascha Bischoff
2026-01-07 12:22 ` Jonathan Cameron
2025-12-19 15:52 ` [PATCH v2 16/36] KVM: arm64: gic-v5: Implement direct injection of PPIs Sascha Bischoff
2026-01-07 12:16 ` Jonathan Cameron
2025-12-19 15:52 ` [PATCH v2 19/36] KVM: arm64: gic-v5: Check for pending PPIs Sascha Bischoff
2026-01-07 15:00 ` Jonathan Cameron
2026-01-08 16:23 ` Sascha Bischoff
2026-01-08 16:57 ` Jonathan Cameron
2026-01-08 16:10 ` Joey Gouly
2026-01-08 16:21 ` Sascha Bischoff
2025-12-19 15:52 ` [PATCH v2 18/36] KVM: arm64: gic-v5: Implement PPI interrupt injection Sascha Bischoff
2026-01-06 16:06 ` Joey Gouly
2026-01-06 18:04 ` Sascha Bischoff
2026-01-07 12:50 ` Jonathan Cameron
2026-01-08 14:43 ` Sascha Bischoff
2025-12-19 15:52 ` [PATCH v2 20/36] KVM: arm64: gic-v5: Init Private IRQs (PPIs) for GICv5 Sascha Bischoff
2026-01-07 15:04 ` Jonathan Cameron
2025-12-19 15:52 ` [PATCH v2 23/36] KVM: arm64: gic-v5: Support GICv5 interrupts with KVM_IRQ_LINE Sascha Bischoff
2026-01-07 15:29 ` Jonathan Cameron
2026-01-08 16:53 ` Sascha Bischoff
2025-12-19 15:52 ` [PATCH v2 22/36] KVM: arm64: gic-v5: Trap and mask guest PPI register accesses Sascha Bischoff
2026-01-07 15:17 ` Jonathan Cameron
2026-01-09 16:59 ` Sascha Bischoff
2025-12-19 15:52 ` [PATCH v2 21/36] KVM: arm64: gic-v5: Finalize GICv5 PPIs and generate mask Sascha Bischoff
2026-01-07 15:08 ` Jonathan Cameron
2026-01-08 16:51 ` Sascha Bischoff
2025-12-19 15:52 ` [PATCH v2 25/36] KVM: arm64: gic-v5: Reset vcpu state Sascha Bischoff
2026-01-07 15:51 ` Jonathan Cameron
2025-12-19 15:52 ` [PATCH v2 24/36] KVM: arm64: gic-v5: Create, init vgic_v5 Sascha Bischoff
2026-01-07 15:49 ` Jonathan Cameron
2026-01-08 16:55 ` Sascha Bischoff
2025-12-19 15:52 ` [PATCH v2 27/36] KVM: arm64: gic-v5: Mandate architected PPI for PMU emulation on GICv5 Sascha Bischoff
2026-01-06 15:06 ` Joey Gouly
2026-01-07 9:48 ` Sascha Bischoff
2026-01-07 16:11 ` Jonathan Cameron
2025-12-19 15:52 ` [PATCH v2 26/36] KVM: arm64: gic-v5: Bump arch timer for GICv5 Sascha Bischoff
2026-01-07 16:08 ` Jonathan Cameron
2026-01-09 16:56 ` Sascha Bischoff
2025-12-19 15:52 ` [PATCH v2 28/36] KVM: arm64: gic: Hide GICv5 for protected guests Sascha Bischoff
2026-01-07 16:12 ` Jonathan Cameron
2025-12-19 15:52 ` [PATCH v2 30/36] KVM: arm64: gic-v5: Introduce kvm_arm_vgic_v5_ops and register them Sascha Bischoff
2026-01-07 16:19 ` Jonathan Cameron
2025-12-19 15:52 ` [PATCH v2 29/36] KVM: arm64: gic-v5: Hide FEAT_GCIE from NV GICv5 guests Sascha Bischoff
2026-01-07 16:13 ` Jonathan Cameron
2025-12-19 15:52 ` [PATCH v2 31/36] KVM: arm64: gic-v5: Set ICH_VCTLR_EL2.En on boot Sascha Bischoff
2025-12-19 15:52 ` [PATCH v2 32/36] irqchip/gic-v5: Check if impl is virt capable Sascha Bischoff
2026-01-07 16:21 ` Jonathan Cameron
2025-12-19 15:52 ` [PATCH v2 33/36] KVM: arm64: gic-v5: Probe for GICv5 device Sascha Bischoff
2026-01-07 16:25 ` Jonathan Cameron
2026-01-09 15:00 ` Joey Gouly
2025-12-19 15:52 ` [PATCH v2 34/36] Documentation: KVM: Introduce documentation for VGICv5 Sascha Bischoff
2026-01-07 16:27 ` Jonathan Cameron
2025-12-19 15:52 ` [PATCH v2 36/36] KVM: arm64: gic-v5: Communicate userspace-drivable PPIs via a UAPI Sascha Bischoff
2026-01-07 16:51 ` Jonathan Cameron
2026-01-09 17:00 ` Sascha Bischoff
2025-12-19 15:52 ` [PATCH v2 35/36] KVM: arm64: selftests: Introduce a minimal GICv5 PPI selftest Sascha Bischoff
2026-01-07 16:38 ` Jonathan Cameron
2025-12-19 16:17 ` [PATCH v2 00/36] KVM: arm64: Introduce vGIC-v5 with PPI support Sascha Bischoff
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260107105803.000050be@huawei.com \
--to=jonathan.cameron@huawei.com \
--cc=Joey.Gouly@arm.com \
--cc=Sascha.Bischoff@arm.com \
--cc=Suzuki.Poulose@arm.com \
--cc=Timothy.Hayes@arm.com \
--cc=kvm@vger.kernel.org \
--cc=kvmarm@lists.linux.dev \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=lpieralisi@kernel.org \
--cc=maz@kernel.org \
--cc=nd@arm.com \
--cc=oliver.upton@linux.dev \
--cc=peter.maydell@linaro.org \
--cc=yuzenghui@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox