From: Fuad Tabba <tabba@google.com>
To: kvmarm@lists.linux.dev
Cc: maz@kernel.org, oliver.upton@linux.dev, broonie@kernel.org,
james.morse@arm.com, suzuki.poulose@arm.com,
yuzenghui@huawei.com, catalin.marinas@arm.com, will@kernel.org,
eric.auger@redhat.com, jingzhangos@google.com,
joey.gouly@arm.com, tabba@google.com,
linux-arm-kernel@lists.infradead.org
Subject: [PATCH v3 15/17] KVM: arm64: Fix which features are marked as allowed for protected VMs
Date: Thu, 14 Dec 2023 10:01:55 +0000 [thread overview]
Message-ID: <20231214100158.2305400-16-tabba@google.com> (raw)
In-Reply-To: <20231214100158.2305400-1-tabba@google.com>
Cache maintenance operations are not trapped for protected VMs,
and shouldn't be. Mark them as allowed.
Moreover, features advertised by ID_AA64PFR2 and ID_AA64MMFR3 are
(already) not allowed, mark them as such.
Signed-off-by: Fuad Tabba <tabba@google.com>
---
arch/arm64/kvm/hyp/include/nvhe/fixed_config.h | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/arch/arm64/kvm/hyp/include/nvhe/fixed_config.h b/arch/arm64/kvm/hyp/include/nvhe/fixed_config.h
index e91922daa8ca..8d97dff4bb7b 100644
--- a/arch/arm64/kvm/hyp/include/nvhe/fixed_config.h
+++ b/arch/arm64/kvm/hyp/include/nvhe/fixed_config.h
@@ -69,6 +69,8 @@
ARM64_FEATURE_MASK(ID_AA64PFR1_EL1_SSBS) \
)
+#define PVM_ID_AA64PFR2_ALLOW 0ULL
+
/*
* Allow for protected VMs:
* - Mixed-endian
@@ -101,6 +103,7 @@
* - Privileged Access Never
* - SError interrupt exceptions from speculative reads
* - Enhanced Translation Synchronization
+ * - Control for cache maintenance permission
*/
#define PVM_ID_AA64MMFR1_ALLOW (\
ARM64_FEATURE_MASK(ID_AA64MMFR1_EL1_HAFDBS) | \
@@ -108,7 +111,8 @@
ARM64_FEATURE_MASK(ID_AA64MMFR1_EL1_HPDS) | \
ARM64_FEATURE_MASK(ID_AA64MMFR1_EL1_PAN) | \
ARM64_FEATURE_MASK(ID_AA64MMFR1_EL1_SpecSEI) | \
- ARM64_FEATURE_MASK(ID_AA64MMFR1_EL1_ETS) \
+ ARM64_FEATURE_MASK(ID_AA64MMFR1_EL1_ETS) | \
+ ARM64_FEATURE_MASK(ID_AA64MMFR1_EL1_CMOW) \
)
/*
@@ -133,6 +137,8 @@
ARM64_FEATURE_MASK(ID_AA64MMFR2_EL1_E0PD) \
)
+#define PVM_ID_AA64MMFR3_ALLOW (0ULL)
+
/*
* No support for Scalable Vectors for protected VMs:
* Requires additional support from KVM, e.g., context-switching and
--
2.43.0.472.g3155946c3a-goog
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2023-12-14 11:17 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-14 10:01 [PATCH v3 00/17] KVM: arm64: Fixes to fine grain traps and pKVM traps Fuad Tabba
2023-12-14 10:01 ` [PATCH v3 01/17] arm64/sysreg: Add missing Pauth_LR field definitions to ID_AA64ISAR1_EL1 Fuad Tabba
2023-12-14 10:42 ` Mark Brown
2023-12-14 10:49 ` Mark Brown
2023-12-14 10:01 ` [PATCH v3 02/17] arm64/sysreg: Add missing ExtTrcBuff field definition to ID_AA64DFR0_EL1 Fuad Tabba
2023-12-14 10:46 ` Mark Brown
2023-12-14 10:01 ` [PATCH v3 03/17] arm64/sysreg: Add missing system register definitions for FGT Fuad Tabba
2023-12-14 10:50 ` Mark Brown
2023-12-14 10:01 ` [PATCH v3 04/17] arm64/sysreg: Add missing system instruction " Fuad Tabba
2023-12-14 10:01 ` [PATCH v3 05/17] KVM: arm64: Explicitly trap unsupported HFGxTR_EL2 features Fuad Tabba
2023-12-14 10:01 ` [PATCH v3 06/17] KVM: arm64: Add missing HFGxTR_EL2 FGT entries to nested virt Fuad Tabba
2023-12-14 10:01 ` [PATCH v3 07/17] KVM: arm64: Add missing HFGITR_EL2 " Fuad Tabba
2023-12-14 10:01 ` [PATCH v3 08/17] KVM: arm64: Add bit masks for HAFGRTR_EL2 Fuad Tabba
2023-12-14 10:01 ` [PATCH v3 09/17] KVM: arm64: Handle HAFGRTR_EL2 trapping in nested virt Fuad Tabba
2023-12-15 13:43 ` Fuad Tabba
2023-12-14 10:01 ` [PATCH v3 10/17] KVM: arm64: Update and fix FGT register masks Fuad Tabba
2023-12-14 10:01 ` [PATCH v3 11/17] KVM: arm64: Add build validation for FGT trap mask values Fuad Tabba
2023-12-14 10:01 ` [PATCH v3 12/17] KVM: arm64: Use generated FGT RES0 bits instead of specifying them Fuad Tabba
2023-12-14 10:01 ` [PATCH v3 13/17] KVM: arm64: Define FGT nMASK bits relative to other fields Fuad Tabba
2023-12-18 9:07 ` Marc Zyngier
2023-12-18 9:16 ` Fuad Tabba
2023-12-14 10:01 ` [PATCH v3 14/17] KVM: arm64: Macros for setting/clearing FGT bits Fuad Tabba
2023-12-15 13:45 ` Fuad Tabba
2023-12-18 9:40 ` Marc Zyngier
2023-12-18 9:56 ` Fuad Tabba
2023-12-18 11:12 ` Marc Zyngier
2023-12-18 11:17 ` Fuad Tabba
2023-12-18 12:25 ` Marc Zyngier
2023-12-18 12:30 ` Fuad Tabba
2023-12-14 10:01 ` Fuad Tabba [this message]
2023-12-14 10:01 ` [PATCH v3 16/17] KVM: arm64: Mark PAuth as a restricted feature for protected VMs Fuad Tabba
2023-12-14 10:01 ` [PATCH v3 17/17] KVM: arm64: Trap external trace " Fuad Tabba
2023-12-17 13:41 ` [PATCH v3 00/17] KVM: arm64: Fixes to fine grain traps and pKVM traps Will Deacon
2023-12-18 17:11 ` (subset) " Marc Zyngier
2023-12-18 17:15 ` Fuad Tabba
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231214100158.2305400-16-tabba@google.com \
--to=tabba@google.com \
--cc=broonie@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=eric.auger@redhat.com \
--cc=james.morse@arm.com \
--cc=jingzhangos@google.com \
--cc=joey.gouly@arm.com \
--cc=kvmarm@lists.linux.dev \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=maz@kernel.org \
--cc=oliver.upton@linux.dev \
--cc=suzuki.poulose@arm.com \
--cc=will@kernel.org \
--cc=yuzenghui@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox