[PATCH v2 15/16] KVM: arm64: Hide S1PIE registers from userspace when disabled for guests

linux-arm-kernel.lists.infradead.org archive mirror
 help / color / mirror / Atom feed

From: Marc Zyngier <maz@kernel.org>
To: kvmarm@lists.linux.dev, linux-arm-kernel@lists.infradead.org,
	kvm@vger.kernel.org
Cc: James Morse <james.morse@arm.com>,
	Suzuki K Poulose <suzuki.poulose@arm.com>,
	Oliver Upton <oliver.upton@linux.dev>,
	Zenghui Yu <yuzenghui@huawei.com>,
	Joey Gouly <joey.gouly@arm.com>,
	Alexandru Elisei <alexandru.elisei@arm.com>,
	Mark Brown <broonie@kernel.org>
Subject: [PATCH v2 15/16] KVM: arm64: Hide S1PIE registers from userspace when disabled for guests
Date: Tue,  3 Sep 2024 16:38:33 +0100	[thread overview]
Message-ID: <20240903153834.1909472-16-maz@kernel.org> (raw)
In-Reply-To: <20240903153834.1909472-1-maz@kernel.org>

From: Mark Brown <broonie@kernel.org>

When the guest does not support S1PIE we should not allow any access
to the system registers it adds in order to ensure that we do not create
spurious issues with guest migration. Add a visibility operation for these
registers.

Fixes: 86f9de9db178 ("KVM: arm64: Save/restore PIE registers")
Signed-off-by: Mark Brown <broonie@kernel.org>
Link: https://lore.kernel.org/r/20240822-kvm-arm64-hide-pie-regs-v2-3-376624fa829c@kernel.org
Signed-off-by: Marc Zyngier <maz@kernel.org>
---
 arch/arm64/include/asm/kvm_host.h |  3 +++
 arch/arm64/kvm/sys_regs.c         | 35 ++++++++++++++++++++++++++-----
 2 files changed, 33 insertions(+), 5 deletions(-)

diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h
index 7889e5f4009f..fd161d41df52 100644
--- a/arch/arm64/include/asm/kvm_host.h
+++ b/arch/arm64/include/asm/kvm_host.h
@@ -1479,4 +1479,7 @@ void kvm_set_vm_id_reg(struct kvm *kvm, u32 reg, u64 val);
 #define kvm_has_tcr2(k)				\
 	(kvm_has_feat((k), ID_AA64MMFR3_EL1, TCRX, IMP))
 
+#define kvm_has_s1pie(k)				\
+	(kvm_has_feat((k), ID_AA64MMFR3_EL1, S1PIE, IMP))
+
 #endif /* __ARM64_KVM_HOST_H__ */
diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c
index 64562b0c2359..bcc7c4c6620f 100644
--- a/arch/arm64/kvm/sys_regs.c
+++ b/arch/arm64/kvm/sys_regs.c
@@ -2340,6 +2340,27 @@ static unsigned int tcr2_el2_visibility(const struct kvm_vcpu *vcpu,
 	return tcr2_visibility(vcpu, rd);
 }
 
+static unsigned int s1pie_visibility(const struct kvm_vcpu *vcpu,
+				     const struct sys_reg_desc *rd)
+{
+	if (kvm_has_s1pie(vcpu->kvm))
+		return 0;
+
+	return REG_HIDDEN;
+}
+
+static unsigned int s1pie_el2_visibility(const struct kvm_vcpu *vcpu,
+					 const struct sys_reg_desc *rd)
+{
+	unsigned int r;
+
+	r = el2_visibility(vcpu, rd);
+	if (r)
+		return r;
+
+	return s1pie_visibility(vcpu, rd);
+}
+
 /*
  * Architected system registers.
  * Important: Must be sorted ascending by Op0, Op1, CRn, CRm, Op2
@@ -2577,8 +2598,10 @@ static const struct sys_reg_desc sys_reg_descs[] = {
 	{ SYS_DESC(SYS_PMMIR_EL1), trap_raz_wi },
 
 	{ SYS_DESC(SYS_MAIR_EL1), access_vm_reg, reset_unknown, MAIR_EL1 },
-	{ SYS_DESC(SYS_PIRE0_EL1), NULL, reset_unknown, PIRE0_EL1 },
-	{ SYS_DESC(SYS_PIR_EL1), NULL, reset_unknown, PIR_EL1 },
+	{ SYS_DESC(SYS_PIRE0_EL1), NULL, reset_unknown, PIRE0_EL1,
+	  .visibility = s1pie_visibility },
+	{ SYS_DESC(SYS_PIR_EL1), NULL, reset_unknown, PIR_EL1,
+	  .visibility = s1pie_visibility },
 	{ SYS_DESC(SYS_AMAIR_EL1), access_vm_reg, reset_amair_el1, AMAIR_EL1 },
 
 	{ SYS_DESC(SYS_LORSA_EL1), trap_loregion },
@@ -2875,8 +2898,10 @@ static const struct sys_reg_desc sys_reg_descs[] = {
 	EL2_REG(HPFAR_EL2, access_rw, reset_val, 0),
 
 	EL2_REG(MAIR_EL2, access_rw, reset_val, 0),
-	EL2_REG(PIRE0_EL2, check_s1pie_access_rw, reset_val, 0),
-	EL2_REG(PIR_EL2, check_s1pie_access_rw, reset_val, 0),
+	EL2_REG_FILTERED(PIRE0_EL2, check_s1pie_access_rw, reset_val, 0,
+			 s1pie_el2_visibility),
+	EL2_REG_FILTERED(PIR_EL2, check_s1pie_access_rw, reset_val, 0,
+			 s1pie_el2_visibility),
 	EL2_REG(AMAIR_EL2, access_rw, reset_val, 0),
 
 	EL2_REG(VBAR_EL2, access_rw, reset_val, 0),
@@ -4751,7 +4776,7 @@ void kvm_calculate_traps(struct kvm_vcpu *vcpu)
 		kvm->arch.fgu[HFGITR_GROUP] |= (HFGITR_EL2_ATS1E1RP |
 						HFGITR_EL2_ATS1E1WP);
 
-	if (!kvm_has_feat(kvm, ID_AA64MMFR3_EL1, S1PIE, IMP))
+	if (!kvm_has_s1pie(kvm))
 		kvm->arch.fgu[HFGxTR_GROUP] |= (HFGxTR_EL2_nPIRE0_EL1 |
 						HFGxTR_EL2_nPIR_EL1);
 
-- 
2.39.2

next prev parent reply	other threads:[~2024-09-03 15:55 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-09-03 15:38 [PATCH v2 00/16] KVM: arm64: Add EL2 support to FEAT_S1PIE Marc Zyngier
2024-09-03 15:38 ` [PATCH v2 01/16] KVM: arm64: nv: Handle CNTHCTL_EL2 specially Marc Zyngier
2024-09-03 15:38 ` [PATCH v2 02/16] KVM: arm64: nv: Save/Restore vEL2 sysregs Marc Zyngier
2024-09-03 15:38 ` [PATCH v2 03/16] KVM: arm64: Add TCR2_EL2 to the sysreg arrays Marc Zyngier
2024-09-03 15:38 ` [PATCH v2 04/16] KVM: arm64: Add save/restore for TCR2_EL2 Marc Zyngier
2024-09-03 15:38 ` [PATCH v2 05/16] arm64: Add encoding for PIRE0_EL2 Marc Zyngier
2024-09-03 15:38 ` [PATCH v2 06/16] arm64: Remove VNCR definition " Marc Zyngier
2024-09-03 15:38 ` [PATCH v2 07/16] KVM: arm64: Add PIR{,E0}_EL2 to the sysreg arrays Marc Zyngier
2024-09-03 15:38 ` [PATCH v2 08/16] KVM: arm64: Add save/restore for PIR{,E0}_EL2 Marc Zyngier
2024-09-03 15:38 ` [PATCH v2 09/16] KVM: arm64: Handle PIR{,E0}_EL2 traps Marc Zyngier
2024-09-03 15:38 ` [PATCH v2 10/16] KVM: arm64: Sanitise ID_AA64MMFR3_EL1 Marc Zyngier
2024-09-03 15:38 ` [PATCH v2 11/16] KVM: arm64: Split S1 permission evaluation into direct and hierarchical parts Marc Zyngier
2024-09-03 15:38 ` [PATCH v2 12/16] KVM: arm64: Implement AT S1PIE support Marc Zyngier
2024-09-05 13:58   ` Joey Gouly
2024-09-05 14:57     ` Marc Zyngier
2024-09-05 15:37       ` Joey Gouly
2024-09-06  7:04         ` Marc Zyngier
2024-09-03 15:38 ` [PATCH v2 13/16] KVM: arm64: Define helper for EL2 registers with custom visibility Marc Zyngier
2024-09-03 15:38 ` [PATCH v2 14/16] KVM: arm64: Hide TCR2_EL1 from userspace when disabled for guests Marc Zyngier
2024-09-03 15:38 ` Marc Zyngier [this message]
2024-09-03 15:38 ` [PATCH v2 16/16] KVM: arm64: Rely on visibility to let PIR*_ELx/TCR2_ELx UNDEF Marc Zyngier
2024-09-03 15:58   ` Mark Brown

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:7889e5f4009 dfblob:fd161d41df5 dfblob:64562b0c235
dfblob:bcc7c4c6620 )
 OR (
bs:"[PATCH v2 15/16] KVM: arm64: Hide S1PIE registers from userspace when disabled for guests" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20240903153834.1909472-16-maz@kernel.org \
    --to=maz@kernel.org \
    --cc=alexandru.elisei@arm.com \
    --cc=broonie@kernel.org \
    --cc=james.morse@arm.com \
    --cc=joey.gouly@arm.com \
    --cc=kvm@vger.kernel.org \
    --cc=kvmarm@lists.linux.dev \
    --cc=linux-arm-kernel@lists.infradead.org \
    --cc=oliver.upton@linux.dev \
    --cc=suzuki.poulose@arm.com \
    --cc=yuzenghui@huawei.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).