[PATCH 0/2] KVM: arm64: Make AArch64 support sticky

[PATCH 0/2] KVM: arm64: Make AArch64 support sticky

[Marc Zyngier]

It's been recently reported[1] that our sorry excuse for a test suite
is writing a bunch of zeroes to ID_AA64PFR0_EL1.EL{0,1,2,3},
effectively removing the advertised support for AArch64 to the guest.

This leads to an interesting interaction with the NV code which reacts
in a slightly overzealous way and inject an UNDEF at the earliest
opportunity.

This small series fixes KVM by bluntly refusing to disable AArch64,
and the test to stop being so lame. I'm also fixing the NV code
separately, since it isn't upstream.

[1] https://lore.kernel.org/r/4e63a13f-c5dc-4f97-879a-26b5548da07f@os.amperecomputing.com

Marc Zyngier (2):
  KVM: arm64: Prevent userspace from disabling AArch64 support at any
    virtualisable EL
  KVM: arm64: selftest: Don't try to disable AArch64 support

 arch/arm64/kvm/sys_regs.c                       | 6 ++++++
 tools/testing/selftests/kvm/arm64/set_id_regs.c | 8 ++++----
 2 files changed, 10 insertions(+), 4 deletions(-)

-- 
2.39.2

[PATCH 1/2] KVM: arm64: Prevent userspace from disabling AArch64 support at any virtualisable EL

[Marc Zyngier]

A sorry excuse for a selftest is trying to disable AArch64 support.
And yes, this goes as well as you can imagine.

Let's forbid this sort of things. Normal userspace shouldn't get
caught doing that.

Signed-off-by: Marc Zyngier <maz@kernel.org>
---
 arch/arm64/kvm/sys_regs.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c
index 157de0ace6e7e..28dc778d0d9bb 100644
--- a/arch/arm64/kvm/sys_regs.c
+++ b/arch/arm64/kvm/sys_regs.c
@@ -1946,6 +1946,12 @@ static int set_id_aa64pfr0_el1(struct kvm_vcpu *vcpu,
 	if ((hw_val & mpam_mask) == (user_val & mpam_mask))
 		user_val &= ~ID_AA64PFR0_EL1_MPAM_MASK;
 
+	/* Fail the guest's request to disable the AA64 ISA at EL{0,1,2} */
+	if (!FIELD_GET(ID_AA64PFR0_EL1_EL0, user_val) ||
+	    !FIELD_GET(ID_AA64PFR0_EL1_EL1, user_val) ||
+	    (vcpu_has_nv(vcpu) && !FIELD_GET(ID_AA64PFR0_EL1_EL2, user_val)))
+		return -EINVAL;
+
 	return set_id_reg(vcpu, rd, user_val);
 }
 
-- 
2.39.2

[PATCH 2/2] KVM: arm64: selftest: Don't try to disable AArch64 support

[Marc Zyngier]

Trying to cut the branch you are sat on is pretty dumb. And so is
trying to disable the instruction set you are executing on.

Signed-off-by: Marc Zyngier <maz@kernel.org>
---
 tools/testing/selftests/kvm/arm64/set_id_regs.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/tools/testing/selftests/kvm/arm64/set_id_regs.c b/tools/testing/selftests/kvm/arm64/set_id_regs.c
index 322b9d3b01255..57708de2075df 100644
--- a/tools/testing/selftests/kvm/arm64/set_id_regs.c
+++ b/tools/testing/selftests/kvm/arm64/set_id_regs.c
@@ -129,10 +129,10 @@ static const struct reg_ftr_bits ftr_id_aa64pfr0_el1[] = {
 	REG_FTR_BITS(FTR_LOWER_SAFE, ID_AA64PFR0_EL1, DIT, 0),
 	REG_FTR_BITS(FTR_LOWER_SAFE, ID_AA64PFR0_EL1, SEL2, 0),
 	REG_FTR_BITS(FTR_EXACT, ID_AA64PFR0_EL1, GIC, 0),
-	REG_FTR_BITS(FTR_LOWER_SAFE, ID_AA64PFR0_EL1, EL3, 0),
-	REG_FTR_BITS(FTR_LOWER_SAFE, ID_AA64PFR0_EL1, EL2, 0),
-	REG_FTR_BITS(FTR_LOWER_SAFE, ID_AA64PFR0_EL1, EL1, 0),
-	REG_FTR_BITS(FTR_LOWER_SAFE, ID_AA64PFR0_EL1, EL0, 0),
+	REG_FTR_BITS(FTR_LOWER_SAFE, ID_AA64PFR0_EL1, EL3, 1),
+	REG_FTR_BITS(FTR_LOWER_SAFE, ID_AA64PFR0_EL1, EL2, 1),
+	REG_FTR_BITS(FTR_LOWER_SAFE, ID_AA64PFR0_EL1, EL1, 1),
+	REG_FTR_BITS(FTR_LOWER_SAFE, ID_AA64PFR0_EL1, EL0, 1),
 	REG_FTR_END,
 };
 
-- 
2.39.2

Re: [PATCH 0/2] KVM: arm64: Make AArch64 support sticky

[Ganapatrao Kulkarni]

On 4/29/2025 5:11 PM, Marc Zyngier wrote:
> It's been recently reported[1] that our sorry excuse for a test suite
> is writing a bunch of zeroes to ID_AA64PFR0_EL1.EL{0,1,2,3},
> effectively removing the advertised support for AArch64 to the guest.
> 
> This leads to an interesting interaction with the NV code which reacts
> in a slightly overzealous way and inject an UNDEF at the earliest
> opportunity.
> 
> This small series fixes KVM by bluntly refusing to disable AArch64,
> and the test to stop being so lame. I'm also fixing the NV code
> separately, since it isn't upstream.
> 
> [1] https://lore.kernel.org/r/4e63a13f-c5dc-4f97-879a-26b5548da07f@os.amperecomputing.com
> 
> Marc Zyngier (2):
>    KVM: arm64: Prevent userspace from disabling AArch64 support at any
>      virtualisable EL
>    KVM: arm64: selftest: Don't try to disable AArch64 support
> 
>   arch/arm64/kvm/sys_regs.c                       | 6 ++++++
>   tools/testing/selftests/kvm/arm64/set_id_regs.c | 8 ++++----
>   2 files changed, 10 insertions(+), 4 deletions(-)
> 

Please feel free to add,
Reviewed-by: Ganapatrao Kulkarni <gankulkarni@os.amperecomputing.com>

-- 
Thanks,
Gk

Re: [PATCH 0/2] KVM: arm64: Make AArch64 support sticky

[Oliver Upton]

On Tue, 29 Apr 2025 12:41:15 +0100, Marc Zyngier wrote:
> It's been recently reported[1] that our sorry excuse for a test suite
> is writing a bunch of zeroes to ID_AA64PFR0_EL1.EL{0,1,2,3},
> effectively removing the advertised support for AArch64 to the guest.
> 
> This leads to an interesting interaction with the NV code which reacts
> in a slightly overzealous way and inject an UNDEF at the earliest
> opportunity.
> 
> [...]

Applied to fixes, thanks!

[1/2] KVM: arm64: Prevent userspace from disabling AArch64 support at any virtualisable EL
      https://git.kernel.org/kvmarm/kvmarm/c/7af7cfbe78e2
[2/2] KVM: arm64: selftest: Don't try to disable AArch64 support
      https://git.kernel.org/kvmarm/kvmarm/c/b60e285b6acd

--
Best,
Oliver