From: Marc Zyngier <maz@kernel.org>
To: Sebastian Ott <sebott@redhat.com>
Cc: kvmarm@lists.linux.dev, kvm@vger.kernel.org,
linux-arm-kernel@lists.infradead.org,
Joey Gouly <joey.gouly@arm.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
Oliver Upton <oliver.upton@linux.dev>,
Zenghui Yu <yuzenghui@huawei.com>,
Eric Auger <eric.auger@redhat.com>,
gankulkarni@os.amperecomputing.com
Subject: Re: [PATCH v2 02/14] KVM: arm64: Hide ID_AA64MMFR2_EL1.NV from guest and userspace
Date: Thu, 20 Feb 2025 19:46:07 +0000 [thread overview]
Message-ID: <86r03squ0w.wl-maz@kernel.org> (raw)
In-Reply-To: <af16f5bc-4300-54d3-b480-c559ec070a44@redhat.com>
On Thu, 20 Feb 2025 17:36:35 +0000,
Sebastian Ott <sebott@redhat.com> wrote:
>
> Hi Marc,
>
> On Thu, 20 Feb 2025, Marc Zyngier wrote:
> > Since our take on FEAT_NV is to only support FEAT_NV2, we should
> > never expose ID_AA64MMFR2_EL1.NV to a guest nor userspace.
> >
> > Make sure we mask this field for good.
> >
> > Signed-off-by: Marc Zyngier <maz@kernel.org>
> > ---
> > arch/arm64/kvm/sys_regs.c | 1 +
> > 1 file changed, 1 insertion(+)
> >
> > diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c
> > index 82430c1e1dd02..9f10dbd26e348 100644
> > --- a/arch/arm64/kvm/sys_regs.c
> > +++ b/arch/arm64/kvm/sys_regs.c
> > @@ -1627,6 +1627,7 @@ static u64 __kvm_read_sanitised_id_reg(const struct kvm_vcpu *vcpu,
> > break;
> > case SYS_ID_AA64MMFR2_EL1:
> > val &= ~ID_AA64MMFR2_EL1_CCIDX_MASK;
> > + val &= ~ID_AA64MMFR2_EL1_NV;
> > break;
>
> This would cause issues when you update the host kernel while keeping the
> guests register state. Could we allow to write (but ignore) the previously
> valid value? Like it was handled in:
> 6685f5d572c2 KVM: arm64: Disable MPAM visibility by default and ignore VMM writes
Yeah, this falls into the same "shouldn't have exposed this the first
place" bucket. Annoying. Something like the diff below?
M.
diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c
index 2e14562b5841f..87269de31a642 100644
--- a/arch/arm64/kvm/sys_regs.c
+++ b/arch/arm64/kvm/sys_regs.c
@@ -1946,6 +1946,22 @@ static int set_id_aa64pfr1_el1(struct kvm_vcpu *vcpu,
return set_id_reg(vcpu, rd, user_val);
}
+static int set_id_aa64mmfr2_el1(struct kvm_vcpu *vcpu,
+ const struct sys_reg_desc *rd, u64 user_val)
+{
+ u64 hw_val = read_sanitised_ftr_reg(SYS_ID_AA64MMFR2_EL1);
+ u64 nv_mask = ID_AA64MMFR2_EL1_NV_MASK;
+
+ /*
+ * We made the mistake to expose the now deprecated NV field,
+ * so allow userspace to write it, but silently ignore it.
+ */
+ if ((hw_val & nv_mask) == (user_val & nv_mask))
+ user_val &= ~nv_mask;
+
+ return set_id_reg(vcpu, rd, user_val);
+}
+
static int set_ctr_el0(struct kvm_vcpu *vcpu,
const struct sys_reg_desc *rd, u64 user_val)
{
@@ -2730,7 +2746,8 @@ static const struct sys_reg_desc sys_reg_descs[] = {
ID_AA64MMFR1_EL1_XNX |
ID_AA64MMFR1_EL1_VH |
ID_AA64MMFR1_EL1_VMIDBits)),
- ID_WRITABLE(ID_AA64MMFR2_EL1, ~(ID_AA64MMFR2_EL1_RES0 |
+ ID_FILTERED(ID_AA64MMFR2_EL1,
+ id_aa64mmfr2_el1, ~(ID_AA64MMFR2_EL1_RES0 |
ID_AA64MMFR2_EL1_EVT |
ID_AA64MMFR2_EL1_FWB |
ID_AA64MMFR2_EL1_IDS |
--
Without deviation from the norm, progress is not possible.
next prev parent reply other threads:[~2025-02-20 19:47 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-20 13:48 [PATCH v2 00/14] KVM: arm64: NV userspace ABI Marc Zyngier
2025-02-20 13:48 ` [PATCH v2 01/14] arm64: cpufeature: Handle NV_frac as a synonym of NV2 Marc Zyngier
2025-02-20 14:03 ` Joey Gouly
2025-02-20 13:48 ` [PATCH v2 02/14] KVM: arm64: Hide ID_AA64MMFR2_EL1.NV from guest and userspace Marc Zyngier
2025-02-20 17:36 ` Sebastian Ott
2025-02-20 19:46 ` Marc Zyngier [this message]
2025-02-21 7:52 ` Sebastian Ott
2025-02-20 13:48 ` [PATCH v2 05/14] KVM: arm64: Advertise NV2 in the boot messages Marc Zyngier
2025-02-20 13:48 ` [PATCH v2 06/14] KVM: arm64: Consolidate idreg callbacks Marc Zyngier
2025-02-20 15:43 ` Ganapatrao Kulkarni
2025-02-20 13:49 ` [PATCH v2 08/14] KVM: arm64: Enforce NV limits on a per-idregs basis Marc Zyngier
2025-02-20 13:49 ` [PATCH v2 11/14] KVM: arm64: Make ID_AA64MMFR4_EL1.NV_frac writable Marc Zyngier
2025-02-20 13:49 ` [PATCH v2 14/14] KVM: arm64: Document NV caps and vcpu flags Marc Zyngier
2025-02-20 14:04 ` [PATCH v2 00/14] KVM: arm64: NV userspace ABI Joey Gouly
[not found] ` <20250220134907.554085-11-maz@kernel.org>
2025-02-24 9:44 ` [PATCH v2 10/14] KVM: arm64: Allow userspace to limit NV support to nVHE Aneesh Kumar K.V
2025-02-24 19:52 ` (subset) [PATCH v2 00/14] KVM: arm64: NV userspace ABI Oliver Upton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=86r03squ0w.wl-maz@kernel.org \
--to=maz@kernel.org \
--cc=eric.auger@redhat.com \
--cc=gankulkarni@os.amperecomputing.com \
--cc=joey.gouly@arm.com \
--cc=kvm@vger.kernel.org \
--cc=kvmarm@lists.linux.dev \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=oliver.upton@linux.dev \
--cc=sebott@redhat.com \
--cc=suzuki.poulose@arm.com \
--cc=yuzenghui@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).